From owner-freebsd-security  Tue Feb 19 13:41: 1 2002
Delivered-To: freebsd-security@freebsd.org
Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240])
	by hub.freebsd.org (Postfix) with ESMTP id 69D0237B405
	for <freebsd-security@FreeBSD.ORG>; Tue, 19 Feb 2002 13:40:54 -0800 (PST)
Received: (qmail 27146 invoked by uid 1000); 19 Feb 2002 21:40:49 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 19 Feb 2002 21:40:49 -0000
Date: Tue, 19 Feb 2002 13:40:45 -0800 (PST)
From: Jason Stone <jason@shalott.net>
X-X-Sender:  <jason@walter>
To: "B.K. DeLong" <bkdelong@pobox.com>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: SSHD problems: Forked child when logging in locally
In-Reply-To: <5.1.0.14.2.20020219160112.025494f0@pop.earthlink.net>
Message-ID: <20020219133712.A75605-100000@walter>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> I recently lost the ability to ssh into my firewall from the local
> side of the network, though ironically I can still ssh to it from the
> outside.
>
> I'm running FreeBSD 4.5-STABLE and OpenSSH_3.0.2.
>
> When I try to ssh into the machine (192.168.2.1) from my Win98 SE
> laptop using ssh2 in SecureCRT 3.3 (192.168.2.11) my authlog shows:

My first guess is broken name resolution - maybe the firewall machine is
using extrernal dns servers, and so it can resolve real ip's right away,
but your private ip's (192.168.) can't resolve, so the server hangs.

Verify this by either a) running "host 192.168.2.11" on the firewall box,
or b) just waiting a really long time for the login to work - don't get
frustrated and close the window - give it like half an hour to actually
give you a prompt.


 -Jason

 -----------------------------------------------------------------------
 I worry about my child and the Internet all the time, even though she's
 too young to have logged on yet.  Here's what I worry about.  I worry
 that 10 or 15 years from now, she will come to me and say "Daddy, where
 were you when they took freedom of the press away from the Internet?"
	-- Mike Godwin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg

iD8DBQE8csZhswXMWWtptckRAvCCAJ9sgKrt5+5HYmr0EnbIhDxc6VnoGACgo5JI
1VTixXabCaozMssnIpRQrQM=
=udfU
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message