RE: [TCLUG:8149] ssh and NAT - solved

To: "'tclug-list@mn-linux.org'" <tclug-list@mn-linux.org>
Subject: RE: [TCLUG:8149] ssh and NAT - solved
From: Unni Nambiar <unambiar@Legato.COM>
Date: Wed, 22 Sep 1999 11:26:07 -0500

Here's an update on the ssh and NAT issue for those interested.  Its working
now.

To recap, the problem was that after switching to DSL using Cisco 675 with
NAT enabled, i could not run more than one ssh session from home to my
office at any time.  The second ssh would hang in SYN_SENT and
intermittently, the first session would freeze up.

Mike Hicks' suggestion was on the money.

> I suppose you might want to try doing 'chmod -s `which ssh`', 
> so SSH no longer
> has root privileges and gets forced to use ports >1024, just 
> to see if that
> affects anything.
> 

It was a privileged port issue. The solution i got from our sys admin was to
use -P option with ssh, that would tell ssh to not use privileged port (<
1024).  That solved it.  Now i can open as many sessions as i want,
including port forwarding sessions and all.

The sys admin didn't know exactly what was causing it, but he said that it
had something to do with the Cisco router substituting outgoing privileged
port numbers with zero.  So the second connection looked like it was coming
from the same ip address "and" port number. This confused sshd in someway,
we think.  I'll probably explore this further, if i get the time.

Thanks to all who offered suggestions.  Hope this info helps someone else.

-Unni

Follow-Ups:
- Re: [TCLUG:8149] ssh and NAT - solved
  - From: Bob Tanner <tanner@real-time.com>

Prev by Date: Re: [TCLUG:8315] Local company that makes promotional items
Next by Date: RE: [TCLUG:8461] Linux and IP Masq with Media One cable modem
Prev by thread: Search Engines
Next by thread: Re: [TCLUG:8149] ssh and NAT - solved
Index(es):
- Date
- Thread