OpenSSH denying connections from some networks

From: Adam Theo (adamtheo_at_new.theoretic.com)
Date: 01/04/04

  • Next message: Caron, Jim: "SFTP Issue"
    Date: Sun, 4 Jan 2004 02:01:50 +0000
    To: secureshell@securityfocus.com
    
    

    Hello, all.

    I had OpenSSH working fine except for connecting to LDAP through PAM,
    but now another problem has started up.

    I used to be able to connect from my work, but now I'm being denied, and
    I have to log into another server from work, and then ssh over to the
    intended server in order to get in. I have only been messing around with
    the OpenSSH config files, nothing directly with PAM. All attempts to
    reverse these config changes have not made the situation better.

    Unfortunately, while I'm learning alot about system admin, I still have
    little idea about openssh and debugging pam. Any help would be
    appreciated. Thanks.

    Here are the logs from using the proxy server:

    Jan 4 01:52:10 new sshd[3751]: debug1: server_input_channel_req:
    channel 0 request shell reply 0
    Jan 4 01:52:10 new sshd[3751]: debug1: session_by_channel: session 0
    channel 0
    Jan 4 01:52:10 new sshd[3751]: debug1: session_input_channel_req:
    session 0 req shell
    Jan 4 01:52:10 new sshd[3751]: debug1: PAM: setting PAM_TTY to
    "/dev/pts/2"
    Jan 4 01:52:10 new sshd[3751]: debug1: PAM: establishing credentials
    Jan 4 01:52:10 new sshd[3751]: debug2: fd 4 setting TCP_NODELAY
    Jan 4 01:52:10 new sshd[3751]: debug2: channel 0: rfd 8 isatty
    Jan 4 01:52:10 new sshd[3751]: debug2: fd 8 setting O_NONBLOCK
    Jan 4 01:52:10 new sshd[3751]: debug2: fd 7 is O_NONBLOCK
    Jan 4 01:52:10 new sshd[3754]: debug1: Setting controlling tty using
    TIOCSCTTY.
    Jan 4 01:52:10 new sshd(pam_unix)[3754]: session opened for user root
    by root(uid=0)
    Jan 4 01:52:10 new sshd[3754]: debug1: PAM: reinitializing credentials
    Jan 4 01:52:10 new sshd[3754]: debug1: permanently_set_uid: 0/0
    Jan 4 01:52:10 new sshd[3754]: debug1: PAM: retrieving environment
    Jan 4 01:52:10 new sshd[3754]: debug3: channel 0: close_fds r -1 w -1 e
    -1
    Jan 4 01:52:13 new sshd[3709]: debug2: channel 0: rcvd adjust 32774

    And here are the debug from trying to log in from work directly:

    Jan 4 01:47:24 new sshd[3744]: Connection from ::ffff:68.240.34.230
    port 37299
    Jan 4 01:47:24 new sshd[2629]: debug1: Forked child 3744.
    Jan 4 01:47:24 new sshd[3744]: debug1: Client protocol version 1.5;
    client software version pilotSSH-1.0
    Jan 4 01:47:24 new sshd[3744]: debug1: no match: pilotSSH-1.0
    Jan 4 01:47:24 new sshd[3744]: debug1: Local version string
    SSH-1.99-OpenSSH_3.7.1p2
    Jan 4 01:47:24 new sshd[3744]: debug2: Network child is on pid 3745
    Jan 4 01:47:24 new sshd[3744]: debug3: preauth child monitor started
    Jan 4 01:47:24 new sshd[3744]: debug3: mm_request_receive entering
    Jan 4 01:47:27 new sshd[3744]: debug3: monitor_read: checking request
    28
    Jan 4 01:47:27 new sshd[3744]: debug3: mm_request_send entering: type
    29
    Jan 4 01:47:27 new sshd[3744]: debug2: monitor_read: 28 used once,
    disabling now
    Jan 4 01:47:27 new sshd[3744]: debug3: mm_request_receive entering
    Jan 4 01:47:27 new sshd[3744]: debug3: monitor_read: checking request
    30
    Jan 4 01:47:27 new sshd[3744]: debug3: mm_answer_sessid entering
    Jan 4 01:47:27 new sshd[3744]: debug2: monitor_read: 30 used once,
    disabling now
    Jan 4 01:47:27 new sshd[3744]: debug3: mm_request_receive entering
    Jan 4 01:47:27 new sshd[3744]: debug3: monitor_read: checking request 6
    Jan 4 01:47:27 new sshd[3744]: debug3: mm_answer_pwnamallow
    Jan 4 01:47:27 new sshd[3744]: debug3: mm_answer_pwnamallow: sending
    MONITOR_ANS_PWNAM: 1
    Jan 4 01:47:27 new sshd[3744]: debug3: mm_request_send entering: type 7
    Jan 4 01:47:27 new sshd[3744]: debug2: monitor_read: 6 used once,
    disabling now
    Jan 4 01:47:27 new sshd[3744]: debug3: mm_request_receive entering
    Jan 4 01:47:27 new sshd[3744]: debug3: monitor_read: checking request
    43
    Jan 4 01:47:27 new sshd[3744]: debug1: PAM: initializing for "root"
    Jan 4 01:47:27 new sshd[3744]: debug3: Trying to reverse map address
    68.240.34.230.
    Jan 4 01:47:33 new sshd[3744]: debug1: PAM: setting PAM_RHOST to
    "014-220-039.area5.spcsdns.net"
    Jan 4 01:47:33 new sshd[3744]: debug1: PAM: setting PAM_TTY to "ssh"
    Jan 4 01:47:33 new sshd[3744]: debug2: monitor_read: 43 used once,
    disabling now
    Jan 4 01:47:33 new sshd[3744]: debug3: mm_request_receive entering

    I notice that when logging in directly from work, sshd sets PAM_TTY to
    "ssh", but sets it to "/dev/pts/2" when logging in via the proxy. Does
    this have anything to do with it?


  • Next message: Caron, Jim: "SFTP Issue"