You are not logged in.
- Topics: Active | Unanswered
#1 2005-03-15 12:46:52
- wroot
- Member
- Registered: 2005-02-22
- Posts: 26
Cant connect to sshd with PuTTY
Hi,
i'm trying to connect to my Archlinux 0.7 server with ssh (PuTTY). I've installed openssh. I'm new to this, so maybe i have misconfigured something?
here is my sshd_config:
# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 22
Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 1h
ServerKeyBits 1024
# Logging
#obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 1m
PermitRootLogin no
StrictModes yes
MaxAuthTries 3
RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts yes
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
my iptables -L output:
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 10.1.5.0/24 anywhere tcp dpt:5222
ACCEPT tcp -- 10.1.5.0/24 anywhere tcp dpt:9091 MAC 00:0B:6A:24:E8:AC
ACCEPT tcp -- 10.1.5.0/24 anywhere tcp dpt:9091 MAC 00:0B:6A:24:E8:C7
ACCEPT tcp -- 10.1.5.0/24 anywhere tcp dpt:ssh MAC 00:0B:6A:24:E8:C7
ACCEPT tcp -- 10.1.5.0/24 anywhere tcp dpt:ssh MAC 00:0B:6A:24:E8:AC
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
win machine netstat:
C:Documents and Settings<my_profile>>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP <my_pc>:epmap <my_pc>:0 LISTENING
TCP <my_pc>:microsoft-ds <my_pc>:0 LISTENING
TCP <my_pc>:3389 <my_pc>:0 LISTENING
TCP <my_pc>:netbios-ssn <my_pc>:0 LISTENING
TCP <my_pc>:1292 10.1.5.200:netbios-ssn ESTABLISHE
TCP <my_pc>:2044 auste.elnet.lt:pop3 TIME_WAIT
TCP <my_pc>:2045 mail.rambler.ru:http TIME_WAIT
TCP <my_pc>:2046 images.rambler.ru:http TIME_WAIT
TCP <my_pc>:2047 images.rambler.ru:http TIME_WAIT
TCP <my_pc>:1026 <my_pc>:0 LISTENING
TCP <my_pc>:1034 <my_pc>:0 LISTENING
TCP <my_pc>:1034 localhost:2043 TIME_WAIT
TCP <my_pc>:1078 localhost:1079 ESTABLISHED
TCP <my_pc>:1079 localhost:1078 ESTABLISHED
UDP <my_pc>:microsoft-ds *:*
UDP <my_pc>:isakmp *:*
UDP <my_pc>:1025 *:*
UDP <my_pc>:1035 *:*
UDP <my_pc>:1036 *:*
UDP <my_pc>:1263 *:*
UDP <my_pc>:1329 *:*
UDP <my_pc>:1870 *:*
UDP <my_pc>:2967 *:*
UDP <my_pc>:4500 *:*
UDP <my_pc>:ntp *:*
UDP <my_pc>:netbios-ns *:*
UDP <my_pc>:netbios-dgm *:*
UDP <my_pc>:1900 *:*
UDP <my_pc>:ntp *:*
UDP <my_pc>:1900 *:*
server netstat:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:9090 *:* LISTEN
tcp 0 0 *:9091 *:* LISTEN
tcp 0 0 *:5222 *:* LISTEN
udp 0 0 *:5353 *:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 4034 /dev/log
unix 2 [ ] DGRAM 1057 @udevd
unix 2 [ ] STREAM CONNECTED 6444
then trying to connect to server win netstat shows ESTABLISHED and then it's gone. There is no errors, PuTTY window hangs for some time and closes. I can only hear server HDD(old IBM) working sound when trying to connect, so it's actually doing something.
Have tried to change port, to disable iptables. No result. Maybe i have to generate some keys or smthing? How? Or maybe my config is wrong. I dont need very strong security, so maybe i can comment something?
Offline
#2 2005-03-15 13:04:41
- sorcerer
- Member
- Registered: 2005-02-25
- Posts: 18
Re: Cant connect to sshd with PuTTY
did you check your /etc/hosts.deny (this defaults to deny all in arch)
Offline
#3 2005-03-15 13:07:16
- lucke
- Member
- From: Poland
- Registered: 2004-11-30
- Posts: 4,018
Re: Cant connect to sshd with PuTTY
Yep. But instead of modifying hosts.deny, just add 'sshd:ALL' (or whatever policy suits you) to hosts.allow.
Offline
#4 2005-03-15 14:35:37
- wroot
- Member
- Registered: 2005-02-22
- Posts: 26
Re: Cant connect to sshd with PuTTY
Yep. But instead of modifying hosts.deny, just add 'sshd:ALL' (or whatever policy suits you) to hosts.allow.
i've added
sshd : 10.1.5.0/24
to hosts.allow
but still cant connect..
Offline
#5 2005-03-15 14:47:30
- wroot
- Member
- Registered: 2005-02-22
- Posts: 26
Re: Cant connect to sshd with PuTTY
finally it works:)
but only with sshd:ALL
hmm. how can i restrict access by only local network?
Offline
#6 2005-03-15 14:48:37
- lucke
- Member
- From: Poland
- Registered: 2004-11-30
- Posts: 4,018
Re: Cant connect to sshd with PuTTY
Try 'sshd : 10.1.5.0/255.255.255.0 : allow'.
Offline
#7 2005-03-15 20:51:52
- cactus
- Taco Eater
- From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
- Registered: 2004-05-25
- Posts: 4,622
- Website
Re: Cant connect to sshd with PuTTY
sshd: 10.1.5.
note the trailing . it is not a typo
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
#8 2005-03-16 09:51:20
- wroot
- Member
- Registered: 2005-02-22
- Posts: 26
Re: Cant connect to sshd with PuTTY
thanx, both ways works fine:)
Offline