You are not logged in.
Where should I start...
I'm currently in Croatia.
There I had HRTelekom VDSL line 14/1 MBit/s.
2 days ago my order of Tele2 LTE/4G arrived with a ZTE MF286 router.
At home in Germany I have a Fritz!Box 7590 acting as a VPN server.
It's using deprecated xauth+psk and I can establish a connection with vpnc and NetworkManager.
I was able to establish that connection over the Telekom DSL
and I'm able to establish that connection over Tele2 LTE.
Router firewall is disabled.
It was enabled at some point with default policy accept.
Oh yeah I also have a Smartphone (Samsung S5 with LineageOS).
Now for the ssh connection.
The router has the IP 192.168.2.1 . I changed it from 192.168.0.1 because from my undestanding 0 is pretty much a wildcard address depending on netmask.
ssh connection over
- Telekom DSL - worked
- Smartphone TLE - works
- TELE2 LTE:
nmap can find the port and connect to it and make out it's openssh 7.4
putty on arch is able to establish a connection and I can log in without a problem
any attempt over gnome-shell fails
any attempt over konsole fails
I can use telnet to connect to port 22 but I'm ofc unable to handshake and so on
Things to note:
When I turn on the router without a SIM card inserted and run Firefox it tells me I need to log in to my provider
Windows 10 crashed (blue screen) 1st time I connected this router to Windows with KERNEL_SECURITY...something and it would bluescreen to no end until I pulled the LAN cable and booted without it and then connected the LAN cable. Windows eh?
I tried
removing .ssh/config
using cinnamon
using gnome
restarting croatia router
restarting germany router
The error message is
darko@wrk ~ $ ssh root@192.168.10.17
Connection closed by 192.168.10.17 port 22env doesn't look like anything out of the ordinary
NVM_DIR=/home/darko/.nvm
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:
LC_MEASUREMENT=de_DE.UTF-8
LC_PAPER=de_DE.UTF-8
LC_MONETARY=de_DE.UTF-8
ANDROID_HOME=/home/darko/Android/Sdk
XDG_MENU_PREFIX=gnome-
LANG=en_US.utf8
DISPLAY=:0
SDKMAN_CURRENT_API=https://api.sdkman.io/2
COLORTERM=truecolor
NVM_CD_FLAGS=
MOZ_PLUGIN_PATH=/usr/lib/mozilla/plugins
XDG_VTNR=1
PAM_KWALLET5_LOGIN=/run/user/1000/kwallet5.socket
AIR_HOME=/opt/adobe-air-sdk
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
HG=/usr/bin/hg
XDG_SESSION_ID=c3
USER=darko
SPRINGBOOT_HOME=/home/darko/.sdkman/candidates/springboot/current
DESKTOP_SESSION=/usr/share/xsessions/gnome
GOPATH=/home/darko/go
GRADLE_HOME=/usr/share/java/gradle
GNOME_TERMINAL_SCREEN=/org/gnome/Terminal/screen/4971abb6_a1fc_4d86_982b_b9eb92172a7a
PWD=/home/darko
HOME=/home/darko
XDG_SESSION_TYPE=x11
XDG_DATA_DIRS=/home/darko/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share
XDG_SESSION_DESKTOP=GNOME
GJS_DEBUG_OUTPUT=stderr
LC_NUMERIC=de_DE.UTF-8
SDKMAN_DIR=/home/darko/.sdkman
GTK_MODULES=canberra-gtk-module
SDKMAN_LEGACY_API=https://api.sdkman.io/1
MAIL=/var/spool/mail/darko
TERM=xterm-256color
SHELL=/bin/bash
VTE_VERSION=5202
XDG_SESSION_CLASS=user
XDG_SEAT_PATH=/org/freedesktop/DisplayManager/Seat0
NVM_BIN=/home/darko/.nvm/versions/node/v10.1.0/bin
SDKMAN_CANDIDATES_DIR=/home/darko/.sdkman/candidates
XDG_CURRENT_DESKTOP=GNOME
GNOME_TERMINAL_SERVICE=:1.158
XDG_SEAT=seat0
SHLVL=1
MAVEN_OPTS=-Xmx512m
GNOME_DESKTOP_SESSION_ID=this-is-deprecated
LOGNAME=darko
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
XDG_RUNTIME_DIR=/run/user/1000
XAUTHORITY=/home/darko/.Xauthority
XDG_SESSION_PATH=/org/freedesktop/DisplayManager/Session2
PATH=/home/darko/.nvm/versions/node/v10.1.0/bin:/home/darko/.sdkman/candidates/springboot/current/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/opt/adobe-air-sdk/bin:/usr/lib/jvm/default/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/home/darko/go/bin/:/home/darko/.gem/ruby/2.2.0/bin:/home/darko/go_appengine:/home/darko/.gem/ruby/2.3.0/bin
SDKMAN_VERSION=5.5.11+256
GJS_DEBUG_TOPICS=JS ERROR;JS LOG
SDKMAN_PLATFORM=Linux64
SESSION_MANAGER=local/wrk:@/tmp/.ICE-unix/3623,unix/wrk:/tmp/.ICE-unix/3623
LC_TIME=de_DE.UTF-8
_=/bin/env
OLDPWD=/home/darko/.sshI have a wireshark log of tun0 when I tried to connect but where should I put it and is it even necessary? It tries to handshake and tries again and again but apparently fails.
Could this be a sign for router MITM attacks?
Anyhow looking for a solution.
edit: Trying to create this topic over the VPN I wasn't able to post because the identity of bbs.archlinux.org couldn't be verified (said firefox).
edit2: Gnome Version 3.28.2, same as gnome-terminal, konsole Version 18.04.1
any other info you need just ask
edit3:
darko@wrk ~ $ ssh -v root@192.168.10.17
OpenSSH_7.7p1, OpenSSL 1.1.0h 27 Mar 2018
debug1: Reading configuration data /home/darko/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.10.17 [192.168.10.17] port 22.
debug1: Connection established.
debug1: identity file /home/darko/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_ed25519-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_xmss type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/darko/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.10.17:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 192.168.10.17 port 22Last edited by dalu (2018-06-07 15:40:20)
Offline
I believe it has something to do with MTU setting.
On the router it's currently 1500.
I tried lowering the MTU to 1440 by
sudo ip link set mtu 1440 dev enp3s0and I was able to connect, however bbs.archlinux.org is still timing out.
How would I go about finding the correct MTU setting?
Offline
Now I'm able to post here, hopefully with
sudo nano -w /etc/NetworkManager/dispatcher.d/vpn-up
#!/bin/sh
if [ "$2" = "vpn-up" ]; then
/sbin/ifconfig "$1" mtu 1280
fior even 1392
but I'm unable to ssh, still.
Router has
MTU 1500
MSS 1300
factory default or rather tele2 default
Last edited by dalu (2018-06-07 16:41:16)
Offline
I don't get it. Why is everything those freedesktop guys do utterly flawed?
#!/bin/sh
/sbin/ifconfig tun0 mtu 1358
/sbin/ifconfig enp3s0 mtu 1420You'd think this sets the correct values right?
Well wrong.
and for the record yes i did ip link set mtu xxx dev yyy
Offline