Re: [gentoo-user] ssh authentication wierdness
On Sat, Apr 02, 2005 at 01:44:13PM -0800, Robert Persson wrote > One thing I haven't worked out is how to Listen to a group of addresses > without having to put each one in a separate line. If > "ListenAddress 192.168.1.0/255.255.255.0" > is illegal, and > "ListenAddress 192.168.1.0/24" > is also illegal, how can I tell my machine to listen to the entire local > network? > How could I tell it to listen to the whole internet? I think that you've mis-understood the documentation. "ListenAddress" doesn't mean what you think it means. It does *NOT* mean the addresses it will listen *TO*, but rather, the address it will listen *ON*. "man sshd_config" says... ListenAddress Specifies the local addresses sshd should listen on. The default (0.0.0.0) is to listen for connections on all your interfaces. If your machine has only one network card, then that's OK. However, if you have multiple network cards, wireless, and sometimes do dialup, it's not probably OK. For instance, my machine shows the following for eth0... [m450][root][~]ifconfig eth0 Link encap:Ethernet HWaddr 00:04:5A:85:FC:BC inet addr:192.168.123.250 Bcast:192.168.123.255 Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1454 Metric:1 I set my ListenAddress line as follows ListenAddress 192.168.123.250 I could leave it at the default, but then it would also be listening to ppp0 whenever I use my backup dialup. I only use sshd for transferring stuff between my machines at home, and do *NOT* want it listening to the internet when I'm running dialup. More generally, you can specify multiple ListenAddress lines, if you want say 2 out of 3 or more interfaces to be listened on. You can also specify non-standard ports. I wonder if... ListenAddress 192.168.123.250:22 ListenAddress 192.168.123.250:65022 would make sshd listen on the two ports. -- Walter Dnes <[EMAIL PROTECTED]> An infinite number of monkeys pounding away on keyboards will eventually produce a report showing that Windows is more secure, and has a lower TCO, than linux. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ssh authentication wierdness
On Sat, 2 Apr 2005, Robert Persson wrote: > One thing I haven't worked out is how to Listen to a group of addresses > without having to put each one in a separate line. If > "ListenAddress 192.168.1.0/255.255.255.0" > is illegal, and > "ListenAddress 192.168.1.0/24" > is also illegal, how can I tell my machine to listen to the entire local > network? > How could I tell it to listen to the whole internet? You shouldn't have to mess with the sshd config to have this working. By default, sshd listens on all IP addresses on a host. If you do "netstat -an" you would normally see sshd listening on 0.0.0.0 (which means all IPs). -- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ssh authentication wierdness
Thanks once again to you and to Dave Nebinger for the additional help. On April 1, 2005 09:37 am, quoth A. Khattri: > On Fri, 1 Apr 2005, Robert Persson wrote: > > ssh -v zebedee showed that "zebedee" was being translated as 127.0.0.1, > > despite what it says in /etc/hosts. Adding "ListenAddress 127.0.0.1" to > > sshd_config did the trick. > > Err... 127.0.0.1 means "localhost", so if zebedee is on another machine > then that's not quite right. You ought to be right about that. something very weird has been going on. I kept fiddling about with the ListenAddresses in sshd_config. I would find that when I corrected one problem another would come up. Then I would comment out a line, restart, uncomment it, restart, and the thing would work. I really have no idea what has been happening, but at least it works now. One thing I haven't worked out is how to Listen to a group of addresses without having to put each one in a separate line. If "ListenAddress 192.168.1.0/255.255.255.0" is illegal, and "ListenAddress 192.168.1.0/24" is also illegal, how can I tell my machine to listen to the entire local network? How could I tell it to listen to the whole internet? > > > The other problem that was confusing everything is still a problem > > though. When I start the machine the /etc/init.d/sshd script doesn't > > start sshd, /etc/init.d/sshd restart doesn't work and /etc/init.d/sshd > > status tells me that sshd is running when it isn't . I have to > > /usr/sbin/sshd manually, after which the script works properly. > > /etc/init.d/sshd zap > /etc/init.d/sshd start > > rc-update add sshd default At least that makes troubleshooting a little easier, but how do I make sure that sshd starts properly in the first place when I boot up? It is in the boot and default runlevels and it thinks it starts up, but it doesn't - or at least it didn't - perhaps the alterations I've made to sshd_config will mysteriously put this right. robert -- Robert Persson [EMAIL PROTECTED] YahooMess:ireneshusband AIM:shamanicpolice "No matter how much ye shake yer peg The last wee drap rins doon yer leg." -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ssh authentication wierdness
On Fri, 1 Apr 2005, Robert Persson wrote: > Thanks everybody! > > Got it now. (I was confused by a number of other errors happening at the same > time). > > ssh -v zebedee showed that "zebedee" was being translated as 127.0.0.1, > despite what it says in /etc/hosts. Adding "ListenAddress 127.0.0.1" to > sshd_config did the trick. Err... 127.0.0.1 means "localhost", so if zebedee is on another machine then that's not quite right. > The other problem that was confusing everything is still a problem though. > When I start the machine the /etc/init.d/sshd script doesn't start > sshd, /etc/init.d/sshd restart doesn't work and /etc/init.d/sshd status > tells me that sshd is running when it isn't . I have to /usr/sbin/sshd > manually, after which the script works properly. /etc/init.d/sshd zap /etc/init.d/sshd start rc-update add sshd default -- -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] ssh authentication wierdness
> The other problem that was confusing everything is still a problem though. > When I start the machine the /etc/init.d/sshd script doesn't start > sshd, /etc/init.d/sshd restart doesn't work and /etc/init.d/sshd status > tells me that sshd is running when it isn't . I have to /usr/sbin/sshd > manually, after which the script works properly. 1. kill sshd 2. remove /var/lib/init.d/started/sshd 3. rc-update add sshd default to ensure it is started when the system comes up. 4. /etc/init.d/sshd start to restart the daemon. That should fix the remaining issues. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ssh authentication wierdness
Thanks everybody! Got it now. (I was confused by a number of other errors happening at the same time). ssh -v zebedee showed that "zebedee" was being translated as 127.0.0.1, despite what it says in /etc/hosts. Adding "ListenAddress 127.0.0.1" to sshd_config did the trick. The other problem that was confusing everything is still a problem though. When I start the machine the /etc/init.d/sshd script doesn't start sshd, /etc/init.d/sshd restart doesn't work and /etc/init.d/sshd status tells me that sshd is running when it isn't . I have to /usr/sbin/sshd manually, after which the script works properly. Robert On March 31, 2005 08:58 pm, quoth Zarick Lau: > Hi, > > On 31/Mar/05, Robert Persson wrote: > > I have been trying to get ssh to start behaving and, among other > > problems, I am unable to get ssh/sshd - one of the two - to deal with > > hostnames properly. > > > > For instance I have just been trying to ssh into the machine I am working > > on. In /etc/hosts is the line "192.168.1.2 zebedee". However "ssh > > 192.168.1.2" works, while "ssh zebedee" gets me a "connection refused" > > error. I get the same problem when I try to log in from a remote OSX > > powerbook. However I did not get this problem when I was running SuSE > > 9.2. > > > > Why can't I use a hostname to log in? > > What about 'ping zebedee' doesn't ping get the IP address correctly? > If no, then, the problem is due to sshd. You may check out nsswitch.conf > make sure there is a line like: > hosts:files dns > > Also, just to be care.. I'd ask, where are you trying to use 'ssh' to > connect to the ssh server? The same host, or other machine on the > network? > > Last, you may use ssh -v zebedee, you may see more verbsoe message. > > cheers, > Zarick > -- > gentoo-user@gentoo.org mailing list -- Robert Persson [EMAIL PROTECTED] YahooMess:ireneshusband AIM:shamanicpolice "No matter how much ye shake yer peg The last wee drap rins doon yer leg." -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ssh authentication wierdness
Hi, On 31/Mar/05, Robert Persson wrote: > I have been trying to get ssh to start behaving and, among other problems, I > am unable to get ssh/sshd - one of the two - to deal with hostnames properly. > > For instance I have just been trying to ssh into the machine I am working on. > > In /etc/hosts is the line "192.168.1.2 zebedee". However "ssh 192.168.1.2" > works, while "ssh zebedee" gets me a "connection refused" error. I get the > same problem when I try to log in from a remote OSX powerbook. However I did > not get this problem when I was running SuSE 9.2. > > Why can't I use a hostname to log in? > What about 'ping zebedee' doesn't ping get the IP address correctly? If no, then, the problem is due to sshd. You may check out nsswitch.conf make sure there is a line like: hosts:files dns Also, just to be care.. I'd ask, where are you trying to use 'ssh' to connect to the ssh server? The same host, or other machine on the network? Last, you may use ssh -v zebedee, you may see more verbsoe message. cheers, Zarick -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ssh authentication wierdness
On March 31, 2005 01:45 pm, quoth A. Khattri: > On Thu, 31 Mar 2005, Robert Persson wrote: > > I have been trying to get ssh to start behaving and, among other > > problems, I am unable to get ssh/sshd - one of the two - to deal with > > hostnames properly. > > > > For instance I have just been trying to ssh into the machine I am working > > on. In /etc/hosts is the line "192.168.1.2 zebedee". However "ssh > > 192.168.1.2" works, while "ssh zebedee" gets me a "connection refused" > > error. I get the same problem when I try to log in from a remote OSX > > powerbook. However I did not get this problem when I was running SuSE > > 9.2. > > > > Why can't I use a hostname to log in? > > What's in resolv.conf? bash-2.05b$ cat /etc/resolv.conf domain magicroundabout nameserver 209.53.4.130 nameserver 64.114.195.135 nameserver 209.53.4.150 -- Robert Persson "No matter how much ye shake yer peg The last wee drap rins doon yer leg." -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ssh authentication wierdness
On Thu, 31 Mar 2005, Robert Persson wrote: > I have been trying to get ssh to start behaving and, among other problems, I > am unable to get ssh/sshd - one of the two - to deal with hostnames properly. > > For instance I have just been trying to ssh into the machine I am working on. > In /etc/hosts is the line "192.168.1.2 zebedee". However "ssh 192.168.1.2" > works, while "ssh zebedee" gets me a "connection refused" error. I get the > same problem when I try to log in from a remote OSX powerbook. However I did > not get this problem when I was running SuSE 9.2. > > Why can't I use a hostname to log in? What's in resolv.conf? -- -- gentoo-user@gentoo.org mailing list