From owner-freebsd-questions  Wed Jan 10  4:16:16 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from femail11.sdc1.sfba.home.com (femail11.sdc1.sfba.home.com [24.0.95.107])
	by hub.freebsd.org (Postfix) with ESMTP id 68FD537B699
	for <freebsd-questions@FreeBSD.ORG>; Wed, 10 Jan 2001 04:15:58 -0800 (PST)
Received: from C1052484A ([24.5.25.254]) by femail11.sdc1.sfba.home.com
          (InterMail vM.4.01.03.00 201-229-121) with SMTP
          id <20010110121557.DOYS11834.femail11.sdc1.sfba.home.com@C1052484A>;
          Wed, 10 Jan 2001 04:15:57 -0800
Message-ID: <000b01c07aff$1764b920$0100a8c0@mshome.net>
From: "David Schultz" <vvortex1@home.com>
To: "Steve" <vandena@ispchannel.com>, <freebsd-questions@FreeBSD.ORG>
References: <Pine.BSF.4.21.0101100524520.318-100000@testbed.com>
Subject: Re: ssh inop
Date: Wed, 10 Jan 2001 04:15:59 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Running FBSD 4.2-RELEASE with ipfw and natd.  Installed ssh without any
> problems.  Tried to access my FBSD machine from any system on either side
> of the firewall and was unable to connect...timeout error.  I specified my
> IP address on each side of the firewall in /etc/ssh/sshd_config.  Still
> unable to log in via ssh (timeout error).  Looked in /var/log/messages and
> found the following error:
>
> sshd[260]: error: Bind to port 22 on :: failed: Address already in use.
> sshd[260]: error: Bind to port 22 on 0.0.0.0 failed: Address already in
> use.
> sshd[260]: fatal: Cannot bind all addresses.

It somehow seems wrong that sshd would be trying to listen on 0.0.0.0. I
suspect that (a) you specified an invalid ListenAddress in sshd_config or
(b) you uncommented the "#ListenAddress 0.0.0.0" and "#ListenAddress ::"
examples in the file without actually changing the addresses. (The latter is
just a null IPv6 address.) It's usually best to leave it on the default
setting (i.e. comment out ListenAddress), which is to listen on all local
interfaces. OpenSSH has created a very secure daemon, and I doubt there is
any justifiable security concern to warrant blocking logins from certain
interfaces.

If you've still got trouble, see if "ps -ax |grep sshd" turns up anything.
If so, try to connect to the box locally. You could also try disabling the
firewall temporarily, but I doubt that it is to blame. Just make sure you
actually are loading a ruleset--- unless you changed it in the kernel
configuration, the default is to deny everything.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message