Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 16 Sep 2006 17:50:06 +0900
From:      Garrett Cooper <youshi10@u.washington.edu>
To:        freebsd-questions@freebsd.org
Subject:   Re: PAY offered - sshd won't allow client from same domain
Message-ID:  <A27A8BC0-D31D-428E-B917-578A1AA4A3A6@u.washington.edu>
In-Reply-To: <B65B3EC5-1D8D-46AB-847F-E31034158868@redstarling.com>
References:  <B65B3EC5-1D8D-46AB-847F-E31034158868@redstarling.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 16, 2006, at 5:46 PM, ke han wrote:

> I will PAY someone who can either answer this question or who wants  
> to log into my server and help me figure it out.  I can pay an  
> hourly rate, make a donation to your favorite project...whatever.   
> This problem is killing my productivity!!!!
>
> I have a FreeBSD 6.1-p6 server running as server1.domain.com.
> sshd is allowing connections from any client except those which  
> share the domain.com  name..I can't be certain this is the problem,  
> but after a month of debugging, its the only common factor I can  
> find.  My ssh client on server2.domain.com (also FreeBSD 6.1)  
> returns with "Read from socket failed: Connection reset by peer" as  
> output to my ssh client.  On OS X the error message is "Write  
> failed: Broken pipe".
> ...So mac.domain.com and server2.domain.com which are on different  
> networks from server1 (and from each other) are not allowed...I  
> don't get any useful error messages.  Even setting sshd_config  
> LogLevel to DEBUG3 doesn't provide anything meaningful (to me)  in  
> auth.log or debug.log
> for server2.domain.com, I even have its ip as an A record in DNS  
> and server1 can see this.  mac.domain.com is not so lucky as it  
> sits behind a DHCP NAT'ed structure.  But this should hardly be a  
> problem...PuTTY on Windows XP with no domain setting and behind a  
> NAT'd DHCP structure CAN connect...
>
> Please allow me to offer some incentive this time around as this is  
> my third post on this problem to this maillist.  I have not  
> received a single reply.
>
> Please get in touch.
> thanks ke han

Do you have kerberos compiled and in use for authentication on the  
FreeBSD server and are you using it on the OSX client? ssh -vv  
server1.domain.com says?
-Garrett 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A27A8BC0-D31D-428E-B917-578A1AA4A3A6>