does winSCP pass host IP in the auth string?

Advertisement

dancar
Guest

does winSCP pass host IP in the auth string?

Hi,

I have a connection issue with a client - they can telnet (cmd) to port 22 on our public IP and it opens a session.

- they have an internal NAT setup for our public IP for example ins 10.10.10.50 -> dst 1.2.3.4

so when they telnet to 10.10.10.50:22 session opens
when they use winSCP 10.10.10.50 with username/password session fails - the message is authentication error.

Does WinSCP pass the host IP (1.2.3.4) through? So in my clients case, it is passing through 10.10.10.50 in the string?

regards

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,286
Location:
Prague, Czechia

Re: does winSCP pass host IP in the auth string?

dancar wrote:

Does WinSCP pass the host IP (1.2.3.4) through? So in my clients case, it is passing through 10.10.10.50 in the string?
Sorry, I do not understand. In what string?
Also what protocol are you talking about.
Can you post a log file?
_________________
Martin Prikryl

Reply with quote

dancar
Guest

Martin,

This is the log from the successful connection. I need my client to connect (SFTP) to our server (1.2.3.4).

My client has a NAT in place, so when they are trying to connect to 1.2.3.4 - they actually attempt through 10.10.10.50. When they attempt to connect through telnet (22) the session opens - when they use winscp they get an authenication error.

My question is: when using winscp, does the username@hostIP get passed through for authentication? If username@10.10.10.50 is passed through to the server 1.2.3.4 will this cause the authentication error?

I have requested the logfile from the client.


. 2009-03-02 15:55:47.309 WinSCP Version 3.8.0 (Build 312) (OS 5.1.2600 Service Pack 2)
. 2009-03-02 15:55:47.309 Login time: Monday, 2 March 2009 3:55:47 PM
. 2009-03-02 15:55:47.309 --------------------------------------------------------------------------
. 2009-03-02 15:55:47.309 Session name: session
. 2009-03-02 15:55:47.309 Host name: 10.10.10.50 (Port: 22)
. 2009-03-02 15:55:47.309 User name: username (Password: Yes, Key file: No)
. 2009-03-02 15:55:47.309 Transfer Protocol: SFTP (SCP)
. 2009-03-02 15:55:47.309 SSH protocol version: 2; Compression: No
. 2009-03-02 15:55:47.309 Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2009-03-02 15:55:47.309 Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No
. 2009-03-02 15:55:47.309 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2009-03-02 15:55:47.309 SSH Bugs: -,-,-,-,-,-,-,-
. 2009-03-02 15:55:47.309 SFTP Bugs: -,-,-
. 2009-03-02 15:55:47.309 Proxy: none
. 2009-03-02 15:55:47.309 Return code variable: Autodetect; Lookup user groups: Yes
. 2009-03-02 15:55:47.309 Shell: default, EOL: 0
. 2009-03-02 15:55:47.309 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2009-03-02 15:55:47.309 Cache directory changes: Yes, Permanent: Yes
. 2009-03-02 15:55:47.309 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2009-03-02 15:55:47.309 Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No
. 2009-03-02 15:55:47.309 --------------------------------------------------------------------------
. 2009-03-02 15:55:47.325 Looking up host "10.10.10.50"
. 2009-03-02 15:55:47.325 Connecting to 10.10.10.50 port 22
. 2009-03-02 15:55:47.341 Server version: SSH-2.0-WS_FTP-SSH_1.1
. 2009-03-02 15:55:47.341 We claim version: SSH-2.0-WinSCP_release_3.8
. 2009-03-02 15:55:47.341 Using SSH protocol version 2
. 2009-03-02 15:55:47.356 Using Diffie-Hellman with standard group "group14"
. 2009-03-02 15:55:47.356 Doing Diffie-Hellman key exchange
. 2009-03-02 15:55:47.762 Host key fingerprint is:
. 2009-03-02 15:55:47.762 ssh-rsa 1024 8a:f3:b6:8c:b6:cc:5a:36:71:58:2c:4d:cf:28:84:0a
. 2009-03-02 15:55:47.762 Initialised AES-256 client->server encryption
. 2009-03-02 15:55:47.762 Initialised HMAC-SHA1 client->server MAC algorithm
. 2009-03-02 15:55:47.762 Initialised AES-256 server->client encryption
. 2009-03-02 15:55:47.762 Initialised HMAC-SHA1 server->client MAC algorithm
! 2009-03-02 15:55:47.997 Using username "username".
. 2009-03-02 15:55:48.044 Session password prompt (username@10.10.10.50's password: )
. 2009-03-02 15:55:48.044 Using stored password.
. 2009-03-02 15:55:48.044 Sent password
. 2009-03-02 15:55:48.059 Access granted
. 2009-03-02 15:55:48.075 Opened channel for session
. 2009-03-02 15:55:48.106 Started a shell/command
. 2009-03-02 15:55:48.106 --------------------------------------------------------------------------
. 2009-03-02 15:55:48.106 Using SFTP protocol.
. 2009-03-02 15:55:48.106 Doing startup conversation with host.
> 2009-03-02 15:55:48.106 Type: SSH_FXP_INIT, Size: 5, Number: -1
< 2009-03-02 15:55:48.122 Type: SSH_FXP_VERSION, Size: 5, Number: -1
. 2009-03-02 15:55:48.122 SFTP version 4 negotiated.
. 2009-03-02 15:55:48.122 We will use UTF-8 strings when appropriate
. 2009-03-02 15:55:48.122 Getting current directory name.
. 2009-03-02 15:55:48.122 Getting real path for '.'
> 2009-03-02 15:55:48.122 Type: SSH_FXP_REALPATH, Size: 10, Number: 16
< 2009-03-02 15:55:48.200 Type: SSH_FXP_NAME, Size: 34, Number: 16
. 2009-03-02 15:55:48.200 Real path is '/root/imt_pp'
. 2009-03-02 15:55:48.200 Listing directory "/root/imt_pp".
> 2009-03-02 15:55:48.200 Type: SSH_FXP_OPENDIR, Size: 21, Number: 267
< 2009-03-02 15:55:48.200 Type: SSH_FXP_HANDLE, Size: 11, Number: 267
> 2009-03-02 15:55:48.200 Type: SSH_FXP_READDIR, Size: 11, Number: 524
< 2009-03-02 15:55:48.247 Type: SSH_FXP_NAME, Size: 1879, Number: 524
> 2009-03-02 15:55:48.247 Type: SSH_FXP_READDIR, Size: 11, Number: 780
< 2009-03-02 15:55:48.262 Type: SSH_FXP_STATUS, Size: 28, Number: 780
< 2009-03-02 15:55:48.262 Status/error code: 1
> 2009-03-02 15:55:48.262 Type: SSH_FXP_CLOSE, Size: 11, Number: 1028
. 2009-03-02 15:55:48.262 Startup conversation with host finished.
. 2009-03-02 15:58:27.059 Detected incoming data while idle
. 2009-03-02 15:58:36.466 Closing connection.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,286
Location:
Prague, Czechia

No IP address is sent trough SSH connection. Once you are able to connect to the server, you should not have any problems. So I do not think that the authentication problems are caused by the NAT. Log from failed authentication would be useful.
_________________
Martin Prikryl

Reply with quote

dancar
Guest

Martin,

I have received feedback from the client - it now all works. They have sent through the logfile from the successful connection, they were still using the beta version - so it wasnt causing any problems either.

Thanks for all your assistance.
Dan

Reply with quote

Advertisement

You can post new topics in this forum