| 1 |
On Fri, 2008-02-15 at 20:59 +0200, Alan McKinnon wrote: |
| 2 |
> On Friday 15 February 2008, Florian Philipp wrote: |
| 3 |
> > Hi list! |
| 4 |
> > |
| 5 |
> > For some time now, there's a very odd situation: There are two |
| 6 |
> > computers, DAU and NOTE. |
| 7 |
> > |
| 8 |
> > I can use ssh to login from DAU to NOTE but not vice versa. I've |
| 9 |
> > played around with several settings before this happened but I'm sure |
| 10 |
> > it worked after my last change. |
| 11 |
> > |
| 12 |
> > Well, ultimately I've unmerged openssh, keychain and denyhosts on |
| 13 |
> > both computers and removed /etc/ssh and .ssh in root's and the users' |
| 14 |
> > home directories and then reemerged just openssh. |
| 15 |
> |
| 16 |
> Ah. You probably shouldn't have done that, unless you know for a fact |
| 17 |
> that YOU screwed the ssh config up beyond all hope of recovery. |
| 18 |
> Usually, you just sit with the same problem anyway, or make it worse by |
| 19 |
> removing the configs that still work |
| 20 |
> |
| 21 |
> > Yet, the situation didn't change. |
| 22 |
> > |
| 23 |
> > Here's what happening: |
| 24 |
> > |
| 25 |
> > dsl@NOTE > ssh -vvv DAU |
| 26 |
> > |
| 27 |
> > OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g 19 Oct 2007 |
| 28 |
> > debug1: Reading configuration data /etc/ssh/ssh_config |
| 29 |
> > debug2: ssh_connect: needpriv 0 |
| 30 |
> > debug1: Connecting to DAU [192.168.2.4] port 22. |
| 31 |
> > debug1: Connection established. |
| 32 |
> > debug1: identity file /home/dsl/.ssh/identity type -1 |
| 33 |
> > debug1: identity file /home/dsl/.ssh/id_rsa type -1 |
| 34 |
> > debug1: identity file /home/dsl/.ssh/id_dsa type -1 |
| 35 |
> > ssh_exchange_identification: Connection closed by remote host |
| 36 |
> > |
| 37 |
> > dsl@DAU > tail /var/log/messages |
| 38 |
> > |
| 39 |
> > [...] |
| 40 |
> > Feb 15 19:20:30 DAU sshd[6269]: refused connect from NOTE.xxx |
| 41 |
> > (192.168.2.2) |
| 42 |
> |
| 43 |
> It's not a firewall, xinetd, tcpwrappers or denyhost problem :-) Your |
| 44 |
> connection attempt was received by sshd which denied it. |
| 45 |
> |
| 46 |
> The information you gave is inadequate to answer your question, because |
| 47 |
> I don't know how long a piece of string is. |
| 48 |
> |
| 49 |
> Post the complete contents of /etc/sshd/sshd_config on DAU and we can |
| 50 |
> probably tell you why though |
| 51 |
> |
| 52 |
> |
| 53 |
|
| 54 |
Thanks so far. |
| 55 |
|
| 56 |
Since there wasn't that much customization, trying vanilla settings from |
| 57 |
the ebuild didn't sound that bad. At least it didn't make it worse ;). |
| 58 |
|
| 59 |
Okay, when I delete every line that's commented out, my sshd-settings |
| 60 |
read as follows: |
| 61 |
|
| 62 |
Protocol 2 |
| 63 |
PasswordAuthentication no (changing to yes doesn't change anything) |
| 64 |
UsePAM yes (changing to no doesn't change anything) |
| 65 |
Subsystem sftp /usr/lib64/misc/sftp-server |
| 66 |
|
| 67 |
|
| 68 |
Useflags: X hpn pam tcpd -X509 -chroot -kerberos -ldap -libedit -selinux |
| 69 |
-skey -smartcard -static |
Archives