[lug] Problem with sshd

Chip Atkinson catkinson at circadence.com
Tue Oct 2 14:06:12 MDT 2001


Try netstat -l.  Here's what I get with that:

[chip at crossroads FEBE]$ netstat -l | more
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:5634                  *:*                     LISTEN
tcp        0      0 *:trivnet1              *:*                     LISTEN
tcp        0      0 *:mysql                 *:*                     LISTEN
tcp        0      0 *:6000                  *:*                     LISTEN
tcp        0      0 *:www-http              *:*                     LISTEN
tcp        0      0 *:32787                 *:*                     LISTEN
tcp        0      0 *:ssh                   *:*                     LISTEN
tcp        0      0 *:ipp                   *:*                     LISTEN
tcp        0      0 *:smtp                  *:*                     LISTEN
udp        0      0 localhost.localdom:1119 *:*
udp        0      0 *:ipp                   *:*

<snip>

Also, look at /etc/hosts.allow and /etc/hosts.deny.  Both those are 
looked at by sshd.

Chip

carl.wagner at level3.com wrote:

> Hi,
> 
> I can't seem to log into my Linux box using SSH.  And I don't know why.
> This is RH/Krud 7.1
> 
> $ ps -ef | grep sshd
> root       756     1  0 01:05 ?        00:00:00 sshd
> root     13059 12514  0 19:48 pts/0    00:00:00 grep sshd
> 
>  $ chkconfig --list | grep ssh
> sshd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
> 
>  $ ipchains -L | grep ssh
> ACCEPT     tcp  -y----  anywhere             anywhere              any ->  
> ssh
> 
> "ssh localhost" works.
> 
> I am unable to find the sshd process's port when doing a netstat -a.
> 
> Does anyone know what I am doing wrong?
> 
> 
> Thanks,
> Carl.
> 
> 
> 
> =================================
> from a remote box:
> 
> $ ssh -v xx.xx.xx.xx
> SSH Version 1.2.25 [sparc-sun-solaris2.6], protocol version 1.5.
> Standard version.  Does not use RSAREF.
> spot: Reading configuration data /etc/ssh_config
> spot: ssh_connect: getuid 102 geteuid 0 anon 0
> spot: Connecting to xx.xx.xx.xx port 22.
> spot: Allocated local port 1023.
> spot: connect: Connection timed out
> spot: Trying again...
> spot: Connecting to xx.xx.xx.xx port 22.
> spot: Allocated local port 1023.
> spot: connect: Connection timed out
> spot: Trying again...
> 
> 
> ===========================
> 
> [root at carl08 ssh]# cat sshd_config
> #	$OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $
> 
> # This sshd was compiled with PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
> 
> # This is the sshd server system-wide configuration file.  See sshd(8)
> # for more information.
> 
> Port 22
> #Protocol 2,1
> #ListenAddress 0.0.0.0
> #ListenAddress ::
> HostKey /etc/ssh/ssh_host_key
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_dsa_key
> ServerKeyBits 768
> LoginGraceTime 600
> KeyRegenerationInterval 3600
> PermitRootLogin yes
> #
> # Don't read ~/.rhosts and ~/.shosts files
> IgnoreRhosts yes
> # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
> #IgnoreUserKnownHosts yes
> StrictModes yes
> X11Forwarding no
> X11DisplayOffset 10
> PrintMotd yes
> #PrintLastLog no
> KeepAlive yes
> 
> # Logging
> SyslogFacility AUTH
> LogLevel INFO
> #obsoletes QuietMode and FascistLogging
> 
> RhostsAuthentication no
> #
> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
> RhostsRSAAuthentication no
> # similar for protocol version 2
> HostbasedAuthentication no
> #
> RSAAuthentication yes
> 
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication yes
> PermitEmptyPasswords no
> 
> # Uncomment to disable s/key passwords 
> #ChallengeResponseAuthentication no
> 
> # Uncomment to enable PAM keyboard-interactive authentication 
> # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
> #PAMAuthenticationViaKbdInt yes
> 
> # To change Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #AFSTokenPassing no
> #KerberosTicketCleanup no
> 
> # Kerberos TGT Passing does only work with the AFS kaserver
> #KerberosTgtPassing yes
> 
> #CheckMail yes
> #UseLogin no
> 
> #MaxStartups 10:30:60
> #Banner /etc/issue.net
> #ReverseMappingCheck yes
> 
> Subsystem	sftp	/usr/libexec/openssh/sftp-server
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug




More information about the LUG mailing list