No Telnet login prompt when used over SSH tunnel

1

I have a device, let's call it d1, runnning a lightweight Linux. This device is NATed by my internet box/router, hence not reachable from the Internet. That device runs a telnet daemon on it, and only has root as user (no pwd). Its ip address is 192.168.0.126 on the private network.

From the private network (let's say 192.168.0.x), I can do:

telnet 192.168.0.126

Where 192.168.0.126 is the IP address in the private network. This works correctly.

However, to allow administration, I'd need to access that device from outside of that private network. Hence, I created an SSH tunnel like this on d1 :

ssh -R 4455:localhost:23 ussh@s1

s1 is a server somewhere in the private network (but this is for testing purposes only, it will endup somewhere in the Internet), running a standard Linux distro and on which I created a user called 'ussh'. s1 IP address is 192.168.0.48.

When I 'telnet' with the following, let's say from c1, 192.168.0.19 :

telnet -l root s1 4455

I get :

Trying 192.168.0.48...
Connected to 192.168.0.48.
Escape character is '^]'.
Connection closed by foreign host

.

The connection is closed after roughly 30 seconds, and I didn't log. I tried without the -l switch, without any success. I tried to 'telnet' with IP addresses instead of names to avoid reverse DNS issues (although I added to d1 /etc/hosts a line refering to s1 IP/name, just in case), no success. I tried on another port than 4455, no success.

I gathered Wireshark logs from s1. I can see :

s1 sends SSH data to c1, c1 ACK
s1 performs an AAAA DNS request for c1, gets only the Authoritave nameservers.
s1 performs an A DNS request, then gets c1's IP address
s1 sends a SYN packet to c1, c1 replies with a RST/ACK
s1 sends a SYN to c1, C1 RST/ACK (?)
After 0.8 seconds, c1 sends a SYN to s1, s1 SYN/ACK and then c1 ACK
s1 sends SSH content to d1, d1 sends an ACK back to s1
s1 retries AAAA and A DNS requests
After 5 seconds, s1 retries a SYN to c1, once again it is RST/ACKed by c1. This is repeated 3 more times.
The last five packets : d1 sends SSH content to s1, s1 sends ACK and FIN/ACK to c1, c1 replies with FIN/ACK, s1 sends ACK to c1.

The connection seems to be closed by the telnet daemon after 22 seconds.

AFAIK, there is no way to decode the SSH stream, so I'm really stuck here ...

Any ideas ?

Thank you !

SCO

Posted 2010-12-28T12:20:47.223

Reputation: 41

It wasn't clear whether you were able to successfully login "as root" when doing so from the local network. AFAIK, telnetd doesn't normally allow login as root on Linux, but that might be a pam thing and maybe you've configured yours to allow it. But if you could clarify that it would rule that issue out. – deltaray – 2010-12-29T01:40:09.787

Answers

0

I worked out this !

Actually the loopback interface was not up on d1, hence the tunnel was not operational. I noticed that 'ping localhost' was failing, as well as 'telnet localhost'.

I created a /etc/network/interfaces file with 'lo' interface, and did an ifup lo.

SCO

Posted 2010-12-28T12:20:47.223

Reputation: 41

When that happens it should give you some message in the session that created the tunnel that it can't make the connection. – deltaray – 2010-12-30T03:27:12.290

Actually it didn't, hence it took me time to understand what was going on ! – SCO – 2010-12-31T13:01:54.893

Asked: 2010-12-28T12:20:47.223

Viewed: 1 392 times

Active: 2010-12-29T15:50:14.227