From owner-freebsd-questions@FreeBSD.ORG Mon Nov 22 21:26:18 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2593516A4CE for ; Mon, 22 Nov 2004 21:26:18 +0000 (GMT) Received: from out006.verizon.net (out006pub.verizon.net [206.46.170.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id D05FF43D4C for ; Mon, 22 Nov 2004 21:26:17 +0000 (GMT) (envelope-from georgiev@vt.edu) Received: from bburg.bg ([151.199.112.157]) by out006.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20041122212617.QGCO4719.out006.verizon.net@bburg.bg> for ; Mon, 22 Nov 2004 15:26:17 -0600 From: Ivan Georgiev To: freebsd-questions@freebsd.org Date: Mon, 22 Nov 2004 16:26:15 -0500 User-Agent: KMail/1.7.1 References: <200411220741.33211.georgiev@vt.edu> <20041122195937.GC951@dhumketu.homeunix.net> In-Reply-To: <20041122195937.GC951@dhumketu.homeunix.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200411221626.15234.georgiev@vt.edu> X-Authentication-Info: Submitted using SMTP AUTH at out006.verizon.net from [151.199.112.157] at Mon, 22 Nov 2004 15:26:17 -0600 Subject: Re: NEW: cannot ssh to my computer X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Nov 2004 21:26:18 -0000 On Monday 22 November 2004 02:59 pm, Shantanoo Mahajan wrote: > +++ Ivan Georgiev [freebsd] [22-11-04 07:41 -0500]: > | On Monday 22 November 2004 06:39 am, Dick Davies wrote: > | > * Panagiotis Christias [1116 09:16]: > | > > On Mon, 22 Nov 2004 00:05:33 -0500, Ivan Georgiev wrote: > | > > > Just another thing ... > | > > > > | > > > If I remove myself from the group wheel then I CAN ssh to my > | > > > computer; if I put myself back to wheel - then CANNOT ssh to the > | > > > computer. > | > > > > | > > > How can I ssh and be a member of the wheel group? > | > > > | > > In that case, maybe "PermitRootLogin yes" in /etc/ssh/sshd_config and > | > > restarting sshd would help. > | > > | > That setting shouldn't affect wheel logins. > | > | Changing PermitRootLogin to "yes" didn't do it .... > > what's in /etc/hosts.allow? Whatever is in the default 5-3-RELEASE installation. I haven't touched that : ALL : ALL : allow #sshd : .evil.cracker.example.com : deny ALL : PARANOID : RFC931 20 : deny ALL : localhost 127.0.0.1 [::1] : allow ALL : my.machine.example.com 192.0.2.35 : allow ALL : [fe80::%fxp0]/10 : allow ALL : [fe80::]/10 : deny ALL : [2001:db8:2:1:2:3:4:3fe1] : deny ALL : [2001:db8:2:1::]/64 : allow sendmail : localhost : allow sendmail : .nice.guy.example.com : allow sendmail : .evil.cracker.example.com : deny sendmail : ALL : allow exim : localhost : allow exim : .nice.guy.example.com : allow exim : .evil.cracker.example.com : deny exim : ALL : allow rpcbind : 192.0.2.32/255.255.255.224 : allow rpcbind : 192.0.2.96/255.255.255.224 : allow rpcbind : ALL : deny ypserv : localhost : allow ypserv : .unsafe.my.net.example.com : deny ypserv : .my.net.example.com : allow ypserv : ALL : deny ftpd : localhost : allow ftpd : .nice.guy.example.com : allow ftpd : .evil.cracker.example.com : deny ftpd : ALL : allow fingerd : ALL \ : spawn (echo Finger. | \ /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \ : deny ALL : ALL \ : severity auth.info \ : twist /bin/echo "You are not welcome to use %d from %h."