From owner-freebsd-current Thu Mar 6 5: 4:41 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B549D37B401 for ; Thu, 6 Mar 2003 05:04:40 -0800 (PST) Received: from seed.net.tw (sn13.seed.net.tw [139.175.54.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 16CDC43F3F for ; Thu, 6 Mar 2003 05:04:39 -0800 (PST) (envelope-from leafy@leafy.idv.tw) Received: from [211.74.133.148] (port=49298 helo=leafy.idv.tw) by seed.net.tw with esmtp (Seednet 4.10:4) id 18qv38-000CoB-00 for freebsd-current@freebsd.org; Thu, 06 Mar 2003 21:04:38 +0800 Received: from leafy.idv.tw (nobody@localhost [127.0.0.1]) by leafy.idv.tw (8.12.8/8.12.8) with ESMTP id h26D4apn015023 for ; Thu, 6 Mar 2003 21:04:37 +0800 (CST) (envelope-from leafy@leafy.idv.tw) Received: (from leafy@localhost) by leafy.idv.tw (8.12.8/8.12.8/Submit) id h26D4aZ2015022 for freebsd-current@freebsd.org; Thu, 6 Mar 2003 21:04:36 +0800 (CST) Date: Thu, 6 Mar 2003 21:04:36 +0800 From: leafy To: freebsd-current@freebsd.org Subject: Re: can't sshd into box Message-ID: <20030306130436.GA14982@leafy.idv.tw> Mail-Followup-To: freebsd-current@freebsd.org References: <20030302145643.A26191@etaq.com> <3E674520.40301@tcoip.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset=big5 Content-Disposition: inline In-Reply-To: <3E674520.40301@tcoip.com.br> User-Agent: Mutt/1.5.3i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Mar 06, 2003 at 09:54:56AM -0300, Daniel C. Sobral wrote: > IIRC, 5.0-R has reverse name resolution for sshd (which is _always_ > done, because of PAM, I think, no matter what the configuration file > say) run chrooted in /var/empty. Well, the problem with that is that, by > default (ie, in the absence of any configuration in /var/empty/etc) > 127.0.0.1 is searched first, and if you have blackhole enabled (or > equivalent firewall rules), it takes a LONG time for it to realize no > answer is coming. I had a slightly different version of "cannot ssh into the box". With IPFILTER enabled in the kernel (firewall_enable=no and default to allow all) , all connections inbound and outbound dropped into the blackhole. I found this because I managed to log into the box 'before' IPFILTER gets loaded and no connection after that could go through. So if the original author is still on the thread, could you try to login 'while the machine boots' and see if by any chance it could work ? Jiawei -- "Without the userland, the kernel is useless." --inspired by The Tao of Programming To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message