From owner-freebsd-questions@FreeBSD.ORG Sat Jul 7 17:02:44 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F349116A469 for ; Sat, 7 Jul 2007 17:02:43 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from eskimo.tundraware.com (eskimo.tundraware.com [66.92.130.161]) by mx1.freebsd.org (Postfix) with ESMTP id 9D2FE13C465 for ; Sat, 7 Jul 2007 17:02:43 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.0.2] (ozzie.tundraware.com [66.92.130.199]) (authenticated bits=0) by eskimo.tundraware.com (8.14.1/8.14.1) with ESMTP id l67H2aIO000338 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Sat, 7 Jul 2007 12:02:37 -0500 (CDT) (envelope-from tundra@tundraware.com) Message-ID: <468FC728.8040903@tundraware.com> Date: Sat, 07 Jul 2007 12:02:32 -0500 From: Tim Daneliuk Organization: TundraWare Inc. User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: Simon Chang , freebsd-questions@freebsd.org References: <468F4635.4020204@tundraware.com> <8efc42630707070650g55179cbk3ffc554b14d6d33d@mail.gmail.com> In-Reply-To: <8efc42630707070650g55179cbk3ffc554b14d6d33d@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-tundraware.com-MailScanner-Information: Please contact the ISP for more information X-tundraware.com-MailScanner: Found to be clean X-tundraware.com-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-3.515, required 1, autolearn=not spam, ALL_TRUSTED -1.80, BAYES_00 -2.60, URI_NOVOWEL 0.88) X-tundraware.com-MailScanner-From: tundra@tundraware.com X-Spam-Status: No Cc: Subject: Re: An ssh Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: tundra@tundraware.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jul 2007 17:02:44 -0000 Simon Chang wrote: >> >> OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004 >> debug1: Reading configuration data /etc/ssh/ssh_config >> debug2: ssh_connect: needpriv 0 >> debug1: Connecting to xxxxxxxxxxxxxx.com [x.x.x.x] port 22. >> >> >> What is really baffling is that if I try the exact same thing from, say, >> a cygwin session on a host on the private network - this works fine. >> So ... it's not a firewall problem as near as I can tell. It may be >> an ssh configuration problem - that is, the FreeBSD ssh client can't do >> it, but another client (cygwin) can. > > It would be helpful if you include your firewall ruleset, plus > sshd_config. It's possible that one or more is misconfigured, but we > would have no way of knowing without your telling us about them. > > SC I have opened up the firewall entirely just to test, and this does not solve the problem: 00100 162 18088 divert 8668 ip from any to any via fxp0 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 206 21586 allow ip from any to any 65535 3872 652732 deny ip from any to any The ssh config is untouched and has only comments in it: # $OpenBSD: ssh_config,v 1.22 2006/05/29 12:56:33 dtucker Exp $ # $FreeBSD: src/crypto/openssh/ssh_config,v 1.27.2.4 2006/11/11 00:51:28 des Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. # Host * # ForwardAgent no # ForwardX11 no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # BatchMode no # CheckHostIP no # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no # VersionAddendum FreeBSD-20061110 -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/