Re: PAY offered - sshd won't allow client from same domain
On Sep 16, 2006, at 10:51 PM, Garrett Cooper wrote: On Sep 16, 2006, at 6:05 PM, ke han wrote: On Sep 16, 2006, at 4:50 PM, Garrett Cooper wrote: ssh -vv server1.domain.com form OS X: (real domain name edited to domain.com) > ssh -vv server1.domain.com OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005 debug1: Reading configuration data /etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to server1.domain.com [209.216.230.199] port 22. debug1: Connection established. debug1: identity file /Users/jhancock/.ssh/identity type -1 debug1: identity file /Users/jhancock/.ssh/id_rsa type -1 debug2: key_type_from_name: unknown key type '-BEGIN' debug2: key_type_from_name: unknown key type 'Proc-Type:' debug2: key_type_from_name: unknown key type 'DEK-Info:' debug2: key_type_from_name: unknown key type '-END' debug1: identity file /Users/jhancock/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1 FreeBSD-20050903 debug1: match: OpenSSH_4.2p1 FreeBSD-20050903 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.2 debug2: fd 3 setting O_NONBLOCK debug1: Miscellaneous failure No credentials cache found debug1: Miscellaneous failure No credentials cache found debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange- sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish- cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256- cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish- cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256- cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange- sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish- cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256- cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish- cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256- cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 132/256 debug2: bits set: 523/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'server1.domain.com' is known and matches the DSA host key. debug1: Found key in /Users/jhancock/.ssh/known_hosts:2 debug2: bits set: 527/1024 debug1: ssh_dss_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent Read from socket failed: Connection reset by peer Your problem appears to be in how your user is being authenticated and not your DNS setup, I think. Example: shiina:~ gcooper$ uname -a Darwin shiina.local 8.7.0 Darwin Kernel Version 8.7.0: Fri May 26 15:20:53 PDT 2006; root:xnu-792.6.76.obj~1/RELEASE_PPC Power Macintosh powerpc shiina:~ gcooper$ ssh -vv tebo.cs.washington.edu OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005 debug1: Reading configuration data /etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to tebo.cs.washington.edu [128.208.6.74] port 22. debug1: Connection established. debug1: identity file /Users/gcooper/.ssh/identity type -1 debug2: key_type_from_name: unknown key type '-BEGIN' debug2: key_type_from_name: unknown key type 'Proc-Type:' debug2: key_type_from_name: un
Re: PAY offered - sshd won't allow client from same domain
On Sep 16, 2006, at 6:05 PM, ke han wrote: On Sep 16, 2006, at 4:50 PM, Garrett Cooper wrote: ssh -vv server1.domain.com form OS X: (real domain name edited to domain.com) > ssh -vv server1.domain.com OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005 debug1: Reading configuration data /etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to server1.domain.com [209.216.230.199] port 22. debug1: Connection established. debug1: identity file /Users/jhancock/.ssh/identity type -1 debug1: identity file /Users/jhancock/.ssh/id_rsa type -1 debug2: key_type_from_name: unknown key type '-BEGIN' debug2: key_type_from_name: unknown key type 'Proc-Type:' debug2: key_type_from_name: unknown key type 'DEK-Info:' debug2: key_type_from_name: unknown key type '-END' debug1: identity file /Users/jhancock/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1 FreeBSD-20050903 debug1: match: OpenSSH_4.2p1 FreeBSD-20050903 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.2 debug2: fd 3 setting O_NONBLOCK debug1: Miscellaneous failure No credentials cache found debug1: Miscellaneous failure No credentials cache found debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange- sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange- sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 132/256 debug2: bits set: 523/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'server1.domain.com' is known and matches the DSA host key. debug1: Found key in /Users/jhancock/.ssh/known_hosts:2 debug2: bits set: 527/1024 debug1: ssh_dss_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent Read from socket failed: Connection reset by peer Your problem appears to be in how your user is being authenticated and not your DNS setup, I think. Example: shiina:~ gcooper$ uname -a Darwin shiina.local 8.7.0 Darwin Kernel Version 8.7.0: Fri May 26 15:20:53 PDT 2006; root:xnu-792.6.76.obj~1/RELEASE_PPC Power Macintosh powerpc shiina:~ gcooper$ ssh -vv tebo.cs.washington.edu OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005 debug1: Reading configuration data /etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to tebo.cs.washington.edu [128.208.6.74] port 22. debug1: Connection established. debug1: identity file /Users/gcooper/.ssh/identity type -1 debug2: key_type_from_name: unknown key type '-BEGIN' debug2: key_type_from_name: unknown key type 'Proc-Type:' debug2: key_type_from_name: unknown key type 'DE
Re: PAY offered - sshd won't allow client from same domain
ke han <[EMAIL PROTECTED]> wrote: > I will PAY someone who can either answer this question or who wants > to log into my server and help me figure it out. I can pay an hourly > rate, make a donation to your favorite project...whatever. This > problem is killing my productivity > > I have a FreeBSD 6.1-p6 server running as server1.domain.com. > sshd is allowing connections from any client except those which share > the domain.com name..I can't be certain this is the problem, but > after a month of debugging, its the only common factor I can find. > My ssh client on server2.domain.com (also FreeBSD 6.1) returns with > "Read from socket failed: Connection reset by peer" as output to my > ssh client. On OS X the error message is "Write failed: Broken pipe". > ...So mac.domain.com and server2.domain.com which are on different > networks from server1 (and from each other) are not allowed...I don't > get any useful error messages. Even setting sshd_config LogLevel to > DEBUG3 doesn't provide anything meaningful (to me) in auth.log or > debug.log > for server2.domain.com, I even have its ip as an A record in DNS and > server1 can see this. mac.domain.com is not so lucky as it sits > behind a DHCP NAT'ed structure. But this should hardly be a > problem...PuTTY on Windows XP with no domain setting and behind a > NAT'd DHCP structure CAN connect... You've obscured a lot of information regarding DNS and other configs, so I can only make a guess, but my guess would be that the DNS for your domain is somehow configured incorrectly and the server is time out trying to resolve domain names. Log in to the server and verify (using host(1)) that domain names resolve for the client's you're having trouble with. If that fails, you have more information to trace the problem. If that doesn't indicate anything, log into the server and run a second sshd with -D and capture all of the output. You may also need to use -p to run it on another port to ensure it doesn't conflict with the system sshd. Try to log in via a failing host and see if the output gives you any clues. If not, post it to see if someone else can identify something wrong with the process. -- Bill Moran That's why I never kiss 'em on the mouth. Jayne Cobb ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PAY offered - sshd won't allow client from same domain
On Sep 16, 2006, at 4:50 PM, Garrett Cooper wrote: Do you have kerberos compiled and in use for authentication on the FreeBSD server and are you using it on the OSX client? server1 is the default from an original freeBSD 6.1 install and as of last week had a full cvsup and rebuild world (smae problem prior to the upgrade)...so its at 6.1-RELEASE--p6 now...I have not actively tried to enable or setup anything with kerberos on server or OS X client. My OS X client can connect fine to my other FreeBSD server2. server1 is the only server I can't connect to. The Windows XP client which can login to server1 can use either normal pam password or dsa key...very basic normal usage. The only line changed in sshd_config is UseDNS no. Changing it back to yes has no effect. ssh -vv server1.domain.com says? -Garrett___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions- [EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PAY offered - sshd won't allow client from same domain
On Sep 16, 2006, at 4:50 PM, Garrett Cooper wrote: ssh -vv server1.domain.com form OS X: (real domain name edited to domain.com) > ssh -vv server1.domain.com OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005 debug1: Reading configuration data /etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to server1.domain.com [209.216.230.199] port 22. debug1: Connection established. debug1: identity file /Users/jhancock/.ssh/identity type -1 debug1: identity file /Users/jhancock/.ssh/id_rsa type -1 debug2: key_type_from_name: unknown key type '-BEGIN' debug2: key_type_from_name: unknown key type 'Proc-Type:' debug2: key_type_from_name: unknown key type 'DEK-Info:' debug2: key_type_from_name: unknown key type '-END' debug1: identity file /Users/jhancock/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1 FreeBSD-20050903 debug1: match: OpenSSH_4.2p1 FreeBSD-20050903 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.2 debug2: fd 3 setting O_NONBLOCK debug1: Miscellaneous failure No credentials cache found debug1: Miscellaneous failure No credentials cache found debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 132/256 debug2: bits set: 523/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'server1.domain.com' is known and matches the DSA host key. debug1: Found key in /Users/jhancock/.ssh/known_hosts:2 debug2: bits set: 527/1024 debug1: ssh_dss_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent Read from socket failed: Connection reset by peer ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PAY offered - sshd won't allow client from same domain
On Sep 16, 2006, at 5:46 PM, ke han wrote: I will PAY someone who can either answer this question or who wants to log into my server and help me figure it out. I can pay an hourly rate, make a donation to your favorite project...whatever. This problem is killing my productivity I have a FreeBSD 6.1-p6 server running as server1.domain.com. sshd is allowing connections from any client except those which share the domain.com name..I can't be certain this is the problem, but after a month of debugging, its the only common factor I can find. My ssh client on server2.domain.com (also FreeBSD 6.1) returns with "Read from socket failed: Connection reset by peer" as output to my ssh client. On OS X the error message is "Write failed: Broken pipe". ...So mac.domain.com and server2.domain.com which are on different networks from server1 (and from each other) are not allowed...I don't get any useful error messages. Even setting sshd_config LogLevel to DEBUG3 doesn't provide anything meaningful (to me) in auth.log or debug.log for server2.domain.com, I even have its ip as an A record in DNS and server1 can see this. mac.domain.com is not so lucky as it sits behind a DHCP NAT'ed structure. But this should hardly be a problem...PuTTY on Windows XP with no domain setting and behind a NAT'd DHCP structure CAN connect... Please allow me to offer some incentive this time around as this is my third post on this problem to this maillist. I have not received a single reply. Please get in touch. thanks ke han Do you have kerberos compiled and in use for authentication on the FreeBSD server and are you using it on the OSX client? ssh -vv server1.domain.com says? -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
PAY offered - sshd won't allow client from same domain
I will PAY someone who can either answer this question or who wants to log into my server and help me figure it out. I can pay an hourly rate, make a donation to your favorite project...whatever. This problem is killing my productivity I have a FreeBSD 6.1-p6 server running as server1.domain.com. sshd is allowing connections from any client except those which share the domain.com name..I can't be certain this is the problem, but after a month of debugging, its the only common factor I can find. My ssh client on server2.domain.com (also FreeBSD 6.1) returns with "Read from socket failed: Connection reset by peer" as output to my ssh client. On OS X the error message is "Write failed: Broken pipe". ...So mac.domain.com and server2.domain.com which are on different networks from server1 (and from each other) are not allowed...I don't get any useful error messages. Even setting sshd_config LogLevel to DEBUG3 doesn't provide anything meaningful (to me) in auth.log or debug.log for server2.domain.com, I even have its ip as an A record in DNS and server1 can see this. mac.domain.com is not so lucky as it sits behind a DHCP NAT'ed structure. But this should hardly be a problem...PuTTY on Windows XP with no domain setting and behind a NAT'd DHCP structure CAN connect... Please allow me to offer some incentive this time around as this is my third post on this problem to this maillist. I have not received a single reply. Please get in touch. thanks ke han ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"