On Fri, 2008-02-15 at 20:59 +0200, Alan McKinnon wrote:
> On Friday 15 February 2008, Florian Philipp wrote:
> > Hi list!
> > For some time now, there's a very odd situation: There are two
> > computers, DAU and NOTE.
> > I can use ssh to login from DAU to NOTE but not vice versa. I've
> > played around with several settings before this happened but I'm sure
> > it worked after my last change.
> > Well, ultimately I've unmerged openssh, keychain and denyhosts on
> > both computers and removed /etc/ssh and .ssh in root's and the users'
> > home directories and then reemerged just openssh.
> Ah. You probably shouldn't have done that, unless you know for a fact
> that YOU screwed the ssh config up beyond all hope of recovery.
> Usually, you just sit with the same problem anyway, or make it worse by
> removing the configs that still work
> > Yet, the situation didn't change.
> > Here's what happening:
> > dsl@NOTE > ssh -vvv DAU
> > OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g 19 Oct 2007
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug2: ssh_connect: needpriv 0
> > debug1: Connecting to DAU [192.168.2.4] port 22.
> > debug1: Connection established.
> > debug1: identity file /home/dsl/.ssh/identity type -1
> > debug1: identity file /home/dsl/.ssh/id_rsa type -1
> > debug1: identity file /home/dsl/.ssh/id_dsa type -1
> > ssh_exchange_identification: Connection closed by remote host
> > dsl@DAU > tail /var/log/messages
> > [...]
> > Feb 15 19:20:30 DAU sshd: refused connect from NOTE.xxx
> > (192.168.2.2)
> It's not a firewall, xinetd, tcpwrappers or denyhost problem :-) Your
> connection attempt was received by sshd which denied it.
> The information you gave is inadequate to answer your question, because
> I don't know how long a piece of string is.
> Post the complete contents of /etc/sshd/sshd_config on DAU and we can
> probably tell you why though
Thanks so far.
Since there wasn't that much customization, trying vanilla settings from
the ebuild didn't sound that bad. At least it didn't make it worse
Okay, when I delete every line that's commented out, my sshd-settings
read as follows:
PasswordAuthentication no (changing to yes doesn't change anything)
UsePAM yes (changing to no doesn't change anything)
Subsystem sftp /usr/lib64/misc/sftp-server
Useflags: X hpn pam tcpd -X509 -chroot -kerberos -ldap -libedit -selinux
-skey -smartcard -static