From owner-freebsd-questions@FreeBSD.ORG Sat Sep 16 08:50:10 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CB4516A416 for ; Sat, 16 Sep 2006 08:50:09 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout1.cac.washington.edu (mxout1.cac.washington.edu [140.142.32.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3281D43D49 for ; Sat, 16 Sep 2006 08:50:09 +0000 (GMT) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.32.139]) by mxout1.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.03) with ESMTP id k8G8o8bH007723 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Sat, 16 Sep 2006 01:50:08 -0700 X-Auth-Received: from [192.168.11.5] (208.131.210.220.dy.bbexcite.jp [220.210.131.208]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.03) with ESMTP id k8G8o6ZA012613 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for ; Sat, 16 Sep 2006 01:50:08 -0700 Mime-Version: 1.0 (Apple Message framework v752.2) In-Reply-To: References: X-Gpgmail-State: !signed Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Garrett Cooper Date: Sat, 16 Sep 2006 17:50:06 +0900 To: freebsd-questions@freebsd.org X-Mailer: Apple Mail (2.752.2) X-PMX-Version: 5.2.0.266434, Antispam-Engine: 2.4.0.264935, Antispam-Data: 2006.9.16.13442 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0' Subject: Re: PAY offered - sshd won't allow client from same domain X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Sep 2006 08:50:10 -0000 On Sep 16, 2006, at 5:46 PM, ke han wrote: > I will PAY someone who can either answer this question or who wants > to log into my server and help me figure it out. I can pay an > hourly rate, make a donation to your favorite project...whatever. > This problem is killing my productivity!!!! > > I have a FreeBSD 6.1-p6 server running as server1.domain.com. > sshd is allowing connections from any client except those which > share the domain.com name..I can't be certain this is the problem, > but after a month of debugging, its the only common factor I can > find. My ssh client on server2.domain.com (also FreeBSD 6.1) > returns with "Read from socket failed: Connection reset by peer" as > output to my ssh client. On OS X the error message is "Write > failed: Broken pipe". > ...So mac.domain.com and server2.domain.com which are on different > networks from server1 (and from each other) are not allowed...I > don't get any useful error messages. Even setting sshd_config > LogLevel to DEBUG3 doesn't provide anything meaningful (to me) in > auth.log or debug.log > for server2.domain.com, I even have its ip as an A record in DNS > and server1 can see this. mac.domain.com is not so lucky as it > sits behind a DHCP NAT'ed structure. But this should hardly be a > problem...PuTTY on Windows XP with no domain setting and behind a > NAT'd DHCP structure CAN connect... > > Please allow me to offer some incentive this time around as this is > my third post on this problem to this maillist. I have not > received a single reply. > > Please get in touch. > thanks ke han Do you have kerberos compiled and in use for authentication on the FreeBSD server and are you using it on the OSX client? ssh -vv server1.domain.com says? -Garrett