| View previous topic :: View next topic |
| Author |
Message |
cgl_guardian
n00b
Joined: 24 Oct 2002
Posts: 4
|
 Posted: Thu Oct 24, 2002 5:16 am Post subject: SSH Connection Problem |
 |
|
I'm running Gentoo 1.4 and I just rsync'd and updated my system. I replaced the sshd_config and ssh_config files and edited them changing
"PasswordAuthentication" to "yes" and restarted sshd.
When I try to connect I get the following:
ssh_exchange_identification: Connection closed by remote host
Ok. Maybe I'll run it using the -v option. This shows me that the server is not asking for a password! Below is the console dump:
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host localhost port 22: Connection refused
Right, tried changing "PAMAuthenticationViaKbdInt" to "yes". Restart and try again. No luck. Decided to run 'sshd -d'. This produced the following:
debug1: sshd version OpenSSH_3.5p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
debug1: Connection refused by tcp wrapper
Now this is getting annoying! Looking at my hosts.allow and hosts.deny files I have the following:
#HOSTS.ALLOW (the machines address is 192.168.1.1)
127.0.0.1:ALL
192.168.1.1:ALL
192.168.1.2:ALL
192.168.1.9:ALL
192.168.1.10:ALL
#HOSTS.DENY
ALL:ALL
Looks fine, used to work fine. Now if I remove the line from hosts.deny the connection works fine. Is it me or does this seem a little screwy? I thought that if an address was in the host.allow file then it would be ok. Perhaps someone could enlighten me?
Lance |
|
| Back to top |
|
 |
serty2
n00b
Joined: 22 Oct 2002
Posts: 25
|
| Posted: Thu Oct 24, 2002 10:06 am Post subject: |
|
|
looks to me like sshd is screwed up with the allow and deny process, it should actually work fine like u said...
the good way to do a policy about security is actually to deny everything and then allow what u want...
perhaps you should report this as a bug on the gentoo site. |
|
| Back to top |
|
|
fyerk
Apprentice
Joined: 17 Sep 2002
Posts: 212
Location: Atlanta, GA
|
| Posted: Thu Oct 24, 2002 11:41 am Post subject: |
|
|
You're missing the daemon specification in hosts.allow
Try something like this:
| Code: |
# hosts.allow
sshd: 192.168.1.1, 192.168.1.2, 192.168.1.9, 192.168.1.10
|
See hosts.allow(5) for more information.
_________________
-David |
|
| Back to top |
|
|
|
Networking & Security
