Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-user-hu
Navigation:
Lists: gentoo-user-hu: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-user-hu@g.o
From: Aleph <alephlg@...>
Subject: Re: sshd reverse mapping problema
Date: Tue, 13 Mar 2007 12:48:03 +0100
Most nincs engedélyezve az egyik azonosítási mód sem. :-)<br>Ajánlom: <a href="http://www.gentoo.org/doc/hu/security/security-handbook.xml?part=1&amp;chap=10#doc_chap11">http://www.gentoo.org/doc/hu/security/security-handbook.xml?part=1&amp;chap=10#doc_chap11
</a><br><br>Aleph<br><br><div><span class="gmail_quote">2007/3/13, cjvt &lt;<a href="mailto:cjvt@...">cjvt@...</a>&gt;:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
$ cat sshd_config<br><br>#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $<br><br># This is the sshd server system-wide configuration file.&nbsp;&nbsp;See<br># sshd_config(5) for more information.<br><br># This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
<br><br># The strategy used for options in the default sshd_config shipped with<br># OpenSSH is to specify options with their default value where<br># possible, but leave them commented.&nbsp;&nbsp;Uncommented options change a<br># default value.
<br><br>Port 225<br>Protocol 2<br>#AddressFamily any<br>#ListenAddress <a href="http://0.0.0.0">0.0.0.0</a><br>#ListenAddress ::<br><br># HostKey for protocol version 1<br>#HostKey /etc/ssh/ssh_host_key<br># HostKeys for protocol version 2
<br>#HostKey /etc/ssh/ssh_host_rsa_key<br>#HostKey /etc/ssh/ssh_host_dsa_key<br><br># Lifetime and size of ephemeral version 1 server key<br>#KeyRegenerationInterval 1h<br>#ServerKeyBits 768<br><br># Logging<br># obsoletes QuietMode and FascistLogging
<br>#SyslogFacility AUTH<br>#LogLevel INFO<br><br># Authentication:<br><br>#LoginGraceTime 2m<br>PermitRootLogin no<br>#StrictModes yes<br>#MaxAuthTries 6<br><br>#RSAAuthentication yes<br>#PubkeyAuthentication yes<br>#AuthorizedKeysFile&nbsp;&nbsp;&nbsp;&nbsp; .ssh/authorized_keys
<br><br># For this to work you will also need host keys in /etc/ssh/ssh_known_hosts<br>#RhostsRSAAuthentication no<br># similar for protocol version 2<br>#HostbasedAuthentication no<br># Change to yes if you don&#39;t trust ~/.ssh/known_hosts for
<br># RhostsRSAAuthentication and HostbasedAuthentication<br>#IgnoreUserKnownHosts no<br># Don&#39;t read the user&#39;s ~/.rhosts and ~/.shosts files<br>#IgnoreRhosts yes<br><br># To disable tunneled clear text passwords, change to no here!
<br>PasswordAuthentication no<br>#PermitEmptyPasswords no<br><br># Change to no to disable s/key passwords<br>#ChallengeResponseAuthentication yes<br><br># Kerberos options<br>#KerberosAuthentication no<br>#KerberosOrLocalPasswd yes
<br>#KerberosTicketCleanup yes<br>#KerberosGetAFSToken no<br><br># GSSAPI options<br>#GSSAPIAuthentication no<br>#GSSAPICleanupCredentials yes<br><br># Set this to &#39;yes&#39; to enable PAM authentication, account processing,
<br># and session processing. If this is enabled, PAM authentication will<br># be allowed through the ChallengeResponseAuthentication and<br># PasswordAuthentication.&nbsp;&nbsp;Depending on your PAM configuration,<br># PAM authentication via ChallengeResponseAuthentication may bypass
<br># the setting of &quot;PermitRootLogin without-password&quot;.<br># If you just want the PAM account and session checks to run without<br># PAM authentication, then enable this but set PasswordAuthentication<br># and ChallengeResponseAuthentication to &#39;no&#39;.
<br>UsePAM no<br><br>#AllowTcpForwarding yes<br>#GatewayPorts no<br>#X11Forwarding no<br>#X11DisplayOffset 10<br>#X11UseLocalhost yes<br>#PrintMotd yes<br>#PrintLastLog yes<br>#TCPKeepAlive yes<br>#UseLogin no<br>#UsePrivilegeSeparation yes
<br>#PermitUserEnvironment no<br>#Compression delayed<br>#ClientAliveInterval 0<br>#ClientAliveCountMax 3<br>UseDNS no<br>#PidFile /var/run/sshd.pid<br>#MaxStartups 10<br>#PermitTunnel no<br><br># no default banner path<br>
#Banner /some/path<br><br># override default of no subsystems<br>Subsystem&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sftp&nbsp;&nbsp;&nbsp;&nbsp;/usr/lib64/misc/sftp-server<br><br># Example of overriding settings on a per-user basis<br>#Match User anoncvs<br>#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; X11Forwarding no
<br>#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; AllowTcpForwarding no<br>#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ForceCommand cvs server<br><br><br>vt<br>2007. március 13. dátummal Aleph ezt írta:<br>&gt; A baj az, hogy a jelszavas azonosítás nincs engedélyezve, de elvárja. Ezért<br>&gt; a public-key sikeressége után elutasít. Ha minden igaz akkor a
<br>&gt; configfile-ban nincs kommentelve a pam-ot engedélyező sor.<br>&gt;<br>&gt; Aleph<br>&gt;<br>&gt; 2007/3/13, cjvt &lt;<a href="mailto:cjvt@...">cjvt@...</a>&gt;:<br>&gt; &gt; udv Mindenki,<br>&gt; &gt;
<br>&gt; &gt; Van egy olyan problemam, hogy nem tudom mi okbol, de az sshd eltanacsol:<br>&gt; &gt;<br>&gt; &gt; Ha a kliensen (ubuntu - <a href="http://192.168.1.1">192.168.1.1</a>) probalkozom, ez az eredmeny:<br>&gt; &gt;
<br>&gt; &gt; $ ssh <a href="mailto:user@...">user@...</a> -p 225 -v<br>&gt; &gt;<br>&gt; &gt; OpenSSH_4.3p2 Debian-5ubuntu1, OpenSSL 0.9.8b 04 May 2006<br>&gt; &gt; debug1: Reading configuration data /etc/ssh/ssh_config
<br>&gt; &gt; debug1: Applying options for *<br>&gt; &gt; debug1: Connecting to <a href="http://192.168.1.50">192.168.1.50</a> [<a href="http://192.168.1.50">192.168.1.50</a>] port 225.<br>&gt; &gt; debug1: Connection established.
<br>&gt; &gt; debug1: identity file /home/user/.ssh/identity type -1<br>&gt; &gt; debug1: identity file /home/user/.ssh/id_rsa type -1<br>&gt; &gt; debug1: identity file /home/user/.ssh/id_dsa type -1<br>&gt; &gt; debug1: Remote protocol version 
2.0, remote software version OpenSSH_4.6<br>&gt; &gt; debug1: match: OpenSSH_4.6 pat OpenSSH*<br>&gt; &gt; debug1: Enabling compatibility mode for protocol 2.0<br>&gt; &gt; debug1: Local version string SSH-2.0-OpenSSH_4.3p2
 Debian-5ubuntu1<br>&gt; &gt; debug1: SSH2_MSG_KEXINIT sent<br>&gt; &gt; debug1: SSH2_MSG_KEXINIT received<br>&gt; &gt; debug1: kex: server-&gt;client aes128-cbc hmac-md5 none<br>&gt; &gt; debug1: kex: client-&gt;server aes128-cbc hmac-md5 none
<br>&gt; &gt; debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024&lt;1024&lt;8192) sent<br>&gt; &gt; debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP<br>&gt; &gt; debug1: SSH2_MSG_KEX_DH_GEX_INIT sent<br>&gt; &gt; debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
<br>&gt; &gt; debug1: Host &#39;<a href="http://192.168.1.50">192.168.1.50</a>&#39; is known and matches the RSA host key.<br>&gt; &gt; debug1: Found key in /home/user/.ssh/known_hosts:1<br>&gt; &gt; debug1: ssh_rsa_verify: signature correct
<br>&gt; &gt; debug1: SSH2_MSG_NEWKEYS sent<br>&gt; &gt; debug1: expecting SSH2_MSG_NEWKEYS<br>&gt; &gt; debug1: SSH2_MSG_NEWKEYS received<br>&gt; &gt; debug1: SSH2_MSG_SERVICE_REQUEST sent<br>&gt; &gt; debug1: SSH2_MSG_SERVICE_ACCEPT received
<br>&gt; &gt; debug1: Authentications that can continue: publickey<br>&gt; &gt; debug1: Next authentication method: publickey<br>&gt; &gt; debug1: Trying private key: /home/user/.ssh/identity<br>&gt; &gt; debug1: Trying private key: /home/user/.ssh/id_rsa
<br>&gt; &gt; debug1: Trying private key: /home/user/.ssh/id_dsa<br>&gt; &gt; debug1: No more authentication methods to try.<br>&gt; &gt; Permission denied (publickey).<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt; a szerver (gentoo - 
<a href="http://192.168.1.50">192.168.1.50</a>) ugyanakkor ezt mondja a lognak:<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt; reverse mapping checking getaddrinfo for server [<a href="http://192.168.1.1">192.168.1.1</a>] failed -
<br>&gt; &gt; POSSIBLE BREAK-IN ATTEMPT!<br>&gt; &gt;<br>&gt; &gt; valaki tudja, mit editaltam tonkre? ;)<br>&gt; &gt;<br>&gt; &gt; vt<br>&gt; &gt; --<br>&gt; &gt; <a href="mailto:gentoo-user-hu@g.o">gentoo-user-hu@g.o
</a> mailing list<br><br><br>--<br><a href="mailto:gentoo-user-hu@g.o">gentoo-user-hu@g.o</a> mailing list<br><br></blockquote></div><br>
Replies:
Re: sshd reverse mapping problema
-- cjvt
References:
sshd reverse mapping problema
-- cjvt
Re: sshd reverse mapping problema
-- Aleph
Re: sshd reverse mapping problema
-- cjvt
Navigation:
Lists: gentoo-user-hu: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: sshd reverse mapping problema
Next by thread:
Re: sshd reverse mapping problema
Previous by date:
Re: sshd reverse mapping problema
Next by date:
Re: sshd reverse mapping problema


Updated Jun 17, 2009

Summary: Archive of the gentoo-user-hu mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.