From owner-freebsd-current@freebsd.org Mon Nov 28 08:49:32 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F28B5C57FD0 for ; Mon, 28 Nov 2016 08:49:32 +0000 (UTC) (envelope-from kiri@kx.openedu.org) Received: from kx.openedu.org (flets-sg1027.kamome.or.jp [202.216.24.27]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8F8731C0C; Mon, 28 Nov 2016 08:49:31 +0000 (UTC) (envelope-from kiri@kx.openedu.org) Received: from kx.openedu.org (kx.openedu.org [103.15.187.19]) by kx.openedu.org (8.14.5/8.14.5) with ESMTP id uAS8nO6p020945; Mon, 28 Nov 2016 17:49:24 +0900 (JST) (envelope-from kiri@kx.openedu.org) Message-Id: <201611280849.uAS8nO6p020945@kx.openedu.org> Date: Mon, 28 Nov 2016 17:49:24 +0900 From: KIRIYAMA Kazuhiko To: Allan Jude Cc: freebsd-current@freebsd.org Subject: Re: fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port yyyyy: Permission denied In-Reply-To: <201611230824.uAN8OWbR096300@kx.openedu.org> References: <201611220737.uAM7bMSY072062@kx.openedu.org> <2b9b6473-fc17-3aad-ee1a-4c20b340ec00@freebsd.org> <201611230824.uAN8OWbR096300@kx.openedu.org> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.6 MULE XEmacs/21.4 (patch 22) (Instant Classic) (amd64--freebsd) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Nov 2016 08:49:33 -0000 At Wed, 23 Nov 2016 17:24:32 +0900, my wrote: > > At Tue, 22 Nov 2016 10:47:17 -0500, > Allan Jude wrote: > > > > [1 Re: fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port yyyyy: Permission denied ] > > [1.1 ] > > On 2016-11-22 02:37, KIRIYAMA Kazuhiko wrote: > > > Hi, all > > > > > > I've updated to HEAD(r308871) at 2 days ago, and also ports > > > too(r426562). Then all stuffs including applications have > > > been updated and tried to slogin to this host,but can't > > > connect with the message `userauth_pubkey: key type ssh-dss > > > not in PubkeyAcceptedKeyTypes [preauth]' in > > > /var/log/auth.log. I found new OpenSSH-7.* has not been > > > supported DSA and to connect from client with old ssh(lower > > > than OpenSSH-7.0),set `ssh-dss' or some values set to > > > relevant variables in /etc/ssh/sshd_config. According to [1] > > > and [2] I've set these variables as below: > > > > > > PubkeyAcceptedKeyTypes=+ssh-dss > > > HostKeyAlgorithms=+ssh-dss > > > KexAlgorithms=+diffie-hellman-group-exchange-sha256 > > > > > > and successfully slogined: > > > > > > > snip > > > > > > > > And with the message `fatal: Fssh_packet_write_poll: > > > Connection from xxx.xxx.xx.xx port yyyyy: Permission denied' > > > in /var/log/auth.log: I've tried to between *same* version(r308871) with RSA,but failed to the same message: admin@kx:~ % scp /jails/backup/hosts/201606020717/vm/wrk/* bhy:/vm/images freebsd-10r.img 0% 0 0.0KB/s --:-- ETAFssh_packet_write_poll: Connection to xxx.xxx.xx.xx port yyyyy: Permission denied lost connection admin@kx:~ % I found whole filesystem looks like set NFSv4 ACLs. Is this right? admin@kx:~ % getfacl / # file: / # owner: root # group: wheel owner@:rwxp--aARWcCos:-------:allow group@:r-x---a-R-c--s:-------:allow everyone@:r-x---a-R-c--s:-------:allow admin@kx:~ % getfacl /tmp # file: /tmp # owner: root # group: wheel owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:rwxp--a-R-c--s:-------:allow admin@kx:~ % getfacl /var/tmp # file: /var/tmp # owner: root # group: wheel owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:rwxp--a-R-c--s:-------:allow admin@kx:~ % --- KIRIYAMA Kazuhiko