Community Forum

Ssh fails with "security violation"

I’ve installed the package on a Raspberry Pi and configured remote access to it via ssh, then logged into https://apps.remoteit and set up a proxied ssh connection to the R-Pi. I tested this from a VPS on another network by doing “ssh -l pi -p nnnnn” and it worked perfectly.

I then tried the same ssh command from another VPS but this one consistently fails.
Using a “-v” flag on the ssh command shows:

OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2s  28 May 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to [18.184.71.nnn] port nnnnn.
debug1: Connection established.
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
debug1: ssh_exchange_identification: HTTP/1.0 403 Forbidden
debug1: ssh_exchange_identification: Connection: Closed
debug1: ssh_exchange_identification:
debug1: ssh_exchange_identification: {"message":"Security Violation","ip":"redacted","port":"35574","source":" connectd"}
ssh_exchange_identification: Connection closed by remote host

where “redacted” is the IP address of the VPS. Both VPS are running Debian Stretch and, as far as I can see, ssh is configured identically on both, so I’m at a loss to understand why one works and the other fails.

Any ideas welcome!

I think I’ve worked out what is happening, although not why. There seems to be a restriction that a tunnel can be used from one host only. An attempt to use the same tunnel from another host results in failure with the “security violation” message.

Is this by design? If so, it would be good to document it.

You can set it public on the connection, click the name, and not use the quick launch

If you own the device you can launch a public proxy without restriction:

Thanks for clarifying this.