i'll look into it - first thing monday. i'm a state employee and i got admin time to burn.<br><br><div class="gmail_quote">On Fri, Mar 21, 2008 at 12:02 PM, Todd Richardson <<a href="mailto:trichardson@cvecoop.org">trichardson@cvecoop.org</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">ok 0 for 11 :P<br>
<br>
Obviously it is listening on port 22 so netstat isn't necessary...<br>
<br>
>From what I read, sshd_config is not responsible for denying hosts (its<br>
worth a look in your conf file, but the man pages didn't mention it.)<br>
<br>
This article- <a href="http://www.linux.com/articles/61061" target="_blank">http://www.linux.com/articles/61061</a> - mentioned preventing<br>
sshd access outside your certain subnets using TCP wrappers.<br>
( /etc/hosts.allow or /etc/hosts.deny )<br>
<br>
Its possible that FC8 sets this up automatically, so its worth a look.<br>
<br>
Otherwise I'm fresh out of suggestions.<br>
<font color="#888888"><br>
-Todd<br>
</font><div><div></div><div class="Wj3C7c"><br>
<br>
On Fri, 2008-03-21 at 11:01 -0600, Bill York wrote:<br>
> it's a new host on an existing subnet. i can ssh into the new host<br>
> from other hosts on the same subnet.<br>
><br>
> route's not a problem. i can even ping that host from my workstation.<br>
> the host sees connection attempts from my workstation - it just<br>
> ignores them. but it answers ssh just fine from its own subnet.<br>
><br>
> aargh.<br>
><br>
> On Fri, Mar 21, 2008 at 10:56 AM, Todd Richardson<br>
> <<a href="mailto:trichardson@cvecoop.org">trichardson@cvecoop.org</a>> wrote:<br>
> I'm 0 for 10 on my network troubleshooting this week, but here<br>
> goes:<br>
><br>
> Depending on how you set your network up, you may have an<br>
> incorrect<br>
> route between the two machines.<br>
><br>
> A bit more background may help resolve the problem. Is this a<br>
> completely new subnet, or is it just a new host on an<br>
> established subnet<br>
> in your network?<br>
><br>
> This is what happened to me earlier this week on a virtual<br>
> machine<br>
> behind a virtual router connected to my main network.<br>
> Basically, I had<br>
> setup the incorrect gateway on the virtual router, so that My<br>
> actual<br>
> router was sending the packets (good enough for ping) but the<br>
> virtual<br>
> router was basically black-holing the packets from the remote<br>
> machine.<br>
><br>
> I wish I knew more about open-ssh to answer your second<br>
> question. I<br>
> would think that you would at least get a connection refused<br>
> if it is<br>
> configured to allow local subnet, but I simply don't know for<br>
> sure.<br>
><br>
> -Todd Richardson<br>
><br>
><br>
> On Fri, 2008-03-21 at 10:28 -0600, Bill York wrote:<br>
> > Hi all,<br>
> ><br>
> > I'm having an issue getting to a new host over ssh. I can<br>
> get in to it<br>
> > on the local network, but not from a remote network. The<br>
> network based<br>
> > firewalls are not an issue as I can get into other hosts on<br>
> the same<br>
> > network. iptables is not an issue since i've temporarily<br>
> disabled it.<br>
> ><br>
> > a tcpdump on the remote host shows connection attemps, but<br>
> no acks.<br>
> ><br>
> > is it possible to configure ssh to not respond to requests<br>
> from<br>
> > outside the local subnet?<br>
> ><br>
> > OS: fedora core 8<br>
> ><br>
> > bill<br>
><br>
> > _______________________________________________<br>
> > nmglug mailing list<br>
> > <a href="mailto:nmglug@nmglug.org">nmglug@nmglug.org</a><br>
> > <a href="https://nmglug.org/mailman/listinfo/nmglug" target="_blank">https://nmglug.org/mailman/listinfo/nmglug</a><br>
><br>
><br>
> _______________________________________________<br>
> nmglug mailing list<br>
> <a href="mailto:nmglug@nmglug.org">nmglug@nmglug.org</a><br>
> <a href="https://nmglug.org/mailman/listinfo/nmglug" target="_blank">https://nmglug.org/mailman/listinfo/nmglug</a><br>
><br>
> _______________________________________________<br>
> nmglug mailing list<br>
> <a href="mailto:nmglug@nmglug.org">nmglug@nmglug.org</a><br>
> <a href="https://nmglug.org/mailman/listinfo/nmglug" target="_blank">https://nmglug.org/mailman/listinfo/nmglug</a><br>
<br>
<br>
_______________________________________________<br>
nmglug mailing list<br>
<a href="mailto:nmglug@nmglug.org">nmglug@nmglug.org</a><br>
<a href="https://nmglug.org/mailman/listinfo/nmglug" target="_blank">https://nmglug.org/mailman/listinfo/nmglug</a><br>
</div></div></blockquote></div><br>