General Discussion can't get SSH access working - UTM 9

UTM Firewall requires membership for participation - click to join

Thread Info

State Verified Answer
Locked Locked
Replies 5 replies
Subscribers 5 subscribers
Views 3187 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

can't get SSH access working - UTM 9

Jean Thibodeau over 3 years ago

I've tried using password and RSA key to get ssh access working.

Both fail when I try to open putty session

Instead of getting the following EXPECTED message:

I get this in both cases:

Am using "Any" as allowed network for now (will change it once I get it working)

What am I doing wrong?

This thread was automatically locked due to age.

Top Replies

Jean Thibodeau over 3 years ago in reply to Jean Thibodeau +2 verified

seems the issue might be related to double NAT'ing. A packet capture I did using my sonicwall router pointed to it dropping some packets for the following reason: https://www.sonicwall.com/support/knowledge…

Parents

0 FormerMember over 3 years ago

Hi Jean Thibodeau,

Thank you for reaching out to Sophos Community.

This seems to be an issue with the Putty application itself.

Try downloading a fresh putty.exe client or you can also try to login to SSH from a different device.
Cancel
Vote Up 0 Vote Down

Cancel
0 Jean Thibodeau over 3 years ago in reply to FormerMember

so while it wasn't working when I was ssh-ing to it via remote IPsec site-to-site VPN, when I move it back locally and used internal network, it worked.

So there seems to be something wrong with the allowed network config or functionality. I did allow the VPN LAN but it clearly didn't work.

See screenshot. What am I missing?
Cancel
Vote Up 0 Vote Down

Cancel
+1 FormerMember over 3 years ago in reply to Jean Thibodeau

Could you please confirm that the remote gateway in not intercepting the SSH(port 22) traffic?

Try checking packet flow on UTM for remote source machine IP or on port 22.

You may run the below commands in shell to check packet flow.

==> port 22

utm:/root # tcpdump -nei any port 22

==> On remote host

utm:/root # tcpdump -nei any host <JT LAN machine IP>

eg: utm:/root # tcpdump -nei any host 192.168.10.5
Cancel
Vote Up +1 Vote Down

Cancel

Reply

+1 FormerMember over 3 years ago in reply to Jean Thibodeau

Could you please confirm that the remote gateway in not intercepting the SSH(port 22) traffic?

Try checking packet flow on UTM for remote source machine IP or on port 22.

You may run the below commands in shell to check packet flow.

==> port 22

utm:/root # tcpdump -nei any port 22

==> On remote host

utm:/root # tcpdump -nei any host <JT LAN machine IP>

eg: utm:/root # tcpdump -nei any host 192.168.10.5
Cancel
Vote Up +1 Vote Down

Cancel

Children

0 Jean Thibodeau over 3 years ago in reply to FormerMember

so I did have to enable SSH traffic over the VPN connection on the sonicwall side and that was part of initial fix. The real bigger problem, I think, might be related to a RAM issue that appears to be responsible for a number of intermittent problems.

I fixed the RAM issue (new RAM - fully tested with memtest) and did a reset/restore but because some of the problems still seemed to happen, I ended up doing a complete reinstall. Since then - though it hasn't been that long - everything has worked fine from the start.

Thanks for the tips, though. I will be able to use them if it happens again, or for other issues..
Cancel
Vote Up +1 Vote Down

Cancel
+1 Jean Thibodeau over 3 years ago in reply to Jean Thibodeau

seems the issue might be related to double NAT'ing. A packet capture I did using my sonicwall router pointed to it dropping some packets for the following reason:

https://www.sonicwall.com/support/knowledge-base/how-can-i-resolve-drop-code-cache-add-cleanup/180118173647344/

At the end of the article it says "a double NAT condition may cause the firewall to drop the traffic as "Cache Add Cleanup" due to the change in the packet header.".

I am double NAT'ing at the site with the Sophos UTM.
Cancel
Vote Up +2 Vote Down

Cancel