Date: Tue, 5 Dec 2000 19:47:12 -0500 (EST) From: Jim Freeze <jim@freeze.org> To: questions@freebsd.org Subject: Can no longer ssh Message-ID: <Pine.BSF.4.21.0012051930020.13396-100000@www.bellnetworks.net>
next in thread | raw e-mail | index | archive | help
Hi all:
Before this last weekend, I had a FBSD desktop machine with a 'client'
firewall setup. I was able to define a rule to permit ssh to the machine
from only a few hosts. Great. I understand this. (I thought.)
This last weekend, I setup a LAN and the FBSD machine is now a gateway
with natd and ipfw running. Using the rules given at mostgraveconcern, I
thought I could ssh into this machine, but no luck.
After several attempts at modifiying the rules with no luck, I changed the
firewall to 'open'. Still NO SSH!
# ssh /etc/rc.firewall
Flushed all rules.
00000 divert 8668 ip from any to any via vx0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
65000 allow ip from any to any
Here is some diagnostics that I have tried:
Attempting to ssh from a remote host never responds with a login.
jfreeze@eeyore1 ('tty') ~/tmp 82 -> ssh localhost -l jfreeze
<--snip login stuff-->
/usr/X11R6/bin/xauth: timeout in locking authority file
/home/jfreeze/.Xauthority
Dec 2 22:58:11 eeyore1 last message repeated 4 times
Dec 2 22:59:09 eeyore1 natd[154]: failed to write packet back (Permission
denied)
Dec 2 23:05:34 eeyore1 su: jfreeze to root on /dev/ttyp1
Dec 3 00:07:20 eeyore1 /kernel: cd9660: RockRidge Extension
Dec 3 00:25:33 eeyore1 su: jfreeze to root on /dev/ttyp1
Dec 5 19:17:28 eeyore1 su: jfreeze to root on /dev/ttyp1
Dec 5 19:37:22 eeyore1 sshd[5815]: fatal: Local: ROOT LOGIN REFUSED FROM
localhost
Dec 5 19:47:20 eeyore1 su: jfreeze to root on /dev/ttyp1
Dec 5 19:47:34 eeyore1 sshd[5901]: fatal: Local: ROOT LOGIN REFUSED FROM
localhost
Dec 5 19:47:41 eeyore1 sshd[5904]: fatal: Local: ROOT LOGIN REFUSED FROM
eeyore1
jfreeze@eeyore1 -> ssh eeyore1 -l jfreeze
<--snip login stuff-->
/usr/X11R6/bin/xauth: timeout in locking authority file
/home/jfreeze/.Xauthority
Dec 2 22:58:11 eeyore1 last message repeated 4 times
Dec 2 22:59:09 eeyore1 natd[154]: failed to write packet back (Permission
denied)
Dec 2 23:05:34 eeyore1 su: jfreeze to root on /dev/ttyp1
Dec 3 00:07:20 eeyore1 /kernel: cd9660: RockRidge Extension
Dec 3 00:25:33 eeyore1 su: jfreeze to root on /dev/ttyp1
Dec 5 19:17:28 eeyore1 su: jfreeze to root on /dev/ttyp1
Dec 5 19:37:22 eeyore1 sshd[5815]: fatal: Local: ROOT LOGIN REFUSED FROM
localhost
Dec 5 19:47:20 eeyore1 su: jfreeze to root on /dev/ttyp1
Dec 5 19:47:34 eeyore1 sshd[5901]: fatal: Local: ROOT LOGIN REFUSED FROM
localhost
Dec 5 19:47:41 eeyore1 sshd[5904]: fatal: Local: ROOT LOGIN REFUSED FROM
eeyore1
The latter two scenarios, although I was able to get in, took upwards one
minute to finally let me in.
Thanks for any help.
====================================================
Jim Freeze
jim@freeze.org
---------------------------------------------------
** http://www.freeze.org **
====================================================
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012051930020.13396-100000>