sshd behaviour

[Nathan Kinkade]

On Wed, Mar 16, 2005 at 10:41:09AM +0300, Eugene M. Minkovskii wrote:
> Hi. I see strange to me behaviour of sshd. Please tell me is it
> bug or feature?
> 
> I use following network configuration:
> 
> #######    ###########    ##########
> # LAN # -> # gateway # -> # router #
> #######    ###########    ##########
> 
> Gateway machine has sshd. Normally I work from LAN on the gateway
> good. But when connection with provider's router broken:
> 
> #######    ###########      ##########
> # LAN # -> # gateway # -X-> # router #
> #######    ###########      ##########
> 
> I can't login from LAN to gateway. Moreover, I can't login from
> gateway to itself, using loop interface. But other Network
> servicec working good. For example, I can do
> # telnet gateway 25
> from LAN.
> 
> Provider's router is default router in /etc/rc.conf.

As another poster mentioned, the problem is likely related to DNS, and I
have experienced it as well.  If you are using Privilege Separation,
then an sshd process will chroot itself into /var/empty before
performing authentication.  /var/empty is itself usually empty.  One
thing you can do is to make the dir /var/empty/etc and then drop a copy
of your /etc/hosts file into the newly created /var/empty/etc/
directory.  You might want to make sure that the hosts file contains a
mapping to the LAN machines which you want to ssh from.

Keep in mind that /var/empty has the schg flag set, so you won't be able
to copy anything to it without disabling this first.  See more at `man
chflags`.  Try something like this:

# chflags -R noschg /var/empty
# mkdir /var/empty/etc
# cp /etc/hosts /var/empty/etc
# chflags -R schg /var/empty

This will likely clear up your problem.

Nathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050316/7f188ebe/attachment.bin