Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 07 Jul 2007 12:02:32 -0500
From:      Tim Daneliuk <tundra@tundraware.com>
To:        Simon Chang <simonychang@gmail.com>, freebsd-questions@freebsd.org
Subject:   Re: An ssh Question
Message-ID:  <468FC728.8040903@tundraware.com>
In-Reply-To: <8efc42630707070650g55179cbk3ffc554b14d6d33d@mail.gmail.com>
References:  <468F4635.4020204@tundraware.com> <8efc42630707070650g55179cbk3ffc554b14d6d33d@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Simon Chang wrote:
>>
>>   OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
>>   debug1: Reading configuration data /etc/ssh/ssh_config
>>   debug2: ssh_connect: needpriv 0
>>   debug1: Connecting to xxxxxxxxxxxxxx.com [x.x.x.x] port 22.
>>
>>
>> What is really baffling is that if I try the exact same thing from, say,
>> a cygwin session on a host on the private network - this works fine.
>> So ... it's not a firewall problem as near as I can tell.  It may be
>> an ssh configuration problem - that is, the FreeBSD ssh client can't do
>> it, but another client (cygwin) can.
> 
> It would be helpful if you include your firewall ruleset, plus
> sshd_config.  It's possible that one or more is misconfigured, but we
> would have no way of knowing without your telling us about them.
> 
> SC

I have opened up the firewall entirely just to test, and this does
not solve the problem:

00100  162  18088 divert 8668 ip from any to any via fxp0
00100    0      0 allow ip from any to any via lo0
00200    0      0 deny ip from any to 127.0.0.0/8
00300    0      0 deny ip from 127.0.0.0/8 to any
65000  206  21586 allow ip from any to any
65535 3872 652732 deny ip from any to any



The ssh config is untouched and has only comments in it:

#       $OpenBSD: ssh_config,v 1.22 2006/05/29 12:56:33 dtucker Exp $
#       $FreeBSD: src/crypto/openssh/ssh_config,v 1.27.2.4 2006/11/11 00:51:28 des Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP no
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VersionAddendum FreeBSD-20061110


-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?468FC728.8040903>