[sslh] sslh 1.6i-4 / Don't work over wan, but ok in lan !
Grégory Bulot
diffusion at bulot-fr.com
Sat Jan 15 14:23:01 CET 2011
Le Sat, 15 Jan 2011 13:03:06 +0100,
Yves Rutschle <yves at naryves.com> a écrit :
> On Sat, Jan 15, 2011 at 11:16:03AM +0100, diffusion at bulot-fr.com
> wrote:
> > I'm sslh new user
>
> Why use a version that's almost two years old? Please use
> 1.7 at least.
Because it's the default version stable for Ubuntu 10.10 (the latest
one)
> Check /var/log/auth.log where you'll see both sslh and sshd
> messages.
Hum, i miss it ... so
Those don't work (from wan):
| accepted fd 4
| Jan 15 16:03:14 203 sslh[15427]: connection from 92.90.X.X:41227
| forwarded to SSL connected to something
| server socket closed
| connection closed down
Why ssl from outside instead ssh ?
This one works (from my lan)
| accepted fd 4
| Jan 15 16:04:04 203 sslh[15427]: connection from 192.168.1.149:38139
| forwarded to SSH connected to something
| Jan 15 16:04:08 203 sshd[15647]: Accepted password for gbulot from
| 127.0.0.1 port 53301 ssh2 Jan 15 16:04:08 203 sshd[15647]:
| pam_env(sshd:setcred): Unable to open env file: /etc/default/locale:
| No such file or directory Jan 15 16:04:08 203 sshd[15647]:
| pam_unix(sshd:session): session opened for user gbulot by (uid=0) Jan
| 15 16:04:08 203 sshd[15658]: pam_env(sshd:setcred): Unable to open env
| file: /etc/default/locale: No such file or directory
>
> Does connecting directly to ssh work from the Internet (i.e.
> if you either connect directly to port 22, or put sshd on
> port 443 without sslh in front of it)?
My routeur is IpCop, I forward directly
Wan:443 to Lan(192.168.1.203):443
From outside other redirection works fine (ssh from other port than 22)
I think, it's the same for the 443
>
> My guess is that you have LIBWRAP support enabled and not
> enabled ssh connections from the Internet. You'd need
> something like:
> sshd: ALL
> in /etc/hosts.allow (I think -- I don't actually use libwrap
> myself, see hosts_access(5)).
cat /etc/hosts.allow | grep -v "#"
sendmail: all
sshd: ALL
Thanks for answers below
More information about the sslh
mailing list