Been running SuSE 8.0 (kernel 2.2 I think?!) on a Pentium II 400mhz for
YEARS and it finally died. I used to port forward from my firewall
from an obscure port (we'll say 99) to the SSH port, port 22, and it
worked great. But after my SuSE 8.0 machine died, I decided it was
time to "modernize" so I installed SuSE 10.1 64-bit on a brand new
machine.
Now, I can't connect to the sshd from the outside any more. I'm using
essentially the same sshd_config file, and using tcpdump w/o
promiscuious mode, I can see the SSH traffic hitting the eth0
interface. I can also see the port forwarding through the firewall
(from 99 -> 22 and then of course tcpdump is watching port 22), and I
can see the traffic all the way through. Nothing shows up in syslog
however either.
But on the machine, it seems sshd itself isn't seeing the traffic.
NetFilter is NOT on, there is nothing blocking the traffic at the
machine level, sshd just seems not to answer? I tried setting the
ListenAddress, as I have two NICs in this machine, whereas my 8.0
machine only had one (actually, I think even it had two). For the life
of me I can't figure it out. Nothing in the sshd_config file
(attached) seems to stare out at me. Was just wondering if anyone had
any ideas.
I had a similar issue at work where I installed SuSE 10.0, and invited
a colleage to ssh into the box and he couldn't, but on the local LAN, I
could. Same here as well, BTW. On the local LAN (192.168.0.0/24), I
can SSH into the new box just fine. It's just when the connection
comes from a port forward, it doesn't work. (And I never changed the
firewall really from when my 8.0 box was working. I configered my new
10.1 box the same and expected it to work.)
My sshd_config file is attached if anyone has any ideas. Pretend I am
user 'foo' of course (see last lines in sshd_config).
GOT to get this working and any help is appreciated greatly...
SSHD Version: OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005
/usr/ceo
--- sshd_config:
Port 22
#Protocol 2,1
ListenAddress 192.168.0.2
ListenAddress 192.168.0.4
GatewayPorts yes
# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging
# Authentication:
LoginGraceTime 600
PermitRootLogin yes
StrictModes no
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in
/etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
ChallengeResponseAuthentication no
# Uncomment to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of
'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
#PrintLastLog no
KeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
Subsystem sftp /usr/lib/ssh/sftp-server
AllowUsers foo bar
|
Similar Threads
Linear Mode
