From owner-freebsd-questions@FreeBSD.ORG Sat Sep 16 11:33:46 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D728A16A40F for ; Sat, 16 Sep 2006 11:33:46 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69F7E43D46 for ; Sat, 16 Sep 2006 11:33:46 +0000 (GMT) (envelope-from wmoran@collaborativefusion.com) Received: from localhost (monrovll-cuda1-24-53-251-44.pittpa.adelphia.net [24.53.251.44]) (AUTH: LOGIN wmoran, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Sat, 16 Sep 2006 07:33:45 -0400 id 00056416.450BE119.0000C00F Date: Sat, 16 Sep 2006 07:33:43 -0400 From: Bill Moran To: ke han Message-Id: <20060916073343.cd51fda8.wmoran@collaborativefusion.com> In-Reply-To: References: Organization: Collaborative Fusion X-Mailer: Sylpheed version 2.2.7 (GTK+ 2.8.20; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions Questions list Subject: Re: PAY offered - sshd won't allow client from same domain X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Sep 2006 11:33:46 -0000 ke han wrote: > I will PAY someone who can either answer this question or who wants > to log into my server and help me figure it out. I can pay an hourly > rate, make a donation to your favorite project...whatever. This > problem is killing my productivity!!!! > > I have a FreeBSD 6.1-p6 server running as server1.domain.com. > sshd is allowing connections from any client except those which share > the domain.com name..I can't be certain this is the problem, but > after a month of debugging, its the only common factor I can find. > My ssh client on server2.domain.com (also FreeBSD 6.1) returns with > "Read from socket failed: Connection reset by peer" as output to my > ssh client. On OS X the error message is "Write failed: Broken pipe". > ...So mac.domain.com and server2.domain.com which are on different > networks from server1 (and from each other) are not allowed...I don't > get any useful error messages. Even setting sshd_config LogLevel to > DEBUG3 doesn't provide anything meaningful (to me) in auth.log or > debug.log > for server2.domain.com, I even have its ip as an A record in DNS and > server1 can see this. mac.domain.com is not so lucky as it sits > behind a DHCP NAT'ed structure. But this should hardly be a > problem...PuTTY on Windows XP with no domain setting and behind a > NAT'd DHCP structure CAN connect... You've obscured a lot of information regarding DNS and other configs, so I can only make a guess, but my guess would be that the DNS for your domain is somehow configured incorrectly and the server is time out trying to resolve domain names. Log in to the server and verify (using host(1)) that domain names resolve for the client's you're having trouble with. If that fails, you have more information to trace the problem. If that doesn't indicate anything, log into the server and run a second sshd with -D and capture all of the output. You may also need to use -p to run it on another port to ensure it doesn't conflict with the system sshd. Try to log in via a failing host and see if the output gives you any clues. If not, post it to see if someone else can identify something wrong with the process. -- Bill Moran That's why I never kiss 'em on the mouth. Jayne Cobb