There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Linux and Unix
Tag Cloud
access acer asus bios bsod computer crash drive driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory monitor motherboard music network obp printer problem ram random registry router security slow software sound toshiba trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Operating Systems > Linux and Unix >
SSH Issues...

Reply  
Thread Tools
Gibble's Avatar
Distinguished Member with 27,127 posts.
 
Join Date: Oct 2001
Location: Striking or Scoring
Experience: The Alpha and Omega
06-Jan-2005, 11:42 AM #1
SSH Issues...
Ok, I set up a freeBSD 4.10 machine, it's a pretty bare install. I plan to install everything in jails. But that's not the issue (yet)

I'm having issue with SSH. I installed OpenSSH 3.6.1 and from computers outside the network, I can connect. But from computers behind my freeBSD machine (it's running natd) I get a login prompt, so I type the username...but I don't get a prompt for the password.

What the hell is wrong?
__________________
izme: You know...it's kind of nice to sit atop Civilized debate and look down below on all of the uncivilized master debating we are here...just out of the fight zone

Gibble: Now you know what it's like to be Canadian.
Squashman's Avatar
Trusted Advisor with 18,705 posts.
 
Join Date: Apr 2003
Location: 1265 Lombardi Ave
Experience: Bocks of Rox
06-Jan-2005, 11:45 AM #2
Would really help to see the conf file, dont you think?
Gibble's Avatar
Distinguished Member with 27,127 posts.
 
Join Date: Oct 2001
Location: Striking or Scoring
Experience: The Alpha and Omega
06-Jan-2005, 11:46 AM #3
Everything is set to defaults...but which conf file? sshd?
deuce868's Avatar
Senior Member with 638 posts.
 
Join Date: Nov 2000
Location: MI
06-Jan-2005, 11:50 AM #4
sounds like your firewall is not letting things back out. Check that you have related on as well as port 22 both ways.
Gibble's Avatar
Distinguished Member with 27,127 posts.
 
Join Date: Oct 2001
Location: Striking or Scoring
Experience: The Alpha and Omega
06-Jan-2005, 11:56 AM #5
Currently my firewall is set to OPEN ... so shouldn't that be letting everything through both ways?
Squashman's Avatar
Trusted Advisor with 18,705 posts.
 
Join Date: Apr 2003
Location: 1265 Lombardi Ave
Experience: Bocks of Rox
06-Jan-2005, 01:45 PM #6
Well, I can tell you for starters that you should not run Open SSH in its default configuration. Version 3.6.1 had many vulnerabilites. I am trying to find the one that lets you login without a password if you are running SSH version 1.

So do we get to see the config file.
Gibble's Avatar
Distinguished Member with 27,127 posts.
 
Join Date: Oct 2001
Location: Striking or Scoring
Experience: The Alpha and Omega
06-Jan-2005, 01:56 PM #7
Code:
#       $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
#       $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.13 2003/09/24 19:28:35 des Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20030924

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress MY EXTERNAL IP HERE

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 120
#PermitRootLogin no
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server
Gibble's Avatar
Distinguished Member with 27,127 posts.
 
Join Date: Oct 2001
Location: Striking or Scoring
Experience: The Alpha and Omega
06-Jan-2005, 01:57 PM #8
Quote:
Originally Posted by LwdSquashman
Well, I can tell you for starters that you should not run Open SSH in its default configuration. Version 3.6.1 had many vulnerabilites. I am trying to find the one that lets you login without a password if you are running SSH version 1.

So do we get to see the config file.
It's just odd that I can log in from a PC outside the network, but not from one inside the network ...
Squashman's Avatar
Trusted Advisor with 18,705 posts.
 
Join Date: Apr 2003
Location: 1265 Lombardi Ave
Experience: Bocks of Rox
06-Jan-2005, 02:27 PM #9
Do you have multiple NICs setup in your machine. I am wondering why you have the listen address setup.
Squashman's Avatar
Trusted Advisor with 18,705 posts.
 
Join Date: Apr 2003
Location: 1265 Lombardi Ave
Experience: Bocks of Rox
06-Jan-2005, 02:39 PM #10
Here are some things you should think about changing:

Code:
Port 22
Protocol 2
PermitRootLogin no
X11Forwarding no
KeepAlive yes
Compression yes
MaxStartups 10 (or whatever you want)
PermitEmptyPasswords no
PasswordAuthentication yes
ReverseMappingCheck no
GatewayPorts no
AllowGroups ssh ( or whatever group name you want to call it)
PrintMotd yes
Gibble's Avatar
Distinguished Member with 27,127 posts.
 
Join Date: Oct 2001
Location: Striking or Scoring
Experience: The Alpha and Omega
06-Jan-2005, 03:06 PM #11
Quote:
Originally Posted by LwdSquashman
Do you have multiple NICs setup in your machine. I am wondering why you have the listen address setup.
The listen address is setup for two reasons.
1. Yes I have two NIC's this server is running NAT for my internal network. So NIC1 has my external IP, and NIC2 has the internal IP 192.168.0.1

2. Since I plan on running apache, mysql, etc in jails, and to gain access to each jail they each have to run SSH (or some will anyhow) then the nonjailed portion of the machine should only listen to ssh requests on it's IPs, not just any that resolve to the machine, as the jails get their own IPs and their SSH daemons will listen on their IPs

But since the Jails aren't yet setup, I don't know why I can SSH to the machine from outside the network, but not inside. When I attempt to SSH to the machine internally, I get the login prompt, but after entering the username, it does nothing, and I don't get the password prompt, it just timesout or something...
__________________
izme: You know...it's kind of nice to sit atop Civilized debate and look down below on all of the uncivilized master debating we are here...just out of the fight zone

Gibble: Now you know what it's like to be Canadian.
Squashman's Avatar
Trusted Advisor with 18,705 posts.
 
Join Date: Apr 2003
Location: 1265 Lombardi Ave
Experience: Bocks of Rox
06-Jan-2005, 03:16 PM #12
Did you try putting the listen address of your internal nic in that list.
Squashman's Avatar
Trusted Advisor with 18,705 posts.
 
Join Date: Apr 2003
Location: 1265 Lombardi Ave
Experience: Bocks of Rox
06-Jan-2005, 03:31 PM #13
I would comment out the listenaddress line. THe listenaddress is for when you have multiple nics and you only want one of the nics to respond to ssh.
Gibble's Avatar
Distinguished Member with 27,127 posts.
 
Join Date: Oct 2001
Location: Striking or Scoring
Experience: The Alpha and Omega
06-Jan-2005, 03:34 PM #14
Quote:
Originally Posted by LwdSquashman
I would comment out the listenaddress line. THe listenaddress is for when you have multiple nics and you only want one of the nics to respond to ssh.
I will need it, since this machine will have several different IPs because of the jails which will run their own ssh daemons and I they have to be held seperate.

But I'll add the internal IP as well and see if that fixes the problem (but I won't know until this evening when I am at one of the internal machines)
__________________
izme: You know...it's kind of nice to sit atop Civilized debate and look down below on all of the uncivilized master debating we are here...just out of the fight zone

Gibble: Now you know what it's like to be Canadian.
Squashman's Avatar
Trusted Advisor with 18,705 posts.
 
Join Date: Apr 2003
Location: 1265 Lombardi Ave
Experience: Bocks of Rox
06-Jan-2005, 03:47 PM #15
Well according to one of my online buddies, you dont need to bind the addresses in the config. Nat Redirection should take care of it.
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 01:49 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

Powered by Cermak Technologies, Inc.