From owner-freebsd-questions@FreeBSD.ORG Wed Mar 16 16:00:50 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B13016A4CE for ; Wed, 16 Mar 2005 16:00:50 +0000 (GMT) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB4BC43D41 for ; Wed, 16 Mar 2005 16:00:48 +0000 (GMT) (envelope-from nkinkade@fastmail.fm) Received: from frontend3.messagingengine.com (frontend3.internal [10.202.2.152]) by frontend1.messagingengine.com (Postfix) with ESMTP id C356DC62547; Wed, 16 Mar 2005 11:00:47 -0500 (EST) X-Sasl-enc: 40sqm7pK83msZ09s72eyFA 1110988847 Received: from gentoo-npk.bmp.ub (unknown [206.27.244.136]) by www.fastmail.fm (Postfix) with ESMTP id 4454B26A03; Wed, 16 Mar 2005 11:00:46 -0500 (EST) Received: from nkinkade by gentoo-npk.bmp.ub with local (Exim 4.21) id 1DBawv-0004Mb-0i; Wed, 16 Mar 2005 10:00:45 -0600 Date: Wed, 16 Mar 2005 10:00:44 -0600 From: Nathan Kinkade To: "Eugene M. Minkovskii" Message-ID: <20050316160044.GS8226@gentoo-npk.bmp.ub> Mail-Followup-To: "Eugene M. Minkovskii" , freebsd-questions@freebsd.org References: <20050316074108.GA18643@mccme.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Y51z1SGMnxVzkhDv" Content-Disposition: inline In-Reply-To: <20050316074108.GA18643@mccme.ru> X-PGP-Fingerprint: 3FDF A406 B149 3959 A8CB C5A9 3B46 4812 D852 7E49 User-Agent: Mutt/1.5.6i Sender: cc: freebsd-questions@freebsd.org Subject: Re: sshd behaviour X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nathan Kinkade List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2005 16:00:50 -0000 --Y51z1SGMnxVzkhDv Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 16, 2005 at 10:41:09AM +0300, Eugene M. Minkovskii wrote: > Hi. I see strange to me behaviour of sshd. Please tell me is it > bug or feature? >=20 > I use following network configuration: >=20 > ####### ########### ########## > # LAN # -> # gateway # -> # router # > ####### ########### ########## >=20 > Gateway machine has sshd. Normally I work from LAN on the gateway > good. But when connection with provider's router broken: >=20 > ####### ########### ########## > # LAN # -> # gateway # -X-> # router # > ####### ########### ########## >=20 > I can't login from LAN to gateway. Moreover, I can't login from > gateway to itself, using loop interface. But other Network > servicec working good. For example, I can do > # telnet gateway 25 > from LAN. >=20 > Provider's router is default router in /etc/rc.conf. As another poster mentioned, the problem is likely related to DNS, and I have experienced it as well. If you are using Privilege Separation, then an sshd process will chroot itself into /var/empty before performing authentication. /var/empty is itself usually empty. One thing you can do is to make the dir /var/empty/etc and then drop a copy of your /etc/hosts file into the newly created /var/empty/etc/ directory. You might want to make sure that the hosts file contains a mapping to the LAN machines which you want to ssh from. Keep in mind that /var/empty has the schg flag set, so you won't be able to copy anything to it without disabling this first. See more at `man chflags`. Try something like this: # chflags -R noschg /var/empty # mkdir /var/empty/etc # cp /etc/hosts /var/empty/etc # chflags -R schg /var/empty This will likely clear up your problem. Nathan --Y51z1SGMnxVzkhDv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCOFgsO0ZIEthSfkkRAjAcAKCoKQClkmST1vJC0A051kCPtdBfnACcCjsE KYDlHo7CtdAsJaJK5xsshaA= =sywT -----END PGP SIGNATURE----- --Y51z1SGMnxVzkhDv--