cant login to my server machine(FreeBSD-6.0)
Hey can Any body help me? I have a free BSD box ,due to some power failure its rebooted , but booting failed , The error I got was Trying to mount root from ufs:/dev/ad4s1a Warning : / was not properly dismounted loading configuration files. /etc/rc.conf :9:Synatx error unterminated quoted String .Enter full pathname of shell on Return for /bin/sh: I preseed enter key then I got #prompt . but no login prompt to login to my machine: only getting # more ,tail, vim ,vi no command are working(getting this command is not found)error. when I cat the /etc.rc.conf ther is one line which is not terminated by closing quots But I tried to create the new /etc/rc.conf file by the following method #mount -o rw,remount/ #cat /etc/rc.conf but got error : failed its a read only file . so here I got stuck. how can login to may server(FreeBSD -6.0) is my version can any body solve this problem then I will be very thankful to them. Thanks in advance. Dhanesh. _ Tried the new MSN Messenger? ItÂ’s cool! Download now. http://messenger.msn.com/Download/Default.aspx?mkt=en-in ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cant login to my server machine(FreeBSD-6.0)
In response to dhaneshk k [EMAIL PROTECTED]: Hey can Any body help me? I have a free BSD box ,due to some power failure its rebooted , but booting failed , The error I got was Trying to mount root from ufs:/dev/ad4s1a Warning : / was not properly dismounted loading configuration files. /etc/rc.conf :9:Synatx error unterminated quoted String .Enter full pathname of shell on Return for /bin/sh: I preseed enter key then I got #prompt . but no login prompt to login to my machine: only getting # You _are_ logged in. If your console is marked secure (which it obviously is, see /etc/ttys) then it doesn't ask for a password when forced to boot to single user mode. The most likely course to correct the problem now, is to do the following: fsck -p mount -a then fix the problem in /etc/rc.conf. -- Bill Moran Collaborative Fusion Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cant login to my server machine(FreeBSD-6.0)
On Monday 13 November 2006 16:32, dhaneshk k wrote: But I tried to create the new /etc/rc.conf file by the following method #mount -o rw,remount/ #cat /etc/rc.conf you can remount rw like this: mount -u -w / then use an editor to correct /etc/rc.conf there is also /rescue which might be helpful(vi lives there). also mount -t ufs-a -u -w might be handy, which will remount read-write all your ufs filesystems, so everything will available(vi, ee etc) You also need to boot in single user and fsck your filesystems. I would do this step first. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cant login
Marlon Martin wrote: hi im running freebsd 6.1PRE i cant login to shell root or normal user, even i boot into single user, this error below always appear, is there anyway i can fix this or i can login, thanks. /libxec/id-elf_so.1: Shared object pluginwrapper/flash7.so not found, required by sh Enter full pathname of shell or RETURN for /bin/sh: What have you done to /bin/sh? Any modifications? Because I am positive that Macromedia Flash isn't required by sh... :)f ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- --hackmiester Walk a mile in my shoes and you will be a mile away in a new pair of shoes. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFD/yYl3ApzN91C7BcRAoVVAJ97uhjh30nQ4hd9bQ90gJqiwsLEfgCeKSrg bVfqEeJ09WhO6Y51WHEHb6o= =VTUd -END PGP SIGNATURE- -BEGIN GEEK CODE BLOCK- Version: Geek Code v3.1 (PHP) GCS/CM/E/IT d-@ s: a- C++$ UBLS*$ P+ L+++$ E- W++$ !N-- !o+ K-- !w-- !O- M++$ V-- PS@ PE@ Y--? PGP++ !t--- 5--? !X-- !R-- tv-- b+ DI++ D++ G+ e h r+++ z --END GEEK CODE BLOCK-- Quick contact info: Work: [EMAIL PROTECTED] Personal: [EMAIL PROTECTED] Large files/spam: [EMAIL PROTECTED] GTalk:hackmiester/AIM:hackmiester1337/Y!:hackm1ester/IRC:irc.7sinz.net/7sinz ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cant login
hi im running freebsd 6.1PRE i cant login to shell root or normal user, even i boot into single user, this error below always appear, is there anyway i can fix this or i can login, thanks. /libxec/id-elf_so.1: Shared object pluginwrapper/flash7.so not found, required by sh Enter full pathname of shell or RETURN for /bin/sh: ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cant login
Marlon Martin wrote: hi im running freebsd 6.1PRE i cant login to shell root or normal user, even i boot into single user, this error below always appear, is there anyway i can fix this or i can login, thanks. /libxec/id-elf_so.1: Shared object pluginwrapper/flash7.so not found, required by sh Enter full pathname of shell or RETURN for /bin/sh: This implies you've over-written /bin/sh with firefox or something like that...? Does this message repeat if you simply hit RETURN? Can you enter /bin/csh instead, and get a login? Otherwise, boot from CD, mount your hard drive, and copy /bin/sh to your drive. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cant login
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi im running freebsd 6.1PRE i cant login to shell root or normal user, even i boot into single user, this error below always appear, is there anyway i can fix this or i can login, thanks. /libxec/id-elf_so.1: Shared object pluginwrapper/flash7.so not found, required by sh Enter full pathname of shell or RETURN for /bin/sh: It is possible to use /rescue/sh in such cases I think. Then check /etc/libmap.conf for possible errors in that [pluginwrapper ] section. Hope this helps. Bob Goodman -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wkYEARECAAYFAkQq/GAACgkQAQ09syE0bn5bkwCeM63PDffbfWBEeBbkTdhjaFoPtD8A n10U+Rc5d+b7PcKWRYA6QFiUDWhk =tE9z -END PGP SIGNATURE- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Cant login to FTP server.
Hi, I have some FTP login problems. I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. ___SNIP___ Status: Connecting to dienub.org ... Status: Connected with dienub.org. Waiting for welcome message... Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. Command:USER ** Response: 331 Password required for alive. Command:PASS ** Response: 230 User alive logged in. Command:FEAT Response: 500 FEAT: command not understood. Command:SYST Response: 215 UNIX Type: L8 Version: BSD-199506 Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 /usr/home/alive is current directory. Command:TYPE A Response: 200 Type set to A. Command:PASV Response: 227 Entering Passive Mode (87,49,144,133,237,45) Command:LIST Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error: Could not retrieve directory listing Command:TYPE A ___SNIP___ /etc/ipf.rules: ___SNIP___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 192.0.2.0/24 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port 3 5 flags S keep state #PASV FTP pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS Rcon # Block everything else block in quick on rl0 all ___SNIP___ /etc/ipnat.rules ___SNIP___ map rl0 192.168.0.0/16 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 192.168.0.0/16 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 - 0.0.0.0/32 ___SNIP___ Might the problem be anywhere else besides my ipf and ipnat configs? Could it be the remote client that's the problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Cant login to FTP server.
Daniel You did not say where you were running ftp from. like from LAN box to gateway server or from gateway box to public internet remote ftp site or from public internet remote user to your gateway ftp server. I am guessing its from gateway box to public internet remote ftp site. Your nat rules need to look like this example. You are missing the second rule. map dc0 10.0.10.0/29 - 0/32 proxy port 21 ftp/tcp map dc0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp map dc0 10.0.10.0/29 - 0/32 The first rule handles all FTP traffic for the private LAN. The second rule handles all FTP traffic from the gateway. The third rule handles all non-FTP traffic for the private LAN. All the non-FTP gateway traffic is using the public IP address by default so there is no ipnat rule needed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 7:42 AM To: [EMAIL PROTECTED] Subject: Cant login to FTP server. Hi, I have some FTP login problems. I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. ___SNIP___ Status: Connecting to dienub.org ... Status: Connected with dienub.org. Waiting for welcome message... Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. Command:USER ** Response: 331 Password required for alive. Command:PASS ** Response: 230 User alive logged in. Command:FEAT Response: 500 FEAT: command not understood. Command:SYST Response: 215 UNIX Type: L8 Version: BSD-199506 Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 /usr/home/alive is current directory. Command:TYPE A Response: 200 Type set to A. Command:PASV Response: 227 Entering Passive Mode (87,49,144,133,237,45) Command:LIST Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error: Could not retrieve directory listing Command:TYPE A ___SNIP___ /etc/ipf.rules: ___SNIP___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 192.0.2.0/24 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port 3 5 flags S keep state #PASV FTP pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS Rcon # Block everything else block in quick on rl0 all ___SNIP___ /etc/ipnat.rules ___SNIP___ map rl0 192.168.0.0/16 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 192.168.0.0/16 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 - 0.0.0.0/32 ___SNIP___ Might the problem be anywhere else besides my ipf and ipnat configs? Could it be the remote client that's the problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cant login to FTP server.
Hi, the server is connected directly to the wild, and I'm connecting from a remote non-local host. Are you sure that those are ipf rules? They look a lot like ipnat rules. On 2/14/06, fbsd_user [EMAIL PROTECTED] wrote: Daniel You did not say where you were running ftp from. like from LAN box to gateway server or from gateway box to public internet remote ftp site or from public internet remote user to your gateway ftp server. I am guessing its from gateway box to public internet remote ftp site. Your nat rules need to look like this example. You are missing the second rule. map dc0 10.0.10.0/29 - 0/32 proxy port 21 ftp/tcp map dc0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp map dc0 10.0.10.0/29 - 0/32 The first rule handles all FTP traffic for the private LAN. The second rule handles all FTP traffic from the gateway. The third rule handles all non-FTP traffic for the private LAN. All the non-FTP gateway traffic is using the public IP address by default so there is no ipnat rule needed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 7:42 AM To: [EMAIL PROTECTED] Subject: Cant login to FTP server. Hi, I have some FTP login problems. I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. ___SNIP___ Status: Connecting to dienub.org ... Status: Connected with dienub.org. Waiting for welcome message... Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. Command:USER ** Response: 331 Password required for alive. Command:PASS ** Response: 230 User alive logged in. Command:FEAT Response: 500 FEAT: command not understood. Command:SYST Response: 215 UNIX Type: L8 Version: BSD-199506 Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 /usr/home/alive is current directory. Command:TYPE A Response: 200 Type set to A. Command:PASV Response: 227 Entering Passive Mode (87,49,144,133,237,45) Command:LIST Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error: Could not retrieve directory listing Command:TYPE A ___SNIP___ /etc/ipf.rules: ___SNIP___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 192.0.2.0/24 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port 3 5 flags S keep state #PASV FTP pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS Rcon # Block everything else block in quick on rl0 all ___SNIP___ /etc/ipnat.rules ___SNIP___ map rl0 192.168.0.0/16 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 192.168.0.0/16 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 - 0.0.0.0/32 ___SNIP___ Might the problem be anywhere else besides my ipf and ipnat configs? Could it be the remote client that's the problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cant login to FTP server.
I have now changed my ipnat.rules to this: _SNIP_ map rl0 192.168.0.0/16 - 0.0.0.0/32 proxy port 21 ftp/tcp map rl0 0/0 - 0/32 proxy port 21 ftp/tcp map rl0 192.168.0.0/16 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 - 0.0.0.0/32 _SNIP_ And then I did ipnat -FC -f /etc/ipnat.rules. I still get the same error. On 2/14/06, fbsd_user [EMAIL PROTECTED] wrote: Daniel You did not say where you were running ftp from. like from LAN box to gateway server or from gateway box to public internet remote ftp site or from public internet remote user to your gateway ftp server. I am guessing its from gateway box to public internet remote ftp site. Your nat rules need to look like this example. You are missing the second rule. map dc0 10.0.10.0/29 - 0/32 proxy port 21 ftp/tcp map dc0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp map dc0 10.0.10.0/29 - 0/32 The first rule handles all FTP traffic for the private LAN. The second rule handles all FTP traffic from the gateway. The third rule handles all non-FTP traffic for the private LAN. All the non-FTP gateway traffic is using the public IP address by default so there is no ipnat rule needed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 7:42 AM To: [EMAIL PROTECTED] Subject: Cant login to FTP server. Hi, I have some FTP login problems. I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. ___SNIP___ Status: Connecting to dienub.org ... Status: Connected with dienub.org. Waiting for welcome message... Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. Command:USER ** Response: 331 Password required for alive. Command:PASS ** Response: 230 User alive logged in. Command:FEAT Response: 500 FEAT: command not understood. Command:SYST Response: 215 UNIX Type: L8 Version: BSD-199506 Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 /usr/home/alive is current directory. Command:TYPE A Response: 200 Type set to A. Command:PASV Response: 227 Entering Passive Mode (87,49,144,133,237,45) Command:LIST Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error: Could not retrieve directory listing Command:TYPE A ___SNIP___ /etc/ipf.rules: ___SNIP___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 192.0.2.0/24 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port 3 5 flags S keep state #PASV FTP pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS Rcon # Block everything else block in quick on rl0 all ___SNIP___ /etc/ipnat.rules ___SNIP___ map rl0 192.168.0.0/16 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 192.168.0.0/16 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 - 0.0.0.0/32 ___SNIP___ Might the problem be anywhere else besides my ipf and ipnat configs? Could it be the remote client that's the problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Cant login to FTP server.
There taken right from the ipfilter section of the handbook. Maybe you should read that section in the handbook. Post the complete contents of your ipf rules and nat rules for review -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 8:59 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Cant login to FTP server. Hi, the server is connected directly to the wild, and I'm connecting from a remote non-local host. Are you sure that those are ipf rules? They look a lot like ipnat rules. On 2/14/06, fbsd_user [EMAIL PROTECTED] wrote: Daniel You did not say where you were running ftp from. like from LAN box to gateway server or from gateway box to public internet remote ftp site or from public internet remote user to your gateway ftp server. I am guessing its from gateway box to public internet remote ftp site. Your nat rules need to look like this example. You are missing the second rule. map dc0 10.0.10.0/29 - 0/32 proxy port 21 ftp/tcp map dc0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp map dc0 10.0.10.0/29 - 0/32 The first rule handles all FTP traffic for the private LAN. The second rule handles all FTP traffic from the gateway. The third rule handles all non-FTP traffic for the private LAN. All the non-FTP gateway traffic is using the public IP address by default so there is no ipnat rule needed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 7:42 AM To: [EMAIL PROTECTED] Subject: Cant login to FTP server. Hi, I have some FTP login problems. I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. ___SNIP___ Status: Connecting to dienub.org ... Status: Connected with dienub.org. Waiting for welcome message... Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. Command:USER ** Response: 331 Password required for alive. Command:PASS ** Response: 230 User alive logged in. Command:FEAT Response: 500 FEAT: command not understood. Command:SYST Response: 215 UNIX Type: L8 Version: BSD-199506 Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 /usr/home/alive is current directory. Command:TYPE A Response: 200 Type set to A. Command:PASV Response: 227 Entering Passive Mode (87,49,144,133,237,45) Command:LIST Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error: Could not retrieve directory listing Command:TYPE A ___SNIP___ /etc/ipf.rules: ___SNIP___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 192.0.2.0/24 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port 3 5 flags S keep state #PASV FTP pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS Rcon # Block everything else block in quick on rl0 all ___SNIP___ /etc/ipnat.rules ___SNIP___ map rl0 192.168.0.0/16 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 192.168.0.0/16 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 - 0.0.0.0/32 ___SNIP___ Might the problem be anywhere else besides my ipf and ipnat configs? Could it be the remote client that's the problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL
Re: Cant login to FTP server.
Hi, I've been looking at the FreeBSD handbook's section about ipnat and ipf for a few hours now, but I cannot seem to make this work. Outgoing FTP'ing works just fine. In fact, I have absolutely no problems making outgoing FTP connections from my workstation (Which is behind my server) Also, I have absolutely no problem with making connections to my server from inside my LAN. The problem is when someone tries to connect to my servers FTP server. It just doesnt work! In addition to the rules and log I pasted below, here are my tweaked rulesets: /etc/ipf.rules: ___IPF___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Allow everything on local net pass in on sis0 all pass out on sis0 all # loopback stuff pass in quick on lo0 all pass out quick on lo0 all # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 169.254.0.0/16 to any block in quick on rl0 from 192.0.2.0/24 to any block in quick on rl0 from 204.152.64.0/23 to any block in quick on rl0 from 224.0.0.0/3 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server (Commented out... the Steam Dedicated Server blows) #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS Rcon # Block everything else block in quick on rl0 all ___IPF___ /etc/ipnat.rules __IPNAT__ map rl0 192.168.0.0/29 - 0/32 proxy port 21 ftp/tcp map rl0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp map rl0 192.168.0.0/29 - 0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/29 - 0/32 __IPNAT__ On 2/14/06, fbsd_user [EMAIL PROTECTED] wrote: There taken right from the ipfilter section of the handbook. Maybe you should read that section in the handbook. Post the complete contents of your ipf rules and nat rules for review -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 8:59 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Cant login to FTP server. Hi, the server is connected directly to the wild, and I'm connecting from a remote non-local host. Are you sure that those are ipf rules? They look a lot like ipnat rules. On 2/14/06, fbsd_user [EMAIL PROTECTED] wrote: Daniel You did not say where you were running ftp from. like from LAN box to gateway server or from gateway box to public internet remote ftp site or from public internet remote user to your gateway ftp server. I am guessing its from gateway box to public internet remote ftp site. Your nat rules need to look like this example. You are missing the second rule. map dc0 10.0.10.0/29 - 0/32 proxy port 21 ftp/tcp map dc0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp map dc0 10.0.10.0/29 - 0/32 The first rule handles all FTP traffic for the private LAN. The second rule handles all FTP traffic from the gateway. The third rule handles all non-FTP traffic for the private LAN. All the non-FTP gateway traffic is using the public IP address by default so there is no ipnat rule needed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 7:42 AM To: [EMAIL PROTECTED] Subject: Cant login to FTP server. Hi, I have some FTP login problems. I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. ___SNIP___ Status: Connecting to dienub.org ... Status: Connected with dienub.org. Waiting for welcome message... Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. Command:USER ** Response: 331 Password required for alive. Command:PASS ** Response: 230 User alive logged in. Command:FEAT Response: 500 FEAT: command not understood. Command:SYST Response: 215 UNIX Type: L8 Version: BSD-199506 Status: Connected Status: Retrieving
RE: Cant login to FTP server.
Daniel change this # Allow everything on local net pass in on sis0 all pass out on sis0 all to this # Allow everything on local net pass in quick on sis0 all pass out quick on sis0 all change this pass out quick on rl0 proto tcp all keep state to pass out quick on rl0 proto tcp all flags S keep state change this # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd to this # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port = 21 flags S keep state #FTP pass in quick on rl0 proto tcp from any to any port = 22 flags S keep state #SSH pass in quick on rl0 proto tcp from any to any port = 80 flags S keep state #WWW pass in quick on rl0 proto tcp from any to any port = 113 flags S keep state #oidentd Next you say that remote users on the public internet can not ftp into your gateway firewall/ftp box. The way your firewall is configured only passive ftp can pass through. Your public internet remote user has to tell his ftp login request to use passive mode. To allow active native ftp from remote users add this # To allow remote active ftp data channel pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state Your local LAN users can use either passive or active ftp because you have no restrictions as shown by there rules. # Allow everything on local net pass in on sis0 all pass out on sis0 all Here's an very important security point about ftp. FTP passes the login id/pw and data in the clear and it can be captured by a sniffer any place between the remote and host site. Once the valid login id/pw is captured the attacker can gain access to your box as authorized user and then start trying to gain root access after which your box is compromised. Think very hard about allowing native ftp access to you box, it's a very big security risk. You should not be making native ftp available to public login unless you are running a anonymous ftp server within a jail. You should use SSH's sftp which first creates a tunnel between remote and host and then encrypts the login id/pw and the complete data stream. Check the archives for the last few days for thread about seting up ssh. There is a complete step by step how to posted in the thread. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 5:37 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Cant login to FTP server. Hi, I've been looking at the FreeBSD handbook's section about ipnat and ipf for a few hours now, but I cannot seem to make this work. Outgoing FTP'ing works just fine. In fact, I have absolutely no problems making outgoing FTP connections from my workstation (Which is behind my server) Also, I have absolutely no problem with making connections to my server from inside my LAN. The problem is when someone tries to connect to my servers FTP server. It just doesnt work! In addition to the rules and log I pasted below, here are my tweaked rulesets: /etc/ipf.rules: ___IPF___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Allow everything on local net pass in on sis0 all pass out on sis0 all # loopback stuff pass in quick on lo0 all pass out quick on lo0 all # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 169.254.0.0/16 to any block in quick on rl0 from 192.0.2.0/24 to any block in quick on rl0 from 204.152.64.0/23 to any block in quick on rl0 from 224.0.0.0/3 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server (Commented out... the Steam Dedicated Server blows) #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port
Cant login using ssh; no password prompt
Hi! I've installed a new box with FreeBSD 6.0 (workbench) and cant login to it by means of ssh from the internal or external network. The box is installed from the release version, and worked fine using the console. I also had accessed other hosts form there using ssh. I did not patch the box in any way, is just the 6.0 release version. I can not login to that box form a local OpenBSD 3.7 box, a 5.4 box (as shown below) or using putty 0.57 from the Internet (the putty window closes after some time without asking me for a password) . Anybody have and idea of what could be happening? Thank you in advance, Mauro Form a 5.4 Box, [EMAIL PROTECTED]:~ uname -a FreeBSD Server.blstar 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #0: Sun Oct 16 04:00:03 ART 2005 mauro@:/usr/obj/usr/src/sys/GENERIC i386 I issue the following command: [EMAIL PROTECTED]:~ ssh -vvv workbench OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e-p1 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to workbench.blstar [192.168.1.34] port 22. debug1: Connection established. debug1: identity file /home/mauro/.ssh/identity type -1 debug1: identity file /home/mauro/.ssh/id_rsa type -1 debug1: identity file /home/mauro/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1 FreeBSD-20050903 debug1: match: OpenSSH_4.2p1 FreeBSD-20050903 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server-client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client-server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102410248192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 129/256 debug2: bits set: 536/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/mauro/.ssh/known_hosts debug3: check_host_in_hostfile: match line 3 debug1: Host 'workbench.blstar' is known and matches the DSA host key. debug1: Found key in /home/mauro/.ssh/known_hosts:3 debug2: bits set: 497/1024 debug1: ssh_dss_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/mauro/.ssh/identity (0x0) debug2: key: /home/mauro/.ssh/id_rsa (0x0) debug2: key: /home/mauro/.ssh/id_dsa (0x0) debug1: Authentications that can continue: publickey,keyboard-interactive debug3: start over, passed a different list publickey,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying
RE: Cant login using ssh; no password prompt
Greetings Mauricio, I have gotten this problem lots o times with new installs of FreeBSD. SSH times out trying to do a reverse lookup on the IP connecting to it. This is not a FreeBSD problem but an OpenSSH issue(not really an issue). My solution has always been to point the FreeBSD machine to an internal DNS server that has both the FreeBSD machine and the client's name-IP address mapping in DNS. So check your /etc/resolv.conf and see what entries you are using. If you are using 127.0.0.1 and you don't have DNS running locally then that can be your problem. Good luck! -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd- [EMAIL PROTECTED] On Behalf Of Mauricio Brunstein Sent: November 18, 2005 9:50 AM To: freebsd-questions@freebsd.org Subject: Cant login using ssh; no password prompt Hi! I've installed a new box with FreeBSD 6.0 (workbench) and cant login to it by means of ssh from the internal or external network. The box is installed from the release version, and worked fine using the console. I also had accessed other hosts form there using ssh. I did not patch the box in any way, is just the 6.0 release version. I can not login to that box form a local OpenBSD 3.7 box, a 5.4 box (as shown below) or using putty 0.57 from the Internet (the putty window closes after some time without asking me for a password) . Anybody have and idea of what could be happening? Thank you in advance, Mauro Form a 5.4 Box, [EMAIL PROTECTED]:~ uname -a FreeBSD Server.blstar 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #0: Sun Oct 16 04:00:03 ART 2005 mauro@:/usr/obj/usr/src/sys/GENERIC i386 I issue the following command: [EMAIL PROTECTED]:~ ssh -vvv workbench OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e-p1 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to workbench.blstar [192.168.1.34] port 22. debug1: Connection established. debug1: identity file /home/mauro/.ssh/identity type -1 debug1: identity file /home/mauro/.ssh/id_rsa type -1 debug1: identity file /home/mauro/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1 FreeBSD-20050903 debug1: match: OpenSSH_4.2p1 FreeBSD-20050903 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie- hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1- 96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server-client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client-server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102410248192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 129/256 debug2: bits set: 536/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/mauro/.ssh/known_hosts debug3: check_host_in_hostfile: match line 3 debug1: Host 'workbench.blstar' is known and matches the DSA host
Re: Cant login using ssh; no password prompt
Hi ben! Thank you for oyur answer. The resolv.conf file have this line: nameserver 192.168.1.1 At this address there is an OpenBSD 3.7 firewall which running a cache DNS from my provider. When I was using olders versions of ssh from the local network I had to wait more to the password prompt until I've configured the /etc/hosts file in the new box. Bun never happened a situation like this one. Thank you for all, Mauro On 11/18/05, Ben Pratt [EMAIL PROTECTED] wrote: I have seen this before and every time it turns out to be that DNS isn't working on the box. Please make sure that you are able to access a DNS server from the box by trying to ping google.com or something. Good luck, Ben Mauricio Brunstein wrote: Hi! I've installed a new box with FreeBSD 6.0 (workbench) and cant login to it by means of ssh from the internal or external network. The box is installed from the release version, and worked fine using the console. I also had accessed other hosts form there using ssh. I did not patch the box in any way, is just the 6.0 release version. I can not login to that box form a local OpenBSD 3.7 box, a 5.4 box (as shown below) or using putty 0.57 from the Internet (the putty window closes after some time without asking me for a password) . Anybody have and idea of what could be happening? Thank you in advance, Mauro Form a 5.4 Box, [EMAIL PROTECTED]:~ uname -a FreeBSD Server.blstar 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #0: Sun Oct 16 04:00:03 ART 2005 mauro@:/usr/obj/usr/src/sys/GENERIC i386 I issue the following command: [EMAIL PROTECTED]:~ ssh -vvv workbench OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e-p1 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to workbench.blstar [192.168.1.34] port 22. debug1: Connection established. debug1: identity file /home/mauro/.ssh/identity type -1 debug1: identity file /home/mauro/.ssh/id_rsa type -1 debug1: identity file /home/mauro/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1 FreeBSD-20050903 debug1: match: OpenSSH_4.2p1 FreeBSD-20050903 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server-client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client-server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102410248192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 129/256 debug2: bits set: 536/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/mauro/.ssh/known_hosts debug3: check_host_in_hostfile: match line 3 debug1: Host 'workbench.blstar' is known and matches the DSA host key. debug1: Found key in /home/mauro/.ssh
Re: Cant login using ssh; no password prompt
Mauricio Brunstein wrote: Hi! I've installed a new box with FreeBSD 6.0 (workbench) and cant login to it by means of ssh from the internal or external network. The box is installed from the release version, and worked fine using the console. I also had accessed other hosts form there using ssh. I did not patch the box in any way, is just the 6.0 release version. I can not login to that box form a local OpenBSD 3.7 box, a 5.4 box (as shown below) or using putty 0.57 from the Internet (the putty window closes after some time without asking me for a password) . Anybody have and idea of what could be happening? Thank you in advance, Mauro Form a 5.4 Box, [EMAIL PROTECTED]:~ uname -a FreeBSD Server.blstar 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #0: Sun Oct 16 04:00:03 ART 2005 mauro@:/usr/obj/usr/src/sys/GENERIC i386 I issue the following command: [EMAIL PROTECTED]:~ ssh -vvv workbench OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e-p1 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to workbench.blstar [192.168.1.34] port 22. debug1: Connection established. debug1: identity file /home/mauro/.ssh/identity type -1 debug1: identity file /home/mauro/.ssh/id_rsa type -1 debug1: identity file /home/mauro/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1 FreeBSD-20050903 debug1: match: OpenSSH_4.2p1 FreeBSD-20050903 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server-client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client-server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102410248192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 129/256 debug2: bits set: 536/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/mauro/.ssh/known_hosts debug3: check_host_in_hostfile: match line 3 debug1: Host 'workbench.blstar' is known and matches the DSA host key. debug1: Found key in /home/mauro/.ssh/known_hosts:3 debug2: bits set: 497/1024 debug1: ssh_dss_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/mauro/.ssh/identity (0x0) debug2: key: /home/mauro/.ssh/id_rsa (0x0) debug2: key: /home/mauro/.ssh/id_dsa (0x0) debug1: Authentications that can continue: publickey,keyboard-interactive debug3: start over, passed a different list publickey,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication
Re: Cant login using ssh; no password prompt
I've installed a new box with FreeBSD 6.0 (workbench) and cant login to it by means of ssh from the internal or external network. Try editing /etc/ssh/sshd_config and uncomment the lines: PubkeyAuthentication yes PasswordAuthentication yes PermitEmptyPasswords no ChallengeResponseAuthentication yes UsePAM yes This will reactivate the automatic login stuff... ~Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
