Date: Fri, 22 Feb 2002 18:36:15 +0100 From: Philipp Reichmuth <uzsv2k@uni-bonn.de> To: questions@freebsd.org Subject: sshd: not allowed to connect Message-ID: <5910885041.20020222183615@web.de>
next in thread | raw e-mail | index | archive | help
Hello questions-folks, I've got a problem getting users to connect to sshd on my gateway (running 4.5-stable, "FreeBSD moria.wg 4.5-STABLE FreeBSD 4.5-STABLE #0: Thu Feb 14 09:16:22 CET 2002 admin@moria.wg:/usr/obj/usr/src/sys/MORIA.586 i386" to be precise) For example, I've got the user "drow" with the following data: -------------- passwd entry --------------- tibi:*:1000:1000:Name:/home/tibi:/usr/local/bin/bash drow:*:1001:1000:Name:/home/drow:/usr/local/bin/bash -------------- group entries -------------- network:*:69:root,drow,tibi,... staff:*:1000:root netstuff:*:1001:drow ------------------------------------------- I remember having some trouble back when upgrading from 4.2 to 4.4-STABLE, at first due to PAM, then due to drow being in the wheel group, which apparently constituted enough of a danger for sshd to lock drow out. After removing drow from wheel, administering the system got a bit more tedious of course because drow could su no more, but it worked. Now all of a sudden drow's connections get refused for no apparent reason. Yesterday, for example, things worked like this: --------------- sshd log ----------------- Feb 21 15:39:32 moria sshd[249]: Accepted password for drow from 192.168.0.23 port 1112 ssh2 Feb 21 15:47:12 moria sshd[249]: Received disconnect from 192.168.0.23: 11: Disconnect requested by Windows SSH Client. ------------------------------------------ Today, however, after no changes to the system configuration, I get: --------------- sshd log ----------------- Feb 22 17:43:24 moria sshd[13077]: Denied connection for drow from dojo.wg [192.168.0.23]. Feb 22 17:43:24 moria sshd[13077]: Disconnecting: Sorry, you are not allowed to connect. ------------------------------------------ The interesting thing is that drow's connections get refused, while tibi's don't. The only difference between the two accounts is that drow is in an extra group for historic reasons. He has been there for quite some time, however. This is my sshd config file, for sake of completeness: --------------- sshd config -------------- Port 22 Protocol 2,1 HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 120 KeyRegenerationInterval 3600 PermitRootLogin no MaxStartups 10:30:60 IgnoreRhosts yes StrictModes yes X11Forwarding yes X11DisplayOffset 10 PrintMotd yes KeepAlive yes SyslogFacility AUTH LogLevel INFO RhostsAuthentication no RhostsRSAAuthentication no HostbasedAuthentication no RSAAuthentication yes PasswordAuthentication yes PermitEmptyPasswords no Subsystem sftp /usr/libexec/sftp-server ------------------------------------------ Sorry for the gargantuan mail, but I've got no clue what's going on here. Philipp ___________________ Having been erased, / The document you're seeking / Must now be retyped To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5910885041.20020222183615>