Re: [Nolug] ssh issues

From: Scott Harney <scotth_at_scottharney.com>
Date: Thu, 15 May 2003 23:44:46 -0500
Message-ID: <87k7cr8pq9.fsf@zenarcade.local.lan>

"David" <davisparbuckle@cox.net> writes:

mv /etc/hosts.deny /etc/hosts.deny.broken
mv /etc/hosts.allow /etc/hosts.allow.broken.

Test. If successful, work through hosts.allow and hosts.deny.
Though sshd runs standalone and not out of inetd, it is built with
libwrap support and thus the tcp wrappers hosts.* files can affect it.
You probably just need to add a line to hosts.allow to allow connections
to "sshd: ALL". man hosts.allow holds detailed clue.

> Hello, can anyone help with the following situation:
> SSH appears to be running but will not accept any connections. Config files and log files shown below. SSH Server is behind clarkconnect with portforwarding enabled. Thanks for any help!
> -Dave
>
> /etc/ssh/sshd_config
> Subsystem sftp /usr/lib/ssh/sftp-server
> PermitRootLogin without-password
> ReverseMappingCheck no
> GatewayPorts no
> AllowTcpForwarding yes
> KeepAlive yes
> IgnoreRhosts yes
> RhostsRSAAuthentication no
> RhostsAuthentication no
> IgnoreUserKnownHosts no
> PrintMotd yes
> StrictModes yes
> RSAAuthentication yes
> PermitEmptyPasswords no
> PasswordAuthentication yes
> SyslogFacility DAEMON
>
> /var/log/daemons/warnings
> May 13 19:19:27 digitalsolutions-la sshd[19615]: refused connect from 192.168.1.253 (192.168.1.253)
> May 13 19:19:32 digitalsolutions-la sshd[29169]: refused connect from 68.14.40.5 (68.14.40.5)
> May 13 19:20:19 digitalsolutions-la sshd[2568]: refused connect from 192.168.1.253 (192.168.1.253)
> May 13 19:24:06 digitalsolutions-la sshd[14351]: refused connect from 192.168.1.253 (192.168.1.253)
> May 13 19:24:09 digitalsolutions-la sshd[29912]: refused connect from 68.14.40.5 (68.14.40.5)
>
> /var/log/daemons/info
>
> May 13 19:35:25 digitalsolutions-la xinetd[6285]: removing servers
> May 13 19:35:25 digitalsolutions-la xinetd[6285]: removing ssh
> May 13 19:35:25 digitalsolutions-la xinetd[6285]: removing time
> May 13 19:35:25 digitalsolutions-la xinetd[6285]: removing time
> May 13 19:35:25 digitalsolutions-la xinetd[6285]: removing xadmin
> May 13 19:35:26 digitalsolutions-la xinetd[6285]: xinetd Version 2.3.10 started with libwrap options compiled in.
> May 13 19:35:26 digitalsolutions-la xinetd[6285]: Started working: 1 available service
> May 13 20:01:01 digitalsolutions-la sshd[20606]: Received signal 15; terminating.
> May 13 20:01:01 digitalsolutions-la sshd[7061]: Server listening on 10.1.1.3 port 22.
>
> /var/log/daemons/errors
>
> May 13 19:30:57 digitalsolutions-la xinetd[20449]: warning: can't get client address: Transport endpoint is not connected
> May 13 19:30:57 digitalsolutions-la xinetd[18233]: Deactivating service sgi_fam due to excessive incoming connections. Restarting in 30 seconds.
> May 13 19:31:28 digitalsolutions-la xinetd[18233]: Activating service sgi_fam
> 

-- 
Scott Harney<scotth@scottharney.com>
"...and one script to rule them all."
gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5

___________________
Nolug mailing list
nolug@nolug.org

Received on 05/15/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST