Date: Thu, 06 Mar 2003 09:54:56 -0300 From: "Daniel C. Sobral" <dcs@tcoip.com.br> To: Wayne <wayne@etaq.com> Cc: questions@FreeBSD.ORG, current@FreeBSD.ORG Subject: Re: can't sshd into box Message-ID: <3E674520.40301@tcoip.com.br> In-Reply-To: <20030302145643.A26191@etaq.com> References: <20030302145643.A26191@etaq.com>
next in thread | previous in thread | raw e-mail | index | archive | help
IIRC, 5.0-R has reverse name resolution for sshd (which is _always_ done, because of PAM, I think, no matter what the configuration file say) run chrooted in /var/empty. Well, the problem with that is that, by default (ie, in the absence of any configuration in /var/empty/etc) 127.0.0.1 is searched first, and if you have blackhole enabled (or equivalent firewall rules), it takes a LONG time for it to realize no answer is coming. Wayne wrote: > Dear FreeBSD, > > I have installed 5.0 into a new Dell. I have not set up anything > special yet (no firewall, no natd, etc.). > > I can ssh out to the world, but I can't get into the new box from the > gateway FreeBSD box on the same home network. The gateway box properly > lists the new box in /etc/hosts. Each box can ping the other by name > and by ip. > > I have tried the OpenSSH that came with the system, and I > installed ssh-3.0 , and the result is the same. sshd is running > on the new box. > > I enabled telnet in inetd.conf, and I get rejected, also. > > Is there a new default connecton protection that I must turn off, or > something? [/etc/hosts.allow is the default setting, I see no answer > there.] > > - Wayne > > --------- example screen output below. The new box is etaq3 ------ > > wayne@etaq:/home/wayne>ssh etaq3 > ssh_exchange_identification: read: Connection reset by peer > > wayne@etaq:/home/wayne>telnet etaq3 > Trying 192.168.0.12... > Connected to etaq3.etaq.com. > Escape character is '^]'. > Connection closed by foreign host. > > wayne@etaq:/home/wayne>ping etaq3 > PING etaq3.etaq.com (192.168.0.12): 56 data bytes > 64 bytes from 192.168.0.12: icmp_seq=0 ttl=64 time=0.402 ms > 64 bytes from 192.168.0.12: icmp_seq=1 ttl=64 time=0.618 ms > 64 bytes from 192.168.0.12: icmp_seq=2 ttl=64 time=0.344 ms > -- Daniel C. Sobral Gerência de Operações Divisão de Comunicação de Dados Coordenação de Segurança TCO Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: Daniel.Capo@tco.net.br Daniel.Sobral@tcoip.com.br dcs@tcoip.com.br To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E674520.40301>