1 |
On Fri, 2008-02-15 at 20:59 +0200, Alan McKinnon wrote: |
2 |
> On Friday 15 February 2008, Florian Philipp wrote: |
3 |
> > Hi list! |
4 |
> > |
5 |
> > For some time now, there's a very odd situation: There are two |
6 |
> > computers, DAU and NOTE. |
7 |
> > |
8 |
> > I can use ssh to login from DAU to NOTE but not vice versa. I've |
9 |
> > played around with several settings before this happened but I'm sure |
10 |
> > it worked after my last change. |
11 |
> > |
12 |
> > Well, ultimately I've unmerged openssh, keychain and denyhosts on |
13 |
> > both computers and removed /etc/ssh and .ssh in root's and the users' |
14 |
> > home directories and then reemerged just openssh. |
15 |
> |
16 |
> Ah. You probably shouldn't have done that, unless you know for a fact |
17 |
> that YOU screwed the ssh config up beyond all hope of recovery. |
18 |
> Usually, you just sit with the same problem anyway, or make it worse by |
19 |
> removing the configs that still work |
20 |
> |
21 |
> > Yet, the situation didn't change. |
22 |
> > |
23 |
> > Here's what happening: |
24 |
> > |
25 |
> > dsl@NOTE > ssh -vvv DAU |
26 |
> > |
27 |
> > OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g 19 Oct 2007 |
28 |
> > debug1: Reading configuration data /etc/ssh/ssh_config |
29 |
> > debug2: ssh_connect: needpriv 0 |
30 |
> > debug1: Connecting to DAU [192.168.2.4] port 22. |
31 |
> > debug1: Connection established. |
32 |
> > debug1: identity file /home/dsl/.ssh/identity type -1 |
33 |
> > debug1: identity file /home/dsl/.ssh/id_rsa type -1 |
34 |
> > debug1: identity file /home/dsl/.ssh/id_dsa type -1 |
35 |
> > ssh_exchange_identification: Connection closed by remote host |
36 |
> > |
37 |
> > dsl@DAU > tail /var/log/messages |
38 |
> > |
39 |
> > [...] |
40 |
> > Feb 15 19:20:30 DAU sshd[6269]: refused connect from NOTE.xxx |
41 |
> > (192.168.2.2) |
42 |
> |
43 |
> It's not a firewall, xinetd, tcpwrappers or denyhost problem :-) Your |
44 |
> connection attempt was received by sshd which denied it. |
45 |
> |
46 |
> The information you gave is inadequate to answer your question, because |
47 |
> I don't know how long a piece of string is. |
48 |
> |
49 |
> Post the complete contents of /etc/sshd/sshd_config on DAU and we can |
50 |
> probably tell you why though |
51 |
> |
52 |
> |
53 |
|
54 |
Thanks so far. |
55 |
|
56 |
Since there wasn't that much customization, trying vanilla settings from |
57 |
the ebuild didn't sound that bad. At least it didn't make it worse ;). |
58 |
|
59 |
Okay, when I delete every line that's commented out, my sshd-settings |
60 |
read as follows: |
61 |
|
62 |
Protocol 2 |
63 |
PasswordAuthentication no (changing to yes doesn't change anything) |
64 |
UsePAM yes (changing to no doesn't change anything) |
65 |
Subsystem sftp /usr/lib64/misc/sftp-server |
66 |
|
67 |
|
68 |
Useflags: X hpn pam tcpd -X509 -chroot -kerberos -ldap -libedit -selinux |
69 |
-skey -smartcard -static |