From owner-freebsd-security Mon Nov 6 14:19:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.epylon.com (sf-gw.epylon.com [63.93.9.98]) by hub.freebsd.org (Postfix) with ESMTP id 9487037B479 for ; Mon, 6 Nov 2000 14:19:41 -0800 (PST) Received: by pluto.epylon.lan with Internet Mail Service (5.5.2650.21) id ; Mon, 6 Nov 2000 14:19:41 -0800 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02425C@goofy.epylon.lan> From: Jason DiCioccio To: 'nicholas bernstein' , freebsd-security@freebsd.org Subject: RE: OPEN SSH Weirdness Date: Mon, 6 Nov 2000 14:19:39 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C0483F.A7EA8D00" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C0483F.A7EA8D00 Content-Type: text/plain; charset="iso-8859-1" cat /etc/hosts.allow ------- Jason DiCioccio Unix BOFH mailto:jasond@epylon.com 415-593-2761 Direct & Fax 415-593-2900 Main Epylon Corporation 645 Harrison Street, Suite 200 San Francisco, CA 94107 www.epylon.com OK, so you're a Ph.D. Just don't touch anything. -----Original Message----- From: nicholas bernstein [mailto:nicholas@innoverity.com] Sent: Monday, November 06, 2000 2:19 PM To: freebsd-security@freebsd.org Subject: OPEN SSH Weirdness OK- I hope someone can help with this, 'cause I have no IDEA. :) ------------------ PLATFORMS: Client(s): Mac OS8.6 using niftyterm 1.1 ssh r3 Linux using ssh 1.2.29 Server: FBSD 4.1 Stable using open ssh. ------------------ Error: nickb@thorin:~ > ssh 141.154.27.35 Bad remote protocol version identification: 'You are not welcome to use sshd from thorin.innoverity.com. ------------------ sshd_config: # This is ssh server systemwide configuration file. # # $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.1 2000/06/09 07:10:22 kris Ex p $ Port 22 Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_key HostDsaKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 60 KeyRegenerationInterval 3600 PermitRootLogin yes #AllowUsers * # Rate-limit sshd connections to 5 connections per 10 seconds ConnectionsPerPeriod 5/10 # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #SkeyAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes CheckMail yes #UseLogin no ------------------- sshd errors: gandalf# sshd error: Could not load DSA host key: /etc/ssh/ssh_host_dsa_key Disabling protocol version 2 -- Nicholas Bernstein, Technologist, Artist, Etc. nicholas@innoverity.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message ------_=_NextPart_000_01C0483F.A7EA8D00 Content-Type: application/octet-stream; name="Jason DiCioccio.vcf" Content-Disposition: attachment; filename="Jason DiCioccio.vcf" BEGIN:VCARD VERSION:2.1 N:DiCioccio;Jason FN:Jason DiCioccio ORG:epylon.com;operations TITLE:UNIX ADMIN ADR;WORK:;;645 Harrison St;San Francisco;CA;94107;usa LABEL;WORK;ENCODING=QUOTED-PRINTABLE:645 Harrison St=0D=0ASan Francisco, CA 94107=0D=0Ausa EMAIL;PREF;INTERNET:Jason.DiCioccio@Epylon.com REV:19990105T135529Z END:VCARD ------_=_NextPart_000_01C0483F.A7EA8D00-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message