Gentoo Archives: gentoo-user-hu

From: Aleph <alephlg@×××××.com>
To: gentoo-user-hu@l.g.o
Subject: Re: [gentoo-user-hu] sshd reverse mapping problema
Date: Tue, 13 Mar 2007 11:48:30
Message-Id: c3e6dbbe0703130448h7913f6f2pc55128f093818ce0@mail.gmail.com
In Reply to: Re: [gentoo-user-hu] sshd reverse mapping problema by cjvt
1 Most nincs engedélyezve az egyik azonosítási mód sem. :-)
2 Ajánlom:
3 http://www.gentoo.org/doc/hu/security/security-handbook.xml?part=1&chap=10#doc_chap11
4
5 Aleph
6
7 2007/3/13, cjvt <cjvt@××××××××.hu>:
8 >
9 > $ cat sshd_config
10 >
11 > # $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
12 >
13 > # This is the sshd server system-wide configuration file. See
14 > # sshd_config(5) for more information.
15 >
16 > # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
17 >
18 > # The strategy used for options in the default sshd_config shipped with
19 > # OpenSSH is to specify options with their default value where
20 > # possible, but leave them commented. Uncommented options change a
21 > # default value.
22 >
23 > Port 225
24 > Protocol 2
25 > #AddressFamily any
26 > #ListenAddress 0.0.0.0
27 > #ListenAddress ::
28 >
29 > # HostKey for protocol version 1
30 > #HostKey /etc/ssh/ssh_host_key
31 > # HostKeys for protocol version 2
32 > #HostKey /etc/ssh/ssh_host_rsa_key
33 > #HostKey /etc/ssh/ssh_host_dsa_key
34 >
35 > # Lifetime and size of ephemeral version 1 server key
36 > #KeyRegenerationInterval 1h
37 > #ServerKeyBits 768
38 >
39 > # Logging
40 > # obsoletes QuietMode and FascistLogging
41 > #SyslogFacility AUTH
42 > #LogLevel INFO
43 >
44 > # Authentication:
45 >
46 > #LoginGraceTime 2m
47 > PermitRootLogin no
48 > #StrictModes yes
49 > #MaxAuthTries 6
50 >
51 > #RSAAuthentication yes
52 > #PubkeyAuthentication yes
53 > #AuthorizedKeysFile .ssh/authorized_keys
54 >
55 > # For this to work you will also need host keys in
56 > /etc/ssh/ssh_known_hosts
57 > #RhostsRSAAuthentication no
58 > # similar for protocol version 2
59 > #HostbasedAuthentication no
60 > # Change to yes if you don't trust ~/.ssh/known_hosts for
61 > # RhostsRSAAuthentication and HostbasedAuthentication
62 > #IgnoreUserKnownHosts no
63 > # Don't read the user's ~/.rhosts and ~/.shosts files
64 > #IgnoreRhosts yes
65 >
66 > # To disable tunneled clear text passwords, change to no here!
67 > PasswordAuthentication no
68 > #PermitEmptyPasswords no
69 >
70 > # Change to no to disable s/key passwords
71 > #ChallengeResponseAuthentication yes
72 >
73 > # Kerberos options
74 > #KerberosAuthentication no
75 > #KerberosOrLocalPasswd yes
76 > #KerberosTicketCleanup yes
77 > #KerberosGetAFSToken no
78 >
79 > # GSSAPI options
80 > #GSSAPIAuthentication no
81 > #GSSAPICleanupCredentials yes
82 >
83 > # Set this to 'yes' to enable PAM authentication, account processing,
84 > # and session processing. If this is enabled, PAM authentication will
85 > # be allowed through the ChallengeResponseAuthentication and
86 > # PasswordAuthentication. Depending on your PAM configuration,
87 > # PAM authentication via ChallengeResponseAuthentication may bypass
88 > # the setting of "PermitRootLogin without-password".
89 > # If you just want the PAM account and session checks to run without
90 > # PAM authentication, then enable this but set PasswordAuthentication
91 > # and ChallengeResponseAuthentication to 'no'.
92 > UsePAM no
93 >
94 > #AllowTcpForwarding yes
95 > #GatewayPorts no
96 > #X11Forwarding no
97 > #X11DisplayOffset 10
98 > #X11UseLocalhost yes
99 > #PrintMotd yes
100 > #PrintLastLog yes
101 > #TCPKeepAlive yes
102 > #UseLogin no
103 > #UsePrivilegeSeparation yes
104 > #PermitUserEnvironment no
105 > #Compression delayed
106 > #ClientAliveInterval 0
107 > #ClientAliveCountMax 3
108 > UseDNS no
109 > #PidFile /var/run/sshd.pid
110 > #MaxStartups 10
111 > #PermitTunnel no
112 >
113 > # no default banner path
114 > #Banner /some/path
115 >
116 > # override default of no subsystems
117 > Subsystem sftp /usr/lib64/misc/sftp-server
118 >
119 > # Example of overriding settings on a per-user basis
120 > #Match User anoncvs
121 > # X11Forwarding no
122 > # AllowTcpForwarding no
123 > # ForceCommand cvs server
124 >
125 >
126 > vt
127 > 2007. március 13. dátummal Aleph ezt írta:
128 > > A baj az, hogy a jelszavas azonosítás nincs engedélyezve, de elvárja.
129 > Ezért
130 > > a public-key sikeressége után elutasít. Ha minden igaz akkor a
131 > > configfile-ban nincs kommentelve a pam-ot engedélyező sor.
132 > >
133 > > Aleph
134 > >
135 > > 2007/3/13, cjvt <cjvt@××××××××.hu>:
136 > > > udv Mindenki,
137 > > >
138 > > > Van egy olyan problemam, hogy nem tudom mi okbol, de az sshd
139 > eltanacsol:
140 > > >
141 > > > Ha a kliensen (ubuntu - 192.168.1.1) probalkozom, ez az eredmeny:
142 > > >
143 > > > $ ssh user@192.168.1.50 -p 225 -v
144 > > >
145 > > > OpenSSH_4.3p2 Debian-5ubuntu1, OpenSSL 0.9.8b 04 May 2006
146 > > > debug1: Reading configuration data /etc/ssh/ssh_config
147 > > > debug1: Applying options for *
148 > > > debug1: Connecting to 192.168.1.50 [192.168.1.50] port 225.
149 > > > debug1: Connection established.
150 > > > debug1: identity file /home/user/.ssh/identity type -1
151 > > > debug1: identity file /home/user/.ssh/id_rsa type -1
152 > > > debug1: identity file /home/user/.ssh/id_dsa type -1
153 > > > debug1: Remote protocol version 2.0, remote software version
154 > OpenSSH_4.6
155 > > > debug1: match: OpenSSH_4.6 pat OpenSSH*
156 > > > debug1: Enabling compatibility mode for protocol 2.0
157 > > > debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-5ubuntu1
158 > > > debug1: SSH2_MSG_KEXINIT sent
159 > > > debug1: SSH2_MSG_KEXINIT received
160 > > > debug1: kex: server->client aes128-cbc hmac-md5 none
161 > > > debug1: kex: client->server aes128-cbc hmac-md5 none
162 > > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
163 > > > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
164 > > > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
165 > > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
166 > > > debug1: Host '192.168.1.50' is known and matches the RSA host key.
167 > > > debug1: Found key in /home/user/.ssh/known_hosts:1
168 > > > debug1: ssh_rsa_verify: signature correct
169 > > > debug1: SSH2_MSG_NEWKEYS sent
170 > > > debug1: expecting SSH2_MSG_NEWKEYS
171 > > > debug1: SSH2_MSG_NEWKEYS received
172 > > > debug1: SSH2_MSG_SERVICE_REQUEST sent
173 > > > debug1: SSH2_MSG_SERVICE_ACCEPT received
174 > > > debug1: Authentications that can continue: publickey
175 > > > debug1: Next authentication method: publickey
176 > > > debug1: Trying private key: /home/user/.ssh/identity
177 > > > debug1: Trying private key: /home/user/.ssh/id_rsa
178 > > > debug1: Trying private key: /home/user/.ssh/id_dsa
179 > > > debug1: No more authentication methods to try.
180 > > > Permission denied (publickey).
181 > > >
182 > > >
183 > > > a szerver (gentoo - 192.168.1.50) ugyanakkor ezt mondja a lognak:
184 > > >
185 > > >
186 > > > reverse mapping checking getaddrinfo for server [192.168.1.1] failed -
187 > > > POSSIBLE BREAK-IN ATTEMPT!
188 > > >
189 > > > valaki tudja, mit editaltam tonkre? ;)
190 > > >
191 > > > vt
192 > > > --
193 > > > gentoo-user-hu@g.o mailing list
194 >
195 >
196 > --
197 > gentoo-user-hu@g.o mailing list
198 >
199 >

Replies

Subject Author
Re: [gentoo-user-hu] sshd reverse mapping problema cjvt <cjvt@××××××××.hu>