Gentoo Archives: gentoo-user-hu

From: cjvt <cjvt@××××××××.hu>
To: gentoo-user-hu@l.g.o
Subject: Re: [gentoo-user-hu] sshd reverse mapping problema
Date: Tue, 13 Mar 2007 11:39:52
Message-Id: 200703131239.22407.cjvt@inebhedj.hu
In Reply to: Re: [gentoo-user-hu] sshd reverse mapping problema by Aleph
1 $ cat sshd_config
2
3 # $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
4
5 # This is the sshd server system-wide configuration file. See
6 # sshd_config(5) for more information.
7
8 # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
9
10 # The strategy used for options in the default sshd_config shipped with
11 # OpenSSH is to specify options with their default value where
12 # possible, but leave them commented. Uncommented options change a
13 # default value.
14
15 Port 225
16 Protocol 2
17 #AddressFamily any
18 #ListenAddress 0.0.0.0
19 #ListenAddress ::
20
21 # HostKey for protocol version 1
22 #HostKey /etc/ssh/ssh_host_key
23 # HostKeys for protocol version 2
24 #HostKey /etc/ssh/ssh_host_rsa_key
25 #HostKey /etc/ssh/ssh_host_dsa_key
26
27 # Lifetime and size of ephemeral version 1 server key
28 #KeyRegenerationInterval 1h
29 #ServerKeyBits 768
30
31 # Logging
32 # obsoletes QuietMode and FascistLogging
33 #SyslogFacility AUTH
34 #LogLevel INFO
35
36 # Authentication:
37
38 #LoginGraceTime 2m
39 PermitRootLogin no
40 #StrictModes yes
41 #MaxAuthTries 6
42
43 #RSAAuthentication yes
44 #PubkeyAuthentication yes
45 #AuthorizedKeysFile .ssh/authorized_keys
46
47 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
48 #RhostsRSAAuthentication no
49 # similar for protocol version 2
50 #HostbasedAuthentication no
51 # Change to yes if you don't trust ~/.ssh/known_hosts for
52 # RhostsRSAAuthentication and HostbasedAuthentication
53 #IgnoreUserKnownHosts no
54 # Don't read the user's ~/.rhosts and ~/.shosts files
55 #IgnoreRhosts yes
56
57 # To disable tunneled clear text passwords, change to no here!
58 PasswordAuthentication no
59 #PermitEmptyPasswords no
60
61 # Change to no to disable s/key passwords
62 #ChallengeResponseAuthentication yes
63
64 # Kerberos options
65 #KerberosAuthentication no
66 #KerberosOrLocalPasswd yes
67 #KerberosTicketCleanup yes
68 #KerberosGetAFSToken no
69
70 # GSSAPI options
71 #GSSAPIAuthentication no
72 #GSSAPICleanupCredentials yes
73
74 # Set this to 'yes' to enable PAM authentication, account processing,
75 # and session processing. If this is enabled, PAM authentication will
76 # be allowed through the ChallengeResponseAuthentication and
77 # PasswordAuthentication. Depending on your PAM configuration,
78 # PAM authentication via ChallengeResponseAuthentication may bypass
79 # the setting of "PermitRootLogin without-password".
80 # If you just want the PAM account and session checks to run without
81 # PAM authentication, then enable this but set PasswordAuthentication
82 # and ChallengeResponseAuthentication to 'no'.
83 UsePAM no
84
85 #AllowTcpForwarding yes
86 #GatewayPorts no
87 #X11Forwarding no
88 #X11DisplayOffset 10
89 #X11UseLocalhost yes
90 #PrintMotd yes
91 #PrintLastLog yes
92 #TCPKeepAlive yes
93 #UseLogin no
94 #UsePrivilegeSeparation yes
95 #PermitUserEnvironment no
96 #Compression delayed
97 #ClientAliveInterval 0
98 #ClientAliveCountMax 3
99 UseDNS no
100 #PidFile /var/run/sshd.pid
101 #MaxStartups 10
102 #PermitTunnel no
103
104 # no default banner path
105 #Banner /some/path
106
107 # override default of no subsystems
108 Subsystem sftp /usr/lib64/misc/sftp-server
109
110 # Example of overriding settings on a per-user basis
111 #Match User anoncvs
112 # X11Forwarding no
113 # AllowTcpForwarding no
114 # ForceCommand cvs server
115
116
117 vt
118 2007. március 13. dátummal Aleph ezt írta:
119 > A baj az, hogy a jelszavas azonosítás nincs engedélyezve, de elvárja. Ezért
120 > a public-key sikeressége után elutasít. Ha minden igaz akkor a
121 > configfile-ban nincs kommentelve a pam-ot engedélyező sor.
122 >
123 > Aleph
124 >
125 > 2007/3/13, cjvt <cjvt@××××××××.hu>:
126 > > udv Mindenki,
127 > >
128 > > Van egy olyan problemam, hogy nem tudom mi okbol, de az sshd eltanacsol:
129 > >
130 > > Ha a kliensen (ubuntu - 192.168.1.1) probalkozom, ez az eredmeny:
131 > >
132 > > $ ssh user@192.168.1.50 -p 225 -v
133 > >
134 > > OpenSSH_4.3p2 Debian-5ubuntu1, OpenSSL 0.9.8b 04 May 2006
135 > > debug1: Reading configuration data /etc/ssh/ssh_config
136 > > debug1: Applying options for *
137 > > debug1: Connecting to 192.168.1.50 [192.168.1.50] port 225.
138 > > debug1: Connection established.
139 > > debug1: identity file /home/user/.ssh/identity type -1
140 > > debug1: identity file /home/user/.ssh/id_rsa type -1
141 > > debug1: identity file /home/user/.ssh/id_dsa type -1
142 > > debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6
143 > > debug1: match: OpenSSH_4.6 pat OpenSSH*
144 > > debug1: Enabling compatibility mode for protocol 2.0
145 > > debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-5ubuntu1
146 > > debug1: SSH2_MSG_KEXINIT sent
147 > > debug1: SSH2_MSG_KEXINIT received
148 > > debug1: kex: server->client aes128-cbc hmac-md5 none
149 > > debug1: kex: client->server aes128-cbc hmac-md5 none
150 > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
151 > > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
152 > > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
153 > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
154 > > debug1: Host '192.168.1.50' is known and matches the RSA host key.
155 > > debug1: Found key in /home/user/.ssh/known_hosts:1
156 > > debug1: ssh_rsa_verify: signature correct
157 > > debug1: SSH2_MSG_NEWKEYS sent
158 > > debug1: expecting SSH2_MSG_NEWKEYS
159 > > debug1: SSH2_MSG_NEWKEYS received
160 > > debug1: SSH2_MSG_SERVICE_REQUEST sent
161 > > debug1: SSH2_MSG_SERVICE_ACCEPT received
162 > > debug1: Authentications that can continue: publickey
163 > > debug1: Next authentication method: publickey
164 > > debug1: Trying private key: /home/user/.ssh/identity
165 > > debug1: Trying private key: /home/user/.ssh/id_rsa
166 > > debug1: Trying private key: /home/user/.ssh/id_dsa
167 > > debug1: No more authentication methods to try.
168 > > Permission denied (publickey).
169 > >
170 > >
171 > > a szerver (gentoo - 192.168.1.50) ugyanakkor ezt mondja a lognak:
172 > >
173 > >
174 > > reverse mapping checking getaddrinfo for server [192.168.1.1] failed -
175 > > POSSIBLE BREAK-IN ATTEMPT!
176 > >
177 > > valaki tudja, mit editaltam tonkre? ;)
178 > >
179 > > vt
180 > > --
181 > > gentoo-user-hu@g.o mailing list
182
183
184 --
185 gentoo-user-hu@g.o mailing list

Replies

Subject Author
Re: [gentoo-user-hu] sshd reverse mapping problema Aleph <alephlg@×××××.com>