Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-29-2001, 10:14 AM
|
#1
|
LQ Newbie
Registered: Aug 2001
Posts: 2
Rep:
|
SSH connection problems
I have been connecting to SSH via PuTTy for several weeks successfully. However, now I'm getting "Connection refused by host" messages. When I check the logs on the Linux box, they state
/etc/hosts.deny, line 11: bad net/mask expression
refused connection from ******.******.*****.***
I'm not using a net/mask expression. I'm using a hostname expression. Line 11 of my hosts.deny file looks like this: ALL EXCEPT .*****.***
sshd is running according to ps. If I telnet to port 22, I get connected and immediately disconnected. While researching, I found some reference to /etc/sshd/sshd_config file. The location of that file on my system is /etc/ssh/sshd_config. I have no /etc/sshd directory. I've also read that it might need an AllowedHosts entry, but I cannot find reference to that keyword in the man pages for sshd.
What am I overlooking?
|
|
|
08-29-2001, 10:25 AM
|
#2
|
Member
Registered: Aug 2001
Location: Off the coast of Madadascar
Posts: 498
Rep:
|
SSH Connection Problem
If I'm correct the problem your having is not with SSH but with the initial connection.
So here is what you can do,
change /etc/host.allow:
ALL: 127.0.0.
ALL: 192.168.0. (Or whatever Class network your running)
in /etc/hosts.deny:
ALL: ALL
in you sshd_config file:
ListenAddress 0.0.0.0 (or change it to a local LAN address to be safer)
Also check your firewall if your runing one, fopr any rules concerning access to port 22 on the internal LAN
|
|
|
08-29-2001, 10:59 AM
|
#3
|
LQ Newbie
Registered: Aug 2001
Posts: 2
Original Poster
Rep:
|
I had already checked the firewall and it allowed port 22, so I knew that wasn't the culprit.
I'm sheepishly embarassed - I had looked at hosts.allow and hosts.deny at least a dozen times in the past two days trying to figure this out. Somehow, I inadvertently deleted a : at some point in time not knowing it. I had the following line in my hosts.deny file:
ALL EXCEPT .*****.***
Of course this should read
ALL: EXCEPT .*****.***
It took editing the files with your suggestions to find my problem.
Thanks!!
|
|
|
08-30-2001, 02:37 PM
|
#4
|
LQ Newbie
Registered: Aug 2001
Posts: 3
Rep:
|
sshd bind to port 22 on 0.0.0.0 failed
I am total confused. sshd -d stated:
Bind to port 22 on 0.0.0.0 failed. Address already in use.
Cannot bind any address.
At this point I can only ssh inside the same box. From another box, I got "Secure connection ... refused." I though this setup is pretty basic. Why it doesn't work. In the same box, Telnet got kicked out and the message is "Connection closed by foreign host." Can anyone walk me through it.
# $OpenBSD: sshd_config,v 1.34 2001/02/24 10:37:26 deraadt Exp $
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
Port 22
Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
#ServerKeyBits 1024
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
#X11Forwarding yes
#X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
# Logging
SyslogFacility AUTHPRIV
LogLevel DEBUG
#LogLevel INFO
#obsoletes QuietMode and FascistLogging
RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Comment to enable s/key passwords or PAM interactive authentication
# NB. Neither of these are compiled in by default. Please read the
# notes in the sshd(8) manpage before enabling this on a PAM system.
ChallengeResponseAuthentication no
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
#CheckMail yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
Subsystem sftp /usr/libexec/openssh/sftp-server
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd: 10.226.4.130
sshdfwd-X11: 10.226.4.130
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
====== keep it up =======
PS Why we want Open. I believe .. it won't stuck us. We need to achieve usability, convenience and availability ... the software gets evolve and free. Don't hold back men. $$$ is no everything men, just enjoy what we are doing. Wall Street doesn't provide solution, it is a speculation system.
|
|
|
All times are GMT -5. The time now is 08:34 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|