From owner-freebsd-questions Thu Aug 29 16:11:53 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37DCD37B400 for ; Thu, 29 Aug 2002 16:11:48 -0700 (PDT) Received: from smtp3.acsu.buffalo.edu (smtp3.acsu.buffalo.edu [128.205.6.86]) by mx1.FreeBSD.org (Postfix) with SMTP id 3890143E6A for ; Thu, 29 Aug 2002 16:11:47 -0700 (PDT) (envelope-from cd9@buffalo.edu) Received: (qmail 16546 invoked from network); 29 Aug 2002 23:11:44 -0000 Received: from ubppp233-187.dialin.buffalo.edu (HELO selvirjin.buffalo.edu) (128.205.233.187) by smtp3.acsu.buffalo.edu with SMTP; 29 Aug 2002 23:11:44 -0000 Received: from dragon by selvirjin.buffalo.edu with local (Exim 3.36 #1) id 17kYRF-000MjX-00; Thu, 29 Aug 2002 19:10:57 -0400 Date: Thu, 29 Aug 2002 19:10:57 -0400 From: "C. A. Daelhousen" To: Gerard Samuel Cc: Linh Pham , FreeBSD Questions Subject: Re: SSH, Sessions, Connections from the outside. Message-ID: <20020829191057.A87035@selvirjin.buffalo.edu> References: <20020829093935.W11590-100000@q.closedsrc.org> <3D6E59A6.1020106@trini0.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3D6E59A6.1020106@trini0.org>; from gsam@trini0.org on Thu, Aug 29, 2002 at 01:28:06PM -0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Aug 29, 2002 at 01:28:06PM -0400, Gerard Samuel wrote: > Im using ipfilter. > I do have ICMP traffic blocked. I believe from the logs that > 198.107.27.228 was you pinging me. > But I haven't changed the ruleset in months. Can't see why that is the > problem, because > all the people who are trying to connect to the box, get the login > prompt, but after they enter the user/pass > they get a session pasword box to enter a session password. Something I > don't get from inside the lan. > My IP is 68.39.132.244. As far as the firewall is concerned. Port 22 > is open. Here is my ruleset -> > [snip] > Linh Pham wrote: > > >On 2002-08-29, Gerard Samuel scribbled: > > > ># Hey all. I used to have people connect to my firewall box using a > ># windows prog called WinSCP. > ># I guess with the recent changes with ssh/scp family they are unable to > ># connect to it. > ># They keep getting an option to enter a session password. > > > >[snip] > > > ># If you don't mind, and if you have access to WinSCP or something > ># similar, can you try connecting to -> > ># www.trini0.org:22 > ># username/pass: developer/awol > ># > ># to help me figure out what I need to do to resolve my problem. > > > >I am unable to ping the machine nor am I able to get a port scan on the > >machine. Is your firewall ruleset set to deny all incoming traffic? Make > >suire that you allow the necessary ports and possibly ICMP traffic > >through. Just to confirm that the hostname points to the right IP > >address, trini0.org and www.trini0.org are resolving to 68.39.132.244. > > > >Which firewall program (ipfw/ipfilter, pf, etc.) are you using? Thanks. > > > >-- > > > >Linh Pham lplist@closedsrc.org > >Webmaster and FreeBSD Geek http://closedsrc.org > >closedsrc.org Every solution breeds new problems > > > > -- > Gerard Samuel > http://www.trini0.org:81/ > http://dev.trini0.org:81/ > Well, I just had a look at it, and using SSH v1, I get: Password: Response:_ I'm using _ to represent where the cursor stops, if that's not obvious. Pressing Enter moves on to a normal-looking prompt: developer@www.trini0.org's password:_ With SSH v2, I get: Password:_ I'd suggest looking into "ChallengeResponseAuthentication" in your SSH config, as well as turning on the server's debug output and having someone (anyone--you, a friend, or a user) try from outside. FYI, I'm in the 128.205 netblock. It's a dialup, so don't bother trying to crack me ;) -- ..: Chad Daelhousen == cd9@buffalo.edu :.........: sig v3.1 :... : Programming for 10 +/- 2 years (50 +/- 10% of a lifetime) : :.............Perl will be the first to implement mind reading.: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message