From owner-freebsd-questions@FreeBSD.ORG  Wed Jul 13 13:34:26 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9FE3B16A41C
	for <freebsd-questions@freebsd.org>;
	Wed, 13 Jul 2005 13:34:26 +0000 (GMT)
	(envelope-from ken@idealinter.net)
Received: from mail.idealinter.net (mail.idealinter.net [72.242.8.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5E3F243D46
	for <freebsd-questions@freebsd.org>;
	Wed, 13 Jul 2005 13:34:26 +0000 (GMT)
	(envelope-from ken@idealinter.net)
Received: from [192.168.0.2] (unknown [72.242.8.254])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	by mail.idealinter.net (Postfix) with ESMTP id 88B4C10E42C;
	Wed, 13 Jul 2005 09:34:25 -0400 (EDT)
In-Reply-To: <20050713105023.68541.qmail@web30502.mail.mud.yahoo.com>
References: <20050713105023.68541.qmail@web30502.mail.mud.yahoo.com>
Mime-Version: 1.0 (Apple Message framework v730)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <0C981FBE-F38A-4405-BC94-0B6C605DBCE3@idealinter.net>
Content-Transfer-Encoding: 7bit
From: Ken Ebling <ken@idealinter.net>
Date: Wed, 13 Jul 2005 09:34:24 -0400
To: Andrew Budiwaluyo <aob_85@yahoo.com>
X-Mailer: Apple Mail (2.730)
Cc: freebsd-questions@freebsd.org
Subject: Re: SSH
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2005 13:34:26 -0000


On Jul 13, 2005, at 6:50 AM, Andrew Budiwaluyo wrote:

> I can ssh (and access http) to my server from the
> internet, but not from my internal network.
>
> if i turn off the firewall it still won't work so i
> think it's no from ipf.rules.
>
> Help!
>
> If I ssh from an internal machine, I get the login
> prompt, but after typing a username, I am never asked
> for a password...


I have this problem every now and then when I setup a machine on my  
local 192.168.0.0/24 network.  There are a few ways to solve this.

1)  modify /etc/ssh/sshd_config and change "#UsePrivilegeSeparation  
yes" to "UsePrivilegeSeparation no" and kill and restart sshd
2)  modify /etc/hosts and list the ip addresses of the machines  
you'll be connecting from

The problem is that with privilege separation enabled, sometimes the  
sshd daemon tries to lookup the hostname of the computer you're  
connecting from, and it can't, so it hangs and times out.  I usually  
try #2 first, and if that doesn't work, I'll disable privilege  
separation, which always fixes the problem.

Thanks,

Ken Ebling