does winSCP pass host IP in the auth string?

Hi,

I have a connection issue with a client - they can telnet (cmd) to port 22 on our public IP and it opens a session.

- they have an internal NAT setup for our public IP for example ins 10.10.10.50 -> dst 1.2.3.4

so when they telnet to 10.10.10.50:22 session opens
when they use winSCP 10.10.10.50 with username/password session fails - the message is authentication error.

Does WinSCP pass the host IP (1.2.3.4) through? So in my clients case, it is passing through 10.10.10.50 in the string?

regards

dancar wrote:

Does WinSCP pass the host IP (1.2.3.4) through? So in my clients case, it is passing through 10.10.10.50 in the string?

Sorry, I do not understand. In what string?
Also what protocol are you talking about.
Can you post a log file?

Martin,

This is the log from the successful connection. I need my client to connect (SFTP) to our server (1.2.3.4).

My client has a NAT in place, so when they are trying to connect to 1.2.3.4 - they actually attempt through 10.10.10.50. When they attempt to connect through telnet (22) the session opens - when they use winscp they get an authenication error.

My question is: when using winscp, does the username@hostIP get passed through for authentication? If username@10.10.10.50 is passed through to the server 1.2.3.4 will this cause the authentication error?

I have requested the logfile from the client.


. 2009-03-02 15:55:47.309 WinSCP Version 3.8.0 (Build 312) (OS 5.1.2600 Service Pack 2)
. 2009-03-02 15:55:47.309 Login time: Monday, 2 March 2009 3:55:47 PM
. 2009-03-02 15:55:47.309 --------------------------------------------------------------------------
. 2009-03-02 15:55:47.309 Session name: session
. 2009-03-02 15:55:47.309 Host name: 10.10.10.50 (Port: 22)
. 2009-03-02 15:55:47.309 User name: username (Password: Yes, Key file: No)
. 2009-03-02 15:55:47.309 Transfer Protocol: SFTP (SCP)
. 2009-03-02 15:55:47.309 SSH protocol version: 2; Compression: No
. 2009-03-02 15:55:47.309 Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2009-03-02 15:55:47.309 Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No
. 2009-03-02 15:55:47.309 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2009-03-02 15:55:47.309 SSH Bugs: -,-,-,-,-,-,-,-
. 2009-03-02 15:55:47.309 SFTP Bugs: -,-,-
. 2009-03-02 15:55:47.309 Proxy: none
. 2009-03-02 15:55:47.309 Return code variable: Autodetect; Lookup user groups: Yes
. 2009-03-02 15:55:47.309 Shell: default, EOL: 0
. 2009-03-02 15:55:47.309 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2009-03-02 15:55:47.309 Cache directory changes: Yes, Permanent: Yes
. 2009-03-02 15:55:47.309 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2009-03-02 15:55:47.309 Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No
. 2009-03-02 15:55:47.309 --------------------------------------------------------------------------
. 2009-03-02 15:55:47.325 Looking up host "10.10.10.50"
. 2009-03-02 15:55:47.325 Connecting to 10.10.10.50 port 22
. 2009-03-02 15:55:47.341 Server version: SSH-2.0-WS_FTP-SSH_1.1
. 2009-03-02 15:55:47.341 We claim version: SSH-2.0-WinSCP_release_3.8
. 2009-03-02 15:55:47.341 Using SSH protocol version 2
. 2009-03-02 15:55:47.356 Using Diffie-Hellman with standard group "group14"
. 2009-03-02 15:55:47.356 Doing Diffie-Hellman key exchange
. 2009-03-02 15:55:47.762 Host key fingerprint is:
. 2009-03-02 15:55:47.762 ssh-rsa 1024 8a:f3:b6:8c:b6:cc:5a:36:71:58:2c:4d:cf:28:84:0a
. 2009-03-02 15:55:47.762 Initialised AES-256 client->server encryption
. 2009-03-02 15:55:47.762 Initialised HMAC-SHA1 client->server MAC algorithm
. 2009-03-02 15:55:47.762 Initialised AES-256 server->client encryption
. 2009-03-02 15:55:47.762 Initialised HMAC-SHA1 server->client MAC algorithm
! 2009-03-02 15:55:47.997 Using username "username".
. 2009-03-02 15:55:48.044 Session password prompt (username@10.10.10.50's password: )
. 2009-03-02 15:55:48.044 Using stored password.
. 2009-03-02 15:55:48.044 Sent password
. 2009-03-02 15:55:48.059 Access granted
. 2009-03-02 15:55:48.075 Opened channel for session
. 2009-03-02 15:55:48.106 Started a shell/command
. 2009-03-02 15:55:48.106 --------------------------------------------------------------------------
. 2009-03-02 15:55:48.106 Using SFTP protocol.
. 2009-03-02 15:55:48.106 Doing startup conversation with host.
> 2009-03-02 15:55:48.106 Type: SSH_FXP_INIT, Size: 5, Number: -1
< 2009-03-02 15:55:48.122 Type: SSH_FXP_VERSION, Size: 5, Number: -1
. 2009-03-02 15:55:48.122 SFTP version 4 negotiated.
. 2009-03-02 15:55:48.122 We will use UTF-8 strings when appropriate
. 2009-03-02 15:55:48.122 Getting current directory name.
. 2009-03-02 15:55:48.122 Getting real path for '.'
> 2009-03-02 15:55:48.122 Type: SSH_FXP_REALPATH, Size: 10, Number: 16
< 2009-03-02 15:55:48.200 Type: SSH_FXP_NAME, Size: 34, Number: 16
. 2009-03-02 15:55:48.200 Real path is '/root/imt_pp'
. 2009-03-02 15:55:48.200 Listing directory "/root/imt_pp".
> 2009-03-02 15:55:48.200 Type: SSH_FXP_OPENDIR, Size: 21, Number: 267
< 2009-03-02 15:55:48.200 Type: SSH_FXP_HANDLE, Size: 11, Number: 267
> 2009-03-02 15:55:48.200 Type: SSH_FXP_READDIR, Size: 11, Number: 524
< 2009-03-02 15:55:48.247 Type: SSH_FXP_NAME, Size: 1879, Number: 524
> 2009-03-02 15:55:48.247 Type: SSH_FXP_READDIR, Size: 11, Number: 780
< 2009-03-02 15:55:48.262 Type: SSH_FXP_STATUS, Size: 28, Number: 780
< 2009-03-02 15:55:48.262 Status/error code: 1
> 2009-03-02 15:55:48.262 Type: SSH_FXP_CLOSE, Size: 11, Number: 1028
. 2009-03-02 15:55:48.262 Startup conversation with host finished.
. 2009-03-02 15:58:27.059 Detected incoming data while idle
. 2009-03-02 15:58:36.466 Closing connection.

No IP address is sent trough SSH connection. Once you are able to connect to the server, you should not have any problems. So I do not think that the authentication problems are caused by the NAT. Log from failed authentication would be useful.

Martin,

I have received feedback from the client - it now all works. They have sent through the logfile from the successful connection, they were still using the beta version - so it wasnt causing any problems either.

Thanks for all your assistance.
Dan