Date: Sat, 16 Sep 2006 07:33:43 -0400 From: Bill Moran <wmoran@collaborativefusion.com> To: ke han <ke.han@redstarling.com> Cc: freebsd-questions Questions list <freebsd-questions@freebsd.org> Subject: Re: PAY offered - sshd won't allow client from same domain Message-ID: <20060916073343.cd51fda8.wmoran@collaborativefusion.com> In-Reply-To: <B65B3EC5-1D8D-46AB-847F-E31034158868@redstarling.com> References: <B65B3EC5-1D8D-46AB-847F-E31034158868@redstarling.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ke han <ke.han@redstarling.com> wrote: > I will PAY someone who can either answer this question or who wants > to log into my server and help me figure it out. I can pay an hourly > rate, make a donation to your favorite project...whatever. This > problem is killing my productivity!!!! > > I have a FreeBSD 6.1-p6 server running as server1.domain.com. > sshd is allowing connections from any client except those which share > the domain.com name..I can't be certain this is the problem, but > after a month of debugging, its the only common factor I can find. > My ssh client on server2.domain.com (also FreeBSD 6.1) returns with > "Read from socket failed: Connection reset by peer" as output to my > ssh client. On OS X the error message is "Write failed: Broken pipe". > ...So mac.domain.com and server2.domain.com which are on different > networks from server1 (and from each other) are not allowed...I don't > get any useful error messages. Even setting sshd_config LogLevel to > DEBUG3 doesn't provide anything meaningful (to me) in auth.log or > debug.log > for server2.domain.com, I even have its ip as an A record in DNS and > server1 can see this. mac.domain.com is not so lucky as it sits > behind a DHCP NAT'ed structure. But this should hardly be a > problem...PuTTY on Windows XP with no domain setting and behind a > NAT'd DHCP structure CAN connect... You've obscured a lot of information regarding DNS and other configs, so I can only make a guess, but my guess would be that the DNS for your domain is somehow configured incorrectly and the server is time out trying to resolve domain names. Log in to the server and verify (using host(1)) that domain names resolve for the client's you're having trouble with. If that fails, you have more information to trace the problem. If that doesn't indicate anything, log into the server and run a second sshd with -D and capture all of the output. You may also need to use -p to run it on another port to ensure it doesn't conflict with the system sshd. Try to log in via a failing host and see if the output gives you any clues. If not, post it to see if someone else can identify something wrong with the process. -- Bill Moran That's why I never kiss 'em on the mouth. Jayne Cobb
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060916073343.cd51fda8.wmoran>