Date: Wed, 16 Mar 2005 10:00:44 -0600 From: Nathan Kinkade <nkinkade@ub.edu.bz> To: "Eugene M. Minkovskii" <emin@mccme.ru> Cc: freebsd-questions@freebsd.org Subject: Re: sshd behaviour Message-ID: <20050316160044.GS8226@gentoo-npk.bmp.ub> In-Reply-To: <20050316074108.GA18643@mccme.ru> References: <20050316074108.GA18643@mccme.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--Y51z1SGMnxVzkhDv Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 16, 2005 at 10:41:09AM +0300, Eugene M. Minkovskii wrote: > Hi. I see strange to me behaviour of sshd. Please tell me is it > bug or feature? >=20 > I use following network configuration: >=20 > ####### ########### ########## > # LAN # -> # gateway # -> # router # > ####### ########### ########## >=20 > Gateway machine has sshd. Normally I work from LAN on the gateway > good. But when connection with provider's router broken: >=20 > ####### ########### ########## > # LAN # -> # gateway # -X-> # router # > ####### ########### ########## >=20 > I can't login from LAN to gateway. Moreover, I can't login from > gateway to itself, using loop interface. But other Network > servicec working good. For example, I can do > # telnet gateway 25 > from LAN. >=20 > Provider's router is default router in /etc/rc.conf. As another poster mentioned, the problem is likely related to DNS, and I have experienced it as well. If you are using Privilege Separation, then an sshd process will chroot itself into /var/empty before performing authentication. /var/empty is itself usually empty. One thing you can do is to make the dir /var/empty/etc and then drop a copy of your /etc/hosts file into the newly created /var/empty/etc/ directory. You might want to make sure that the hosts file contains a mapping to the LAN machines which you want to ssh from. Keep in mind that /var/empty has the schg flag set, so you won't be able to copy anything to it without disabling this first. See more at `man chflags`. Try something like this: # chflags -R noschg /var/empty # mkdir /var/empty/etc # cp /etc/hosts /var/empty/etc # chflags -R schg /var/empty This will likely clear up your problem. Nathan --Y51z1SGMnxVzkhDv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCOFgsO0ZIEthSfkkRAjAcAKCoKQClkmST1vJC0A051kCPtdBfnACcCjsE KYDlHo7CtdAsJaJK5xsshaA= =sywT -----END PGP SIGNATURE----- --Y51z1SGMnxVzkhDv--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050316160044.GS8226>