NEW: cannot ssh to my computer

Ivan Georgiev georgiev at vt.edu
Mon Nov 22 13:26:18 PST 2004 

On Monday 22 November 2004 02:59 pm, Shantanoo Mahajan wrote:
> +++ Ivan Georgiev [freebsd] [22-11-04 07:41 -0500]:
> | On Monday 22 November 2004 06:39 am, Dick Davies wrote:
> | > * Panagiotis Christias <christias at gmail.com> [1116 09:16]:
> | > > On Mon, 22 Nov 2004 00:05:33 -0500, Ivan Georgiev <georgiev at vt.edu> 
wrote:
> | > > > Just another thing ...
> | > > >
> | > > > If I remove myself from the group wheel then I CAN ssh to my
> | > > > computer; if I put myself back to wheel - then CANNOT ssh to the
> | > > > computer.
> | > > >
> | > > > How can I ssh and be a member of the wheel group?
> | > >
> | > > In that case, maybe "PermitRootLogin yes" in /etc/ssh/sshd_config and
> | > > restarting sshd would help.
> | >
> | > That setting shouldn't affect wheel logins.
> |
> | Changing PermitRootLogin to "yes" didn't do it ....
>
> what's in /etc/hosts.allow?

Whatever is in the default 5-3-RELEASE installation. I haven't touched that :

ALL : ALL : allow

#sshd : .evil.cracker.example.com : deny

ALL : PARANOID : RFC931 20 : deny

ALL : localhost 127.0.0.1 [::1] : allow
ALL : my.machine.example.com 192.0.2.35 : allow

ALL : [fe80::%fxp0]/10 : allow
ALL : [fe80::]/10 : deny
ALL : [2001:db8:2:1:2:3:4:3fe1] : deny
ALL : [2001:db8:2:1::]/64 : allow

sendmail : localhost : allow
sendmail : .nice.guy.example.com : allow
sendmail : .evil.cracker.example.com : deny
sendmail : ALL : allow

exim : localhost : allow
exim : .nice.guy.example.com : allow
exim : .evil.cracker.example.com : deny
exim : ALL : allow

rpcbind : 192.0.2.32/255.255.255.224 : allow
rpcbind : 192.0.2.96/255.255.255.224 : allow
rpcbind : ALL : deny

ypserv : localhost : allow
ypserv : .unsafe.my.net.example.com : deny
ypserv : .my.net.example.com : allow
ypserv : ALL : deny

ftpd : localhost : allow
ftpd : .nice.guy.example.com : allow
ftpd : .evil.cracker.example.com : deny
ftpd : ALL : allow

fingerd : ALL \
        : spawn (echo Finger. | \
         /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \
        : deny

ALL : ALL \
        : severity auth.info \
        : twist /bin/echo "You are not welcome to use %d from %h."

More information about the freebsd-questions mailing list