LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   SSH is blocking my connections (https://www.linuxquestions.org/questions/linux-security-4/ssh-is-blocking-my-connections-34211/)

tarballedtux 10-30-2002 07:14 PM
SSH is blocking my connections
 
OK I've beed trying to SSH to my LAN from an external host. I've gotten past configuring my firewall correctly. When I try to SSH to my box, PuTTY terminated without error. When I checked /var/log/messages it said:

SSHD: refused connect from xx.xx.xx.xx (xx.xx.xx.xx)

I made sure to make SSH listen on that interface. I known that SSH is listening because I can SSH out to a host and then back in. Any ideas?


--tarballedtux

lowlifeish 10-30-2002 09:44 PM
edit your sshd_config

Adding the line:
ListenAddress 192.168.0.1

Or whatever the server's address is should correct your problem.

- lowlife

markus1982 10-31-2002 01:22 AM
If you're running SSH over xinetd check the only_from line in the ssh configuration. Running tcp_wrappers? (/etc/hosts.allow, /etc/hosts.deny)

daxy 10-31-2002 06:22 AM
99% change this is your /etc/hosts.allow file :)
enter this line to allow SSH connections from everywhere:
sshd: ALL

or from just 1 subnet:
sshd: 192.168.0.0/255.255.255.0

tarballedtux 10-31-2002 08:16 AM
OK, I should have said this the first time, but I already did put in an entry for SSHD in hosts.allow

SSHD: xx.34.56.

because there is a range of addresses that the connections will be coming from.

I also already said I put in a listen directive in sshd.conf

ListenAddress xx.xx.xx.xx

Which is the IP of the interface that touches the internet.
So I'm still confused. Maybe I will try a SSHD: ALL for testing purposes.


--tarballedtux

daxy 10-31-2002 08:19 AM
Try and find out :)
Also take a look in /var/log/auth.log which tells you probably more...

unSpawn 10-31-2002 10:14 AM
but I already did put in an entry for SSHD in hosts.allow
SSHD: xx.34.56.
Had the same prob time ago. If you have "ALL: ALL" in /etc/hosts.deny then it rules out the "ssh: xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy" in /etc/hosts.deny.
I think this ./makes sense, because you already restrict access in .*allow before .*deny is read, at least that's what I think the man page sez.

stickman 11-01-2002 01:28 PM
TCP Wrappers checks for matches in hosts.allow then hosts.deny. If no match is found in either, then the connection is allowed. It's best to put "ALL : ALL" in your hosts.deny so that it covers everthing that is not explicity named in hosts.allow.

unSpawn 11-01-2002 04:19 PM
Oops, my mistake, thnx for correcting Stickman.


All times are GMT -5. The time now is 12:02 AM.