[nmglug] SSH problem

Todd Richardson trichardson at cvecoop.org
Fri Mar 21 11:02:50 PDT 2008 

ok 0 for 11 :P

Obviously it is listening on port 22 so netstat isn't necessary...

>From what I read, sshd_config is not responsible for denying hosts (its
worth a look in your conf file, but the man pages didn't mention it.)

This article- http://www.linux.com/articles/61061 - mentioned preventing
sshd access outside your certain subnets using TCP wrappers.
( /etc/hosts.allow or /etc/hosts.deny )

Its possible that FC8 sets this up automatically, so its worth a look.

Otherwise I'm fresh out of suggestions.

-Todd


On Fri, 2008-03-21 at 11:01 -0600, Bill York wrote:
> it's a new host on an existing subnet. i can ssh into the new host
> from other hosts on the same subnet.
> 
> route's not a problem. i can even ping that host from my workstation.
> the host sees connection attempts from my workstation - it just
> ignores them. but it answers ssh just fine from its own subnet.
> 
> aargh.
> 
> On Fri, Mar 21, 2008 at 10:56 AM, Todd Richardson
> <trichardson at cvecoop.org> wrote:
>         I'm 0 for 10 on my network troubleshooting this week, but here
>         goes:
>         
>         Depending on how you set your network up, you may have an
>         incorrect
>         route between the two machines.
>         
>         A bit more background may help resolve the problem.  Is this a
>         completely new subnet, or is it just a new host on an
>         established subnet
>         in your network?
>         
>         This is what happened to me earlier this week on a virtual
>         machine
>         behind a virtual router connected to my main network.
>         Basically, I had
>         setup the incorrect gateway on the virtual router, so that My
>         actual
>         router was sending the packets (good enough for ping) but the
>         virtual
>         router was basically black-holing the packets from the remote
>         machine.
>         
>         I wish I knew more about open-ssh to answer your second
>         question.  I
>         would think that you would at least get a connection refused
>         if it is
>         configured to allow local subnet, but I simply don't know for
>         sure.
>         
>         -Todd Richardson
>         
>         
>         On Fri, 2008-03-21 at 10:28 -0600, Bill York wrote:
>         > Hi all,
>         >
>         > I'm having an issue getting to a new host over ssh. I can
>         get in to it
>         > on the local network, but not from a remote network. The
>         network based
>         > firewalls are not an issue as I can get into other hosts on
>         the same
>         > network. iptables is not an issue since i've temporarily
>         disabled it.
>         >
>         > a tcpdump on the remote host shows connection attemps, but
>         no acks.
>         >
>         > is it possible to configure ssh to not respond to requests
>         from
>         > outside the local subnet?
>         >
>         > OS: fedora core 8
>         >
>         > bill
>         
>         > _______________________________________________
>         > nmglug mailing list
>         > nmglug at nmglug.org
>         > https://nmglug.org/mailman/listinfo/nmglug
>         
>         
>         _______________________________________________
>         nmglug mailing list
>         nmglug at nmglug.org
>         https://nmglug.org/mailman/listinfo/nmglug
> 
> _______________________________________________
> nmglug mailing list
> nmglug at nmglug.org
> https://nmglug.org/mailman/listinfo/nmglug

More information about the nmglug mailing list