Date: Sat, 07 Jul 2007 12:02:32 -0500 From: Tim Daneliuk <tundra@tundraware.com> To: Simon Chang <simonychang@gmail.com>, freebsd-questions@freebsd.org Subject: Re: An ssh Question Message-ID: <468FC728.8040903@tundraware.com> In-Reply-To: <8efc42630707070650g55179cbk3ffc554b14d6d33d@mail.gmail.com> References: <468F4635.4020204@tundraware.com> <8efc42630707070650g55179cbk3ffc554b14d6d33d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Simon Chang wrote: >> >> OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004 >> debug1: Reading configuration data /etc/ssh/ssh_config >> debug2: ssh_connect: needpriv 0 >> debug1: Connecting to xxxxxxxxxxxxxx.com [x.x.x.x] port 22. >> >> >> What is really baffling is that if I try the exact same thing from, say, >> a cygwin session on a host on the private network - this works fine. >> So ... it's not a firewall problem as near as I can tell. It may be >> an ssh configuration problem - that is, the FreeBSD ssh client can't do >> it, but another client (cygwin) can. > > It would be helpful if you include your firewall ruleset, plus > sshd_config. It's possible that one or more is misconfigured, but we > would have no way of knowing without your telling us about them. > > SC I have opened up the firewall entirely just to test, and this does not solve the problem: 00100 162 18088 divert 8668 ip from any to any via fxp0 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 206 21586 allow ip from any to any 65535 3872 652732 deny ip from any to any The ssh config is untouched and has only comments in it: # $OpenBSD: ssh_config,v 1.22 2006/05/29 12:56:33 dtucker Exp $ # $FreeBSD: src/crypto/openssh/ssh_config,v 1.27.2.4 2006/11/11 00:51:28 des Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. # Host * # ForwardAgent no # ForwardX11 no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # BatchMode no # CheckHostIP no # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no # VersionAddendum FreeBSD-20061110 -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?468FC728.8040903>