Date: Thu, 6 Mar 2003 21:04:36 +0800 From: leafy <leafy@leafy.idv.tw> To: freebsd-current@freebsd.org Subject: Re: can't sshd into box Message-ID: <20030306130436.GA14982@leafy.idv.tw> In-Reply-To: <3E674520.40301@tcoip.com.br> References: <20030302145643.A26191@etaq.com> <3E674520.40301@tcoip.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 06, 2003 at 09:54:56AM -0300, Daniel C. Sobral wrote:
> IIRC, 5.0-R has reverse name resolution for sshd (which is _always_
> done, because of PAM, I think, no matter what the configuration file
> say) run chrooted in /var/empty. Well, the problem with that is that, by
> default (ie, in the absence of any configuration in /var/empty/etc)
> 127.0.0.1 is searched first, and if you have blackhole enabled (or
> equivalent firewall rules), it takes a LONG time for it to realize no
> answer is coming.
I had a slightly different version of "cannot ssh into the box".
With IPFILTER enabled in the kernel (firewall_enable=no and default to allow all) , all connections inbound and outbound dropped into the blackhole.
I found this because I managed to log into the box 'before' IPFILTER gets loaded and no connection after that could go through. So if the original author is still on the thread, could you try to login 'while the machine boots' and see if by any chance it could work ?
Jiawei
--
"Without the userland, the kernel is useless."
--inspired by The Tao of Programming
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030306130436.GA14982>