31 Jul
2014
31 Jul
'14
2:13 a.m.
Hi all,
The subject sounds innocent enough. I am trying to ssh from an openSUSE
10.0 system in to an openSUSE 11.2 system. There is a firewall at the
11.2 end. It is not the firewall on the 11.2 itself. That is fully
disabled. It is some other device. I told them to open port 22 (tcp and
udp). But I still cannot log in. I get the initial ssh questions about
the host, and then the password prompt. However, my password is not
accepted. If I ask them to open all ports at their end, I can log in
just fine. I am, once again, confused. Any ideas? They do not want to
keep the firewall for this machine open too long.
--
Roger Oberholtzer
--
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org
31 Jul
31 Jul
2:24 a.m.
On 07/31/2014 09:13 AM, Roger Oberholtzer wrote:
I get the initial ssh questions about
the host, and then the password prompt. However, my password is not
accepted.
Did you compare the fingerprint? I.e., are you sure you got
thru to your final host?
Have a nice day,
Berny
--
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org
2:49 a.m.
On 07/31/2014 02:13 AM, Roger Oberholtzer wrote:
Hi all,
The subject sounds innocent enough. I am trying to ssh from an openSUSE
10.0 system in to an openSUSE 11.2 system. There is a firewall at the
11.2 end. It is not the firewall on the 11.2 itself. That is fully
disabled. It is some other device. I told them to open port 22 (tcp and
udp). But I still cannot log in. I get the initial ssh questions about
the host, and then the password prompt. However, my password is not
accepted. If I ask them to open all ports at their end, I can log in
just fine. I am, once again, confused. Any ideas? They do not want to
keep the firewall for this machine open too long.
Roger,
Take a look in your /etc/ssh/sshd_config and make sure you have the UsePam,
ChallengeResponseAuthentication, and PasswordAuthentication settings as you want
them. Also, make sure there is no problem with AllowGroups setting that are
preventing you from connecting. I recall there were changes do the defaults in
that time frame, but cannot recall for the life of me what they were. There is
also a StrictModes setting that can cause problems if set and the criteria is
not met, but you generally get an error pointing to that being the reason.
You can also attempt the connection with 'ssh -vv hostname' to enable verbose
connection information on your connect attempt. Something will turn up.
--
David C. Rankin, J.D.,P.E.
--
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org
1 Aug
1 Aug
3:15 a.m.
On 7/31/2014 12:49 AM, David C. Rankin wrote:
On 07/31/2014 02:13 AM, Roger Oberholtzer wrote:
Actually, I think David means to look at the sshd_config on the 11.2 end.
And also make sure you are trying to log in as a user and not root.
Most ssh servers are set up to not allow root to log in, even back in 11.2 days.
--
_____________________________________
---This space for rent---
--
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org
Hi all,
The subject sounds innocent enough. I am trying to ssh from an openSUSE
10.0 system in to an openSUSE 11.2 system. There is a firewall at the
11.2 end. It is not the firewall on the 11.2 itself. That is fully
disabled. It is some other device. I told them to open port 22 (tcp and
udp). But I still cannot log in. I get the initial ssh questions about
the host, and then the password prompt. However, my password is not
accepted. If I ask them to open all ports at their end, I can log in
just fine. I am, once again, confused. Any ideas? They do not want to
keep the firewall for this machine open too long.
Roger,
Take a look in your /etc/ssh/sshd_config and make sure you have the UsePam,
ChallengeResponseAuthentication, and PasswordAuthentication
settings as you want them. Also, make sure there is no problem with AllowGroups setting
that are preventing you from connecting. I recall
there were changes do the defaults in that time frame, but cannot recall for the life of
me what they were. There is also a StrictModes
setting that can cause problems if set and the criteria is not met, but you generally get
an error pointing to that being the reason.
You can also attempt the connection with 'ssh -vv hostname' to enable verbose
connection information on your connect attempt. Something
will turn up.
2:21 p.m.
On 08/01/2014 03:15 AM, John Andersen wrote:
Actually, I think David means to look at the
sshd_config on the 11.2 end.
And also make sure you are trying to log in as a user and not root.
Most ssh servers are set up to not allow root to log in, even back in 11.2 days.
Yes, whatever box you are trying to connect *too* (the server that is running
sshd), check the /etc/ssh/sshd_config there.
Also, if you have UseStrict enabled on the *client*, then if there is any
mismatch in your ~/.ssh/known_hosts file and the *server* ~/.ssh/authorized_keys
file, you should get an error on connection fail. (offending key #, blah blah in
known_hosts)
--
David C. Rankin, J.D.,P.E.
--
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org
3:57 a.m.
On 7/31/2014 12:13 AM, Roger Oberholtzer wrote:
If I ask them to open all ports at their end, I can
log in
just fine. I am, once again, confused. Any ideas? They do not want to
keep the firewall for this machine open too long.
This firewall... I presume it does in fact send port 22 to the 11.2 Linux box?
(That is, when they open up all ports you do indeed access the correct machine?)
Does it also do any form of Egress filtering?
As far as I know, all parts of ssh traverse port 22 only.
Once you get a connection, all traffic should flow over port 22, (its encrypted
upon connection, even before you password is transmitted).
Have them turn off the firewall so you can
Check for these line in the /etc/ssh/sshd_config of the 11.2 box
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
Without that, it might try to put X out over the wire rather than in the ssh tunnel,
and if the firewall box was egress filtering against that that might cause the
behavior you see.
Also, old sshd_configs used to have
AddressFamily any
set explicitly or as the default.
But later versions need to have
AddressFamily inet
and if you don't have that ssh sessions try to wander off into ipv6 land
maybe that is what the firewall is complaining about.
Also type (again, after connecting with the firewall disabled)
set
and see if you see
DISPLAY=localhost:10.0
Then type:
netstat -anp
Then look in the Active Internet connections (servers and established)
list any connections between the 11.2 box and the 10.0 box
(by comparing IPs and Ports).
You should typically have only ONE such connection something like this:
Proto Recv-Q Send-Q Local Address Foreign
Address State PID/Program name
tcp 0 68 192.168.2.1:22 192.168.2.213:59742 ESTABLISHED 14086/sshd:
jsa
*192.168.2.1 would be replaced by the ip of your 11.2 box).
Any more than one connection between your machine and the 11.2 machine might be
what the firewall is blocking.
(Its unusual for firewalls to block outbound ports
but some places set up egress filtering to prevent clever users
from end-running their security).
--
_____________________________________
---This space for rent---
--
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org
2403
days inactive
2404
days old
5 comments
4 participants
participants (4)
-
Bernhard Voelker -
David C. Rankin -
John Andersen -
Roger Oberholtzer