sshd login problems on mandrake

From: Christian Reiner (reiner@imageware.de)
Date: 12/20/02

Next message: Christian Reiner: "Re: sshd login problems on mandrake"
Previous message: Stuart Mills: "scp and large MTUs"
Next in thread: Christian Reiner: "Re: sshd login problems on mandrake"
Reply: Christian Reiner: "Re: sshd login problems on mandrake"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Christian Reiner <reiner@imageware.de>
Date: Fri, 20 Dec 2002 15:36:06 +0100

Hi there...
I'm pretty happy with my mandrake systems here since switching over from
RedHat (their 8.0 is a piece of...)
However now I'm stuck:

I installed a new server, switched the security level to "paranoid" since it
will have a direct link the the world. Actually it is very paranoid...
Everything is fine, iptables working fine, sshd running, client running.
But whatever I do there is no way to login via ssh from wherever.

I added a "+:wheel:<name>" entry to /etc/security/access.conf (it's the only
option and the connecting user is in the wheel group) and tripple checked
the /etc/ssh/... settings. All files are read, sshd reacts on changes.
/var/log/messages reveals a "connection refused from...".

Bummer

I do have the impression that the "paranoid" setting prevents ALL connection
attempts at all (wherever, however). But that does not really make sense,
does it? After all you have to have one way to login...

Any ideas all the gurus?

Thanx,
Christian

=====
sshd version OpenSSH_3.4p1
=====
Here follows the sshd_config:
# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with
PATH=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 600
#PermitRootLogin yes
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
UsePrivilegeSeparation yes
#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
PermitRootLogin no

Next message: Christian Reiner: "Re: sshd login problems on mandrake"
Previous message: Stuart Mills: "scp and large MTUs"
Next in thread: Christian Reiner: "Re: sshd login problems on mandrake"
Reply: Christian Reiner: "Re: sshd login problems on mandrake"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Hilfe bei OpenSSH for Windows
... # This is the sshd server system-wide configuration file. ... # HostKey for protocol version 1 ... # To disable tunneled clear text passwords, ... # Kerberos options ...
(microsoft.public.de.security.netzwerk.sicherheit)
RE: ssh configuration problem
... I would also recommend setting Protocol to 1,2 instead of 2, this will let ... after this when i tried to restart the sshd service it fails ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing only works with the AFS kaserver ...
(SSH)
sftp connection closed
... ssh feature is work fine but sftp doesn't work normally. ... # HostKey for protocol version 1 ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing only works with the AFS kaserver ...
(comp.security.ssh)
sftp connection closed
... The sftp can ... # HostKey for protocol version 1 ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing only works with the AFS ...
(SSH)
ssh problems
... # HostKeys for protocol version 2 ... # Use PAM authentication via keyboard-interactive so PAM modules can ... # To enable empty passwords, ... # Kerberos TGT Passing does only work with the AFS kaserver ...
(Debian-User)