SSH not working over VPN only

Question

EDIT: the SSH public key setup is a red herring. I actually cannot SSH to any boxes over Junos Pulse VPN, even ones where I don't have my SSH keys stored for password-less login.

I have an SSH public key setup on a UNIX box I routinely SSH to at work so that I can login quickly without having to type my password. When I am connected via ethernet at the office, it works just fine. However, when I connect over VPN, regardless of whether it is wireless or ethernet from home or from work, I get this error:

mstills:~/ $ ssh -v <IP>                                                                                                    [11:00:18]
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to ------- [--------] port 22.
debug1: Connection established.
debug1: identity file /Users/mstills/.ssh/id_rsa type 1
debug1: identity file /Users/mstills/.ssh/id_rsa-cert type -1
debug1: identity file /Users/mstills/.ssh/id_dsa type -1
debug1: identity file /Users/mstills/.ssh/id_dsa-cert type -1
ssh_exchange_identification: Connection closed by remote host

There is not much information here to work with. The closest thing I could find to my problem via Google was this: https://supportforums.cisco.com/thread/2068758

But I can't figure out how to apply that solution. The client I use to connect to VPN (if relevant) is Junos Pulse. I just started using it recently, the old client I use to connect to VPN seemed to accept the SSH key no problems.

edit: this problem definitely only occurs when using the Junos Pulse VPN client. Maybe it is related to hosts file? I have no idea...

The VPN client should have next to nothing to do with your ssh session. The only thing I can think of is if the new client goes with a new VPN concentrator/gateway that is handing out a new set of ip addresses, and the ssh server is set to only allow access to specific ips but hasn't been updated. You're going to need the log from the server to figure out why the server doesn't want to let you connect with your key anymore. — DerfK, Feb 13 '13 at 16:23
I can get to logs on the server, where should I look? Linux ------- 2.4.9-e.38smp #1 SMP Wed Feb 11 00:09:01 EST 2004 i686 unknown — mattacular, Feb 13 '13 at 16:30

score 3 · Accepted Answer · answered Feb 13 '13 at 17:28

3

Most likely a tcpwrapper issue. You will need to check the /etc/hosts.deny and /etc/hosts.allow files. Check if ssh is allowed from specific IP addresses, particularly pay attention to parameters such as sshd or ALL:ALL.

answered Feb 13 '13 at 17:28

Daniel t.

9,291
1
33
36

That is on the server side right? Not something I need to do on my client? – mattacular Feb 13 '13 at 17:53
yes, on the ssh server. – Daniel t. Feb 13 '13 at 17:54
Thanks, I concur that it has to be this. I'm not the sys admin but I will work with our tech services to get it checked out. +1 – mattacular Feb 13 '13 at 18:03

SSH not working over VPN only

1 Answers1