You are not logged in.

#1 2021-07-19 04:24:16

1ndeed
Member
Registered: 2018-09-28
Posts: 41

[SOLVED] SSH Cannot See Actual IP of Local Network Clients

Server:
ssh listen at: 0.0.0.0
local network ip: 192.168.123.123

Client:
local network ip: 192.168.123.120

When the client connects to the ssh, the log of sshd from the server side:

Jul 19 11:56:34 hostname sshd[2001]: Accepted publickey for my_user_name from 192.168.123.1 port 55456 ssh2: RSA SHA256:*****************************
Jul 19 11:56:34 hostname sshd[2001]: pam_unix(sshd:session): session opened for user my_user_name(uid=1234) by (uid=0)

Here the server accepts the client ip as 192.168.123.1 instead of its actual ip(192.168.123.120).

I think this is insecure, makes fail2ban impossible to deploy.
So how do I solve this problem? Is is a route problem? I don’t know anything about route. Or is it not a problem at all?

(So far this is only a problem in local network)

Last edited by 1ndeed (2021-07-19 06:40:50)

Offline

#2 2021-07-19 06:02:28

seth
Member
Registered: 2012-09-03
Posts: 49,985

Re: [SOLVED] SSH Cannot See Actual IP of Local Network Clients

Do you ssh to the LAN IP or the WAN IP?
This looks like it's forwarded by the gateway (your router, likely)

Offline

#3 2021-07-19 06:21:43

1ndeed
Member
Registered: 2018-09-28
Posts: 41

Re: [SOLVED] SSH Cannot See Actual IP of Local Network Clients

seth wrote:

Do you ssh to the LAN IP or the WAN IP?
This looks like it's forwarded by the gateway (your router, likely)

This is strange...
If I do:

# ssh my_user_name@WAN_IP(Router IP)

I get 192.168.123.1

Jul 19 14:04:08 hostname sshd[13123]: Accepted publickey for my_user_name from 192.168.123.1 port 58250 ssh2: RSA SHA256:********************************
Jul 19 14:04:08 hostname sshd[13123]: pam_unix(sshd:session): session opened for user my_user_name(uid=0000) by (uid=0)

But if I do:

# ssh my_user_name@192.168.123.123(LAN_IP)

I get the real LAN IP of the client.

Jul 19 14:04:08 hostname sshd[13123]: Accepted publickey for my_user_name from 192.168.123.120 port 58250 ssh2: RSA SHA256:********************************
Jul 19 14:04:08 hostname sshd[13123]: pam_unix(sshd:session): session opened for user my_user_name(uid=0000) by (uid=0)

So is there an easy way to prevent my route from doing this?
And if there's a hacker, he somehow gets into my local network, ssh my WAN_IP and tries to brute force crack my ssh password and eventually get my server ban the port 22 of route ip(192.168.123.1). Does it even matter?

Last edited by 1ndeed (2021-07-19 06:31:57)

Offline

#4 2021-07-19 06:35:14

seth
Member
Registered: 2012-09-03
Posts: 49,985

Re: [SOLVED] SSH Cannot See Actual IP of Local Network Clients

So is there an easy way to prevent my route from doing this?

"(consumer) routeR" - your route isn't involved here.

hacker, he somehow gets into my local network

You can stop thinking here.
If you consider your LAN to be potentially hostile (and since you intend to open sh to the WAN) the proper approach is to deny password logins.
https://wiki.archlinux.org/title/OpenSS … entication

eventually get my server ban the port 22 of route ip(192.168.123.1). Does it even matter?

I'd first and foremost check how the router behaves on accesses from a different network segment (ie. from outside the LAN, a system that's not behind the same router that is forwarding ssh)

Offline

Board footer

Powered by FluxBB