An ssh Question
Tim Daneliuk
tundra at tundraware.com
Sat Jul 7 17:02:44 UTC 2007
Simon Chang wrote:
>>
>> OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug2: ssh_connect: needpriv 0
>> debug1: Connecting to xxxxxxxxxxxxxx.com [x.x.x.x] port 22.
>>
>>
>> What is really baffling is that if I try the exact same thing from, say,
>> a cygwin session on a host on the private network - this works fine.
>> So ... it's not a firewall problem as near as I can tell. It may be
>> an ssh configuration problem - that is, the FreeBSD ssh client can't do
>> it, but another client (cygwin) can.
>
> It would be helpful if you include your firewall ruleset, plus
> sshd_config. It's possible that one or more is misconfigured, but we
> would have no way of knowing without your telling us about them.
>
> SC
I have opened up the firewall entirely just to test, and this does
not solve the problem:
00100 162 18088 divert 8668 ip from any to any via fxp0
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
65000 206 21586 allow ip from any to any
65535 3872 652732 deny ip from any to any
The ssh config is untouched and has only comments in it:
# $OpenBSD: ssh_config,v 1.22 2006/05/29 12:56:33 dtucker Exp $
# $FreeBSD: src/crypto/openssh/ssh_config,v 1.27.2.4 2006/11/11 00:51:28 des Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP no
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VersionAddendum FreeBSD-20061110
--
----------------------------------------------------------------------------
Tim Daneliuk tundra at tundraware.com
PGP Key: http://www.tundraware.com/PGP/
More information about the freebsd-questions
mailing list