Results 1 to 1 of 1
Hi all, I'm having a bizarre problem, and I just cant seem to track down what the possible cause could be. Maybe someone more knowledgeable than I can help.
I ...
- 01-23-2009 #1Just Joined!
- Join Date
- Jan 2009
- Posts
- 1
SSH - Can't login remotely
Hi all, I'm having a bizarre problem, and I just cant seem to track down what the possible cause could be. Maybe someone more knowledgeable than I can help.
I can't ssh from any remote hosts to local, although I have no problem sshing in locally. I used to be able to, but had to reinstall my system. My network setup is as follows:
Cable modem -> Router (WRT54Gv2, Tomato v1.21) -> switch -> server
Port forwarding is currently setup to forward ports 11113 and now 22 for debugging, but I normally only use 11113. Server's IP is assigned via static dhcp.
So I startup sshd on port 22 for debugging:
Then I putty into a remote host (my webhost) and run:Code:# /usr/sbin/sshd -d -d -d -p 22
(Note: mydomain.tld is my no-ip.org dns, which i have verified is properly pointing at my IP address)
Here is the output I get from ssh on my remote host:Code:# ssh -vvvp 22 nki@mydomain.tld
And here is the sshd output I get from my local server:Code:OpenSSH_5.1p1, OpenSSL 0.9.8b 04 May 2006 debug2: ssh_connect: needpriv 0 debug1: Connecting to mydomain.tld [xx.xx.xx.xx] port 22. debug1: Connection established. debug1: identity file /home/nki/.ssh/identity type -1 debug1: identity file /home/nki/.ssh/id_rsa type -1 debug1: identity file /home/nki/.ssh/id_dsa type -1
My sshd_config is as follows:Code:debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 258 debug2: parse_server_config: config /etc/ssh/sshd_config len 258 debug3: /etc/ssh/sshd_config:13 setting Port 11113 debug3: /etc/ssh/sshd_config:22 setting Protocol 2 debug3: /etc/ssh/sshd_config:36 setting SyslogFacility AUTH debug3: /etc/ssh/sshd_config:37 setting LogLevel INFO debug3: /etc/ssh/sshd_config:42 setting PermitRootLogin no debug3: /etc/ssh/sshd_config:87 setting UsePAM yes debug3: /etc/ssh/sshd_config:129 setting Subsystem sftp /usr/lib64/misc/sftp-server debug1: sshd version OpenSSH_5.1p1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d' debug1: rexec_argv[2]='-d' debug1: rexec_argv[3]='-d' debug1: rexec_argv[4]='-p' debug1: rexec_argv[5]='22' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on ::. Server listening on :: port 22. debug2: fd 4 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug3: fd 5 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 8 config len 258 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from yy.yy.yy.yy port 38070 Did not receive identification string from yy.yy.yy.yy
And I just don't know what to try next. :/Code:# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. Port 13313 #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # Disable legacy (protocol version 1) support in the server for new # installations. In future the default will change to require explicit # activation of protocol 1 Protocol 2 # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 1024 # Logging # obsoletes QuietMode and FascistLogging SyslogFacility AUTH LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no #ChrootDirectory none # no default banner path #Banner none # here are the new patched ldap related tokens # entries in your LDAP must have posixAccount & ldapPublicKey objectclass #UseLPK yes #LpkLdapConf /etc/ldap.conf #LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ #LpkUserDN ou=users,dc=phear,dc=org #LpkGroupDN ou=groups,dc=phear,dc=org #LpkBindDN cn=Manager,dc=phear,dc=org #LpkBindPw secret #LpkServerGroup mail #LpkFilter (hostAccess=master.phear.org) #LpkForceTLS no #LpkSearchTimelimit 3 #LpkBindTimelimit 3 # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # ForceCommand cvs server
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
