Re: [gentoo-user] Odd problem with OpenSSH

Group: linux.gentoo.user
From: Florian Philipp
Date: Friday, February 15, 2008 1:20 PM
Subject: Re: [gentoo-user] Odd problem with OpenSSH

message

--=-bMO/Re74uGq9u/v4Wkpf
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Fri, 2008-02-15 at 20:59 +0200, Alan McKinnon wrote:
> On Friday 15 February 2008, Florian Philipp wrote:
> > Hi list!
> >
> > For some time now, there's a very odd situation: There are two
> > computers, DAU and NOTE.
> >
> > I can use ssh to login from DAU to NOTE but not vice versa. I've
> > played around with several settings before this happened but I'm sure
> > it worked after my last change.
> >
> > Well, ultimately I've unmerged openssh, keychain and denyhosts on
> > both computers and removed /etc/ssh and .ssh in root's and the users'
> > home directories and then reemerged just openssh.
>=20
> Ah. You probably shouldn't have done that, unless you know for a fact=20
> that YOU screwed the ssh config up beyond all hope of recovery.=20
> Usually, you just sit with the same problem anyway, or make it worse by=20
> removing the configs that still work
>=20
> > Yet, the situation didn't change.
> >
> > Here's what happening:
> >
> > dsl@NOTE > ssh -vvv DAU
> >
> > OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g 19 Oct 2007
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug2: ssh_connect: needpriv 0
> > debug1: Connecting to DAU [192.168.2.4] port 22.
> > debug1: Connection established.
> > debug1: identity file /home/dsl/.ssh/identity type -1
> > debug1: identity file /home/dsl/.ssh/id_rsa type -1
> > debug1: identity file /home/dsl/.ssh/id_dsa type -1
> > ssh_exchange_identification: Connection closed by remote host
> >
> > dsl@DAU > tail /var/log/messages
> >
> > [...]
> > Feb 15 19:20:30 DAU sshd[6269]: refused connect from NOTE.xxx
> > (192.168.2.2)
>=20
> It's not a firewall, xinetd, tcpwrappers or denyhost problem :-) Your=20
> connection attempt was received by sshd which denied it.
>=20
> The information you gave is inadequate to answer your question, because=20
> I don't know how long a piece of string is.
>=20
> Post the complete contents of /etc/sshd/sshd_config on DAU and we can=20
> probably tell you why though
>=20
>=20

Thanks so far.=20
=20
Since there wasn't that much customization, trying vanilla settings from
the ebuild didn't sound that bad. At least it didn't make it worse ;).

Okay, when I delete every line that's commented out, my sshd-settings
read as follows:

Protocol 2
PasswordAuthentication no (changing to yes doesn't change anything)
UsePAM yes (changing to no doesn't change anything)
Subsystem sftp /usr/lib64/misc/sftp-server

Useflags: X hpn pam tcpd -X509 -chroot -kerberos -ldap -libedit -selinux
-skey -smartcard -static

--=-bMO/Re74uGq9u/v4Wkpf
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iD8DBQBHteSLqs4uOUlOuU8RAvFOAJ95IpYJ2ZsFiz5tf7DZG0Bo27hcSACdEa+5
Ycb+Jsz0NppXD5cHeBfX/HI=
=JmHw
-----END PGP SIGNATURE-----

--=-bMO/Re74uGq9u/v4Wkpf--

--
gentoo-user@lists.gentoo.org mailing list