[lug] Problem with sshd

D. Stimits stimits at idcomm.com
Tue Oct 2 14:15:33 MDT 2001 

The config looks ok to me. Do you have file /etc/pam.d/sshd? Mine reads:
#%PAM-1.0
auth       required     /lib/security/pam_pwdb.so shadow nodelay
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_pwdb.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_pwdb.so shadow nullok
use_authtok
session    required     /lib/security/pam_pwdb.so
session    required     /lib/security/pam_limits.so


carl.wagner at level3.com wrote:
> 
> Hi,
> 
> I can't seem to log into my Linux box using SSH.  And I don't know why.
> This is RH/Krud 7.1
> 
> $ ps -ef | grep sshd
> root       756     1  0 01:05 ?        00:00:00 sshd
> root     13059 12514  0 19:48 pts/0    00:00:00 grep sshd
> 
>  $ chkconfig --list | grep ssh
> sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
> 
>  $ ipchains -L | grep ssh
> ACCEPT     tcp  -y----  anywhere             anywhere              any ->
> ssh
> 
> "ssh localhost" works.
> 
> I am unable to find the sshd process's port when doing a netstat -a.
> 
> Does anyone know what I am doing wrong?
> 
> Thanks,
> Carl.
> 
> =================================
> from a remote box:
> 
> $ ssh -v xx.xx.xx.xx
> SSH Version 1.2.25 [sparc-sun-solaris2.6], protocol version 1.5.
> Standard version.  Does not use RSAREF.
> spot: Reading configuration data /etc/ssh_config
> spot: ssh_connect: getuid 102 geteuid 0 anon 0
> spot: Connecting to xx.xx.xx.xx port 22.
> spot: Allocated local port 1023.
> spot: connect: Connection timed out
> spot: Trying again...
> spot: Connecting to xx.xx.xx.xx port 22.
> spot: Allocated local port 1023.
> spot: connect: Connection timed out
> spot: Trying again...
> 
> ===========================
> 
> [root at carl08 ssh]# cat sshd_config
> #       $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $
> 
> # This sshd was compiled with PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
> 
> # This is the sshd server system-wide configuration file.  See sshd(8)
> # for more information.
> 
> Port 22
> #Protocol 2,1
> #ListenAddress 0.0.0.0
> #ListenAddress ::
> HostKey /etc/ssh/ssh_host_key
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_dsa_key
> ServerKeyBits 768
> LoginGraceTime 600
> KeyRegenerationInterval 3600
> PermitRootLogin yes
> #
> # Don't read ~/.rhosts and ~/.shosts files
> IgnoreRhosts yes
> # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
> #IgnoreUserKnownHosts yes
> StrictModes yes
> X11Forwarding no
> X11DisplayOffset 10
> PrintMotd yes
> #PrintLastLog no
> KeepAlive yes
> 
> # Logging
> SyslogFacility AUTH
> LogLevel INFO
> #obsoletes QuietMode and FascistLogging
> 
> RhostsAuthentication no
> #
> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
> RhostsRSAAuthentication no
> # similar for protocol version 2
> HostbasedAuthentication no
> #
> RSAAuthentication yes
> 
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication yes
> PermitEmptyPasswords no
> 
> # Uncomment to disable s/key passwords
> #ChallengeResponseAuthentication no
> 
> # Uncomment to enable PAM keyboard-interactive authentication
> # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
> #PAMAuthenticationViaKbdInt yes
> 
> # To change Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #AFSTokenPassing no
> #KerberosTicketCleanup no
> 
> # Kerberos TGT Passing does only work with the AFS kaserver
> #KerberosTgtPassing yes
> 
> #CheckMail yes
> #UseLogin no
> 
> #MaxStartups 10:30:60
> #Banner /etc/issue.net
> #ReverseMappingCheck yes
> 
> Subsystem       sftp    /usr/libexec/openssh/sftp-server
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list