Date: Tue, 19 Feb 2002 19:55:34 -0500 From: "B.K. DeLong" <bkdelong@pobox.com> To: freebsd-questions@FreeBSD.ORG Subject: Re: SSHD problems: Forked child when logging in locally Message-ID: <5.1.0.14.2.20020219194511.01887b20@pop.earthlink.net> In-Reply-To: <5.1.0.14.2.20020219113057.03467bb0@pop.earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:16 PM 02/19/2002 -0500, you wrote: >Hi all - > >I recently lost the ability to ssh into my firewall from the local side of >the network, though ironically I can still ssh to it from the outside. > >I'm running FreeBSD 4.5-STABLE and OpenSSH_3.0.2. > >When I try to ssh into the machine (192.168.2.1) from my Win98 SE laptop >using ssh2 in SecureCRT 3.3 (192.168.2.11) my authlog shows: > >sshd[90]: debug1: Forked child 178. > >Then I close SecureCRT since nothing shows up in the window. > >Several seconds after I close it, this appears in my authlod: > >sshd[178]: Connection from 192.168.2.11 port 2696 >sshd[178]: Connection from 192.168.2.11 port 2696 >sshd[178]: Did not receive identification string from 192.168.2.11. >sshd[178]: debug1: Calling cleanup 0x805ef04(0x0) Since I can't STAND searching through archives and finding no answers or whether the person found a solution, I thought I'd post my results. I CC'd this to the freebsd-security list and received this response: >Date: Tue, 19 Feb 2002 13:40:45 -0800 (PST) >From: Jason Stone <jason@shalott.net> >To: "B.K. DeLong" <bkdelong@pobox.com> >Cc: <freebsd-security@FreeBSD.ORG> >Subject: Re: SSHD problems: Forked child when logging in locally > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > > > I recently lost the ability to ssh into my firewall from the local > > side of the network, though ironically I can still ssh to it from the > > outside. > > > > I'm running FreeBSD 4.5-STABLE and OpenSSH_3.0.2. > > > > When I try to ssh into the machine (192.168.2.1) from my Win98 SE > > laptop using ssh2 in SecureCRT 3.3 (192.168.2.11) my authlog shows: > >My first guess is broken name resolution - maybe the firewall machine is >using extrernal dns servers, and so it can resolve real ip's right away, >but your private ip's (192.168.) can't resolve, so the server hangs. > >Verify this by either a) running "host 192.168.2.11" on the firewall box, >or b) just waiting a really long time for the login to work - don't get >frustrated and close the window - give it like half an hour to actually >give you a prompt. > > > -Jason After some mild forehead smacking, I added the following lines to the bottom of /etc/hosts, the basic premise being that if IPs are for an INTERNAL network, you need to put them in this file with identification or it will try to resolve them using your EXTERNAL DNS servers (provided you aren't running one internally) until it times out. #Windows 2000 Machine (P300, 128MB RAM, Fax Server) 192.168.2.10 lyra.internal.brain-stream.com #Win98SE Dell Inspiron 7000 laptop with 256MB RAM 192.168.2.11 pantalaimon.internal.brain-stream.com #Kirky's Win2k Laptop 192.168.2.12 chelsie.internal.brain-stream.com #HP LaserJet 2100 TN with Jetdirect 600N 192.168.2.15 alethiometer.internal.brain-stream.com -- B.K. DeLong bkdelong@pobox.com 617.877.3271 http://www.brain-stream.com Play. http://www.the-leaky-cauldron.org Potter. http://www.attrition.org Security. http://www.artemisiabotanicals.com Herb. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20020219194511.01887b20>