| View previous topic :: View next topic |
| Author |
Message |
acc.johnson
n00b
Joined: 21 Mar 2005
Posts: 57
|
 Posted: Mon Apr 25, 2005 9:22 pm Post subject: problem logging in with ssh from outside |
 |
|
Hi,
I have a small network consisting of the following
Westell 2000 ADSL/modem/router 192.168.1.1
AMD64 Gentoo64 server named "Deeds" 192.168.1.45
PentiumII Sorcerer32 server named "PII" 192.168.1.47
other computers.
My problem is this:
I've set up the router to forward SSH connections to
the PII and am able to login with SSH from the internet.
I can also connect with SSH from Deeds to PII and vice-versa.
So to administer the Gentoo64 Deeds I can SSH from the internet
to PII and then SSH from the PII to Deeds.
I would like to get rid of the PII. So I've switched the router
to forward SSH connections to Deeds. I can still SSH from PII to Deeds
and vice-versa but I can no longer connect with SSH from the internet to Deeds
#cat /var/log/sshd/current
[sshd] server listening on 127.0.0.1 port 22.
[sshd] server listening on 192.168.1.45 port 22.
[sshd] refused connect from a108.intercom.net (216.240.100.
[sshd] Accepted keyboard-interactive/pam for jeremy from 192.168.1.47 port 2582
I've used guarddog to setup identical firewalls on Deeds and PII which
permit SSH connections to the local machine from both the internet and
the DMZ (lan)
I'm using the default /etc/pam.d/sshd
auth required pam_stack.so service=system-auth
auth required pam_shells.so
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so serice=system-auth
session required pam_stack.so service=system-auth
I'm also using the default /etc/pam.d/system-auth
Thanks in advance for any suggestions. |
|
| Back to top |
|
 |
grimm26
Guru
Joined: 23 May 2004
Posts: 313
Location: Chicagoland, IL
|
| Posted: Tue Apr 26, 2005 6:15 am Post subject: |
|
|
Do you have any tcp wrapper settings? Anything in /etc/hosts.deny?
_________________
"Blessed is he who finds happiness in his own foolishness, for he will always be happy". |
|
| Back to top |
|
|
acc.johnson
n00b
Joined: 21 Mar 2005
Posts: 57
|
| Posted: Tue Apr 26, 2005 8:18 pm Post subject: |
|
|
OK, you were right that the problem was with hosts.allow and hosts.deny
The error message said "connection refused" and not "authentication failure"
I forgot to update hosts.allow on Deeds to allow sshd connections.
In case someone else has a similar problem,
here are my /etc/hosts.???? files for Deeds.
#cat /etc/hosts
127.0.0.1 localhost localhost.localdomain
192.168.1.45 Deeds Deeds.xxx
192.168.1.47 PII PII.xxx
#cat /etc/hosts.deny
ALL:ALL EXCEPT localhost:DENY
#cat /etc/hosts.allow
#Allow connections from localhost
ALL: 127.0.0.1
# Only allow connections within the .xxx domain.
#ALL:192.168.1.0/255.255.255.0
#ALL: .xxx
ALL: LOCAL
portmap: 192.168.1.47
sshd: ALL : ALLOW
#sshd: ALL EXCEPT 192.168.1.3, 192.168.1.4 .microsoft.com : ALLOW
ftpd: ALL : ALLOW
httpd: ALL : ALLOW
Thanks for the insight!!! |
|
| Back to top |
|
|
|
Networking & Security
