Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Aug 2000 01:12:23 -0700 (PDT)
From:      Mike Hoskins <mike@adept.org>
To:        plamendp@bgstore.com
Cc:        freebsd-stable@freebsd.org
Subject:   Re: telnet connection refused from IP outside subnet
Message-ID:  <Pine.BSF.4.21.0008020041340.15796-100000@snafu.adept.org>
In-Reply-To: <200008010956.MAA07790@plamen.bgstore.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 1 Aug 2000 plamendp@bgstore.com wrote:

> Actualy, I don't have 'login failers'. I just can't
> connect! "Connection refused", not login failer! I do not get login
> prompt at all!

Correct...  However, per inetd(8), wrapped services log failed attempts
using the auth syslog facility.

> 'host' is ok in both directions (host <name> and host <ip> gives the
> same name/IP). Can I assume resolving is ok ?

You did this from your server, not your home system, correct?  Just
checking, since inetd will obviouslly be using the DNS of your server to
see if a given host is allowed.  Do you have the same problem if you
comment out the PARANOID line in /etc/hosts.allow?

	#ALL : PARANOID : RFC931 20 : deny

What's a traceroute look like from the disallowed connection to the
server, and from the server to your disallowed IP?

> If i could force things to be logged somehow :-) I can send my
> /etc/syslog.conf if it will be of help ?

Hmm, I understand your pain...  I just attempted to make sshd log failed
attempts and...  I must be overlooking something really simple, because
it's not working.

I looked at inetd(8) and sshd(8).

I have the following in /etc/ssh/sshd_config by default:

	SyslogFacility AUTH
	LogLevel INFO

So I created the following in /etc/syslog.conf (Yes, those are tabs):

	auth.*                                  /var/log/auth.log

In sshd_config I even tried bumping LogLevel up to VERBOSE.  I touched
/var/log/auth.log and it is writeable by syslogd.

I then removed an allow rule for one of my boxes, ssh'd in, and got denied
without anything being logged to auth.log.  Sshd is standalone...  So
logging behavior relating to inetd shouldn't matter, but I noticed mention
of daemon.* being used by inetd so tried logging those too...  Still
nothing.

Hmm.

-mrh



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008020041340.15796-100000>