[nmglug] SSH problem
Bill York
iago at pobox.com
Fri Mar 21 11:15:07 PDT 2008
i'll look into it - first thing monday. i'm a state employee and i got admin
time to burn.
On Fri, Mar 21, 2008 at 12:02 PM, Todd Richardson <trichardson at cvecoop.org>
wrote:
> ok 0 for 11 :P
>
> Obviously it is listening on port 22 so netstat isn't necessary...
>
> >From what I read, sshd_config is not responsible for denying hosts (its
> worth a look in your conf file, but the man pages didn't mention it.)
>
> This article- http://www.linux.com/articles/61061 - mentioned preventing
> sshd access outside your certain subnets using TCP wrappers.
> ( /etc/hosts.allow or /etc/hosts.deny )
>
> Its possible that FC8 sets this up automatically, so its worth a look.
>
> Otherwise I'm fresh out of suggestions.
>
> -Todd
>
>
> On Fri, 2008-03-21 at 11:01 -0600, Bill York wrote:
> > it's a new host on an existing subnet. i can ssh into the new host
> > from other hosts on the same subnet.
> >
> > route's not a problem. i can even ping that host from my workstation.
> > the host sees connection attempts from my workstation - it just
> > ignores them. but it answers ssh just fine from its own subnet.
> >
> > aargh.
> >
> > On Fri, Mar 21, 2008 at 10:56 AM, Todd Richardson
> > <trichardson at cvecoop.org> wrote:
> > I'm 0 for 10 on my network troubleshooting this week, but here
> > goes:
> >
> > Depending on how you set your network up, you may have an
> > incorrect
> > route between the two machines.
> >
> > A bit more background may help resolve the problem. Is this a
> > completely new subnet, or is it just a new host on an
> > established subnet
> > in your network?
> >
> > This is what happened to me earlier this week on a virtual
> > machine
> > behind a virtual router connected to my main network.
> > Basically, I had
> > setup the incorrect gateway on the virtual router, so that My
> > actual
> > router was sending the packets (good enough for ping) but the
> > virtual
> > router was basically black-holing the packets from the remote
> > machine.
> >
> > I wish I knew more about open-ssh to answer your second
> > question. I
> > would think that you would at least get a connection refused
> > if it is
> > configured to allow local subnet, but I simply don't know for
> > sure.
> >
> > -Todd Richardson
> >
> >
> > On Fri, 2008-03-21 at 10:28 -0600, Bill York wrote:
> > > Hi all,
> > >
> > > I'm having an issue getting to a new host over ssh. I can
> > get in to it
> > > on the local network, but not from a remote network. The
> > network based
> > > firewalls are not an issue as I can get into other hosts on
> > the same
> > > network. iptables is not an issue since i've temporarily
> > disabled it.
> > >
> > > a tcpdump on the remote host shows connection attemps, but
> > no acks.
> > >
> > > is it possible to configure ssh to not respond to requests
> > from
> > > outside the local subnet?
> > >
> > > OS: fedora core 8
> > >
> > > bill
> >
> > > _______________________________________________
> > > nmglug mailing list
> > > nmglug at nmglug.org
> > > https://nmglug.org/mailman/listinfo/nmglug
> >
> >
> > _______________________________________________
> > nmglug mailing list
> > nmglug at nmglug.org
> > https://nmglug.org/mailman/listinfo/nmglug
> >
> > _______________________________________________
> > nmglug mailing list
> > nmglug at nmglug.org
> > https://nmglug.org/mailman/listinfo/nmglug
>
>
> _______________________________________________
> nmglug mailing list
> nmglug at nmglug.org
> https://nmglug.org/mailman/listinfo/nmglug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nmglug.org/pipermail/nmglug-nmglug.org/attachments/20080321/97d6b633/attachment.htm>
More information about the nmglug
mailing list