Date: Wed, 19 Jan 2000 13:41:37 +1300 From: "Dan Langille" <dan@freebsddiary.org> To: Roelof Osinga <roelof@nisser.com>, "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>, questions@freebsd.org Cc: questions@freebsd.org Subject: Re: OpenSSH 1.2.1 refusing incoming connections Message-ID: <200001190041.NAA50150@ducky.nz.freebsd.org> In-Reply-To: <3884E37F.54D7224B@nisser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18 Jan 00, at 23:04, Roelof Osinga wrote: > Two 3.4-STABLE's have no problem. Am in the process of configuring a > third. Both are barebone SSH installs, i.e. password driven. Problem solved. User error. The box which was failing to allow incoming ssh connection had a tcp_wrappers-7.6. This was installed when the box was on version 2.2.7 I think, and was never removed when the box was upgraded. FreeBSD after 3.2-RELEASE contains a tcp_wrapper library in the base system. My box had both libwrap.so.2 (base system) and libwrap.so.7 (tcp wrapper). Looking at ldd: # ldd sshd (on good box) sshd: libcrypto.so.1 =3D> /usr/local/lib/libcrypto.so.1 (0x28078000) libcrypt.so.2 =3D> /usr/lib/libcrypt.so.2 (0x28108000) libutil.so.2 =3D> /usr/lib/libutil.so.2 (0x2811d000) libz.so.2 =3D> /usr/lib/libz.so.2 (0x28126000) libwrap.so.2 =3D> /usr/lib/libwrap.so.2 (0x28133000) libc.so.3 =3D> /usr/lib/libc.so.3 (0x2813a000) # ldd sshd (on bad box) sshd: libcrypto.so.1 =3D> /usr/local/lib/libcrypto.so.1 (0x2807b000) libcrypt.so.2 =3D> /usr/lib/libcrypt.so.2 (0x2810b000) libutil.so.2 =3D> /usr/lib/libutil.so.2 (0x2810e000) libz.so.2 =3D> /usr/lib/libz.so.2 (0x28117000) libwrap.so.7 =3D> /usr/local/lib/libwrap.so.7 (0x28124000) libc.so.3 =3D> /usr/lib/libc.so.3 (0x2812b000) So here is a brief outline of what was happening during my ssh connection attempt: sshd asks tcp_wrappers: "how about this connection?" tcp_wrappers looks at /usr/local/etc/hosts.allow the file doesn't exist tcp_wrappers finds no rules allowing this connection tcp_wrappers replies to sshd "no way!=A0 this connection can't happen!" sshd says, "sorry, you can't connect". I had /etc/hosts.allow, as per libwrap.so.2. The solution: pkg_delete OpenSSH-1.2.1 cd /usr/ports/security/openssh make clean make make install and try again. On a side note: when installing the latest port of OpenSSH, I got this: # make install =3D=3D=3D> Installing for OpenSSH-1.2.1 Error: category ipv6 not in list of valid categories. removing ipv6 from the Categories in the Makefile fixed this. Eventually the above will be documented in better detail at: http://www.freebsddiary.org/ssh_refused.html My thanks to those that help, both here and offlist. Much appreciated. -- Dan Langille - DVL Software Limited [I'm looking for more work] The FreeBSD Diary - http://www.freebsddiary.org/freebsd/ NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/ The Racing System - http://www.racingsystem.com/racingsystem.htm unix @ home - http://www.unixathome.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001190041.NAA50150>