LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-06-2009, 05:11 AM   #1
smuro
LQ Newbie
 
Registered: Jun 2009
Posts: 9

Rep: Reputation: 0
Suse login: Can not ssh on a public ip address


Hello Team
Im having a very strange behavior on Suse 10.2 enterprise

Scenario 1: SUCCESS
Server is assigned a private ip address: 10.10.1.1/24
Host1 is assigned a private ip address: 10.10.1.5/24
(Both on same network, same switch)

host1# ssh adminroot@10.10.1.1
login as: adminroot
root@10.10.1.1's password:
Last login: Wed May 27 16:21:40 2009 from 10.10.1.5
[root@server1 ~]#

Scenario 2: FAILURE
Server is assigned a public ip address: 41.192.10.1/28
Host1 is assigned a public ip addrss: 41.192.10.2/28
(Both on Same switch even directly connected

login as: adminroot
inventions@41.192.10.1's password:
Access denied
inventions@41.192.10.1's password:
Access denied
inventions@41.192.10.1's password:


The firewall is disabled

Please help
Sam
 
Old 06-06-2009, 05:29 AM   #2
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
First thing that comes to my mind:
Have you checked hosts.allow and hostst.deny
 
Old 06-06-2009, 08:57 AM   #3
smuro
LQ Newbie
 
Registered: Jun 2009
Posts: 9

Original Poster
Rep: Reputation: 0
I will check to confirm. However i wonder why it give me the login prompt!!
 
Old 06-07-2009, 02:58 AM   #4
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
Good point, I overlooked that one.
 
Old 06-09-2009, 04:35 AM   #5
smuro
LQ Newbie
 
Registered: Jun 2009
Posts: 9

Original Poster
Rep: Reputation: 0
I have looked at the configs, renamed both host.allow and host.deny but no lucky yet!!

i have also disabled the SELinux but still no success.. it happens on all new servers installed so the problem is generic

Please advice
Sam
 
Old 06-09-2009, 04:41 AM   #6
noctilucent
Member
 
Registered: Jun 2009
Distribution: slackware
Posts: 123

Rep: Reputation: 25
Code:
login as: adminroot
inventions@41.192.10.1's password:
Uh.. what?

In any case, could we see your sshd_config?
 
Old 06-11-2009, 02:45 AM   #7
smuro
LQ Newbie
 
Registered: Jun 2009
Posts: 9

Original Poster
Rep: Reputation: 0
Here are the configs.. all settings are default with the exception of root login. i tried with yes but still didnt work

I also set the parameter
selinux = 0 on /etc/grab.conf but no luck

sam

Code:
#	$OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 3

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
# in this release. The use of 'gssapi' is deprecated due to the presence of 
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
#GSSAPIEnableMITMAttack no
 

# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication mechanism. 
# Depending on your PAM configuration, this may bypass the setting of 
# PasswordAuthentication, PermitEmptyPasswords, and 
# "PermitRootLogin without-password". If you just want the PAM account and 
# session checks to run without PAM authentication, then enable this but set 
# ChallengeResponseAuthentication=no
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes 
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
Banner /etc/ssh/motd.txt

# override default of no subsystems
Subsystem	sftp	/usr/lib/ssh/sftp-server

# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
AcceptEnv LC_IDENTIFICATION LC_ALL
And ssh_config is here

Code:
#	$OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no

# If you do not trust your remote host (or its administrator), you
# should not forward X11 connections to your local X11-display for
# security reasons: Someone stealing the authentification data on the
# remote side (the "spoofed" X-server by the remote sshd) can read your
# keystrokes as you type, just like any other X11 client could do.
# Set this to "no" here for global effect or in your own ~/.ssh/config
# file if you want to have the remote X11 authentification data to 
# expire after two minutes after remote login.
ForwardX11Trusted yes

#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   EscapeChar ~
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no 

# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
# in this release. The use of 'gssapi' is deprecated due to the presence of 
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
#   GSSAPIEnableMITMAttack no

# This enables sending locale enviroment variables LC_* LANG, see ssh_config(5).
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
SendEnv LC_IDENTIFICATION LC_ALL
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
open-ssh vs. commercial ssh (tru64), public-key auth not possible? cf050 Linux - Networking 8 03-28-2012 12:15 PM
SSH Problem - Can't login using Hostname, can login using ip address jqweezy Linux - Networking 7 01-26-2009 03:21 PM
problem disabling SSH password login on suse 11 dasy2k1 Linux - Security 1 09-25-2008 08:03 PM
how to get public ip address openbysource Linux - Networking 1 02-23-2006 12:21 AM
SSH login ... access denied (suse 9.1) saxxon1 Linux - Networking 3 09-14-2004 03:34 PM


All times are GMT -5. The time now is 04:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration