You are not logged in.

#1 2005-03-15 12:46:52

wroot
Member
Registered: 2005-02-22
Posts: 26

Cant connect to sshd with PuTTY

Hi,

i'm trying to connect to my Archlinux 0.7 server with ssh (PuTTY). I've installed openssh. I'm new to this, so maybe i have misconfigured something?

here is my sshd_config:

#    $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 22
Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 1h
ServerKeyBits 1024

# Logging
#obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO

# Authentication:

LoginGraceTime 1m
PermitRootLogin no
StrictModes yes
MaxAuthTries 3

RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile    .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts yes
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no

#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem    sftp    /usr/lib/ssh/sftp-server

my iptables -L output:

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  10.1.5.0/24          anywhere            tcp dpt:5222
ACCEPT     tcp  --  10.1.5.0/24          anywhere            tcp dpt:9091 MAC 00:0B:6A:24:E8:AC
ACCEPT     tcp  --  10.1.5.0/24          anywhere            tcp dpt:9091 MAC 00:0B:6A:24:E8:C7
ACCEPT     tcp  --  10.1.5.0/24          anywhere            tcp dpt:ssh MAC 00:0B:6A:24:E8:C7
ACCEPT     tcp  --  10.1.5.0/24          anywhere            tcp dpt:ssh MAC 00:0B:6A:24:E8:AC

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

win machine netstat:

C:Documents and Settings<my_profile>>netstat -a

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    <my_pc>:epmap           <my_pc>:0               LISTENING
  TCP    <my_pc>:microsoft-ds    <my_pc>:0               LISTENING
  TCP    <my_pc>:3389            <my_pc>:0               LISTENING
  TCP    <my_pc>:netbios-ssn     <my_pc>:0               LISTENING
  TCP    <my_pc>:1292            10.1.5.200:netbios-ssn  ESTABLISHE
  TCP    <my_pc>:2044            auste.elnet.lt:pop3    TIME_WAIT
  TCP    <my_pc>:2045            mail.rambler.ru:http   TIME_WAIT
  TCP    <my_pc>:2046            images.rambler.ru:http  TIME_WAIT
  TCP    <my_pc>:2047            images.rambler.ru:http  TIME_WAIT
  TCP    <my_pc>:1026            <my_pc>:0               LISTENING
  TCP    <my_pc>:1034            <my_pc>:0               LISTENING
  TCP    <my_pc>:1034            localhost:2043         TIME_WAIT
  TCP    <my_pc>:1078            localhost:1079         ESTABLISHED
  TCP    <my_pc>:1079            localhost:1078         ESTABLISHED
  UDP    <my_pc>:microsoft-ds    *:*
  UDP    <my_pc>:isakmp          *:*
  UDP    <my_pc>:1025            *:*
  UDP    <my_pc>:1035            *:*
  UDP    <my_pc>:1036            *:*
  UDP    <my_pc>:1263            *:*
  UDP    <my_pc>:1329            *:*
  UDP    <my_pc>:1870            *:*
  UDP    <my_pc>:2967            *:*
  UDP    <my_pc>:4500            *:*
  UDP    <my_pc>:ntp             *:*
  UDP    <my_pc>:netbios-ns      *:*
  UDP    <my_pc>:netbios-dgm     *:*
  UDP    <my_pc>:1900            *:*
  UDP    <my_pc>:ntp             *:*
  UDP    <my_pc>:1900            *:*

server netstat:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State     
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp        0      0 *:9090                  *:*                     LISTEN     
tcp        0      0 *:9091                  *:*                     LISTEN     
tcp        0      0 *:5222                  *:*                     LISTEN     
udp        0      0 *:5353                  *:*                                 
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     4034   /dev/log
unix  2      [ ]         DGRAM                    1057   @udevd
unix  2      [ ]         STREAM     CONNECTED     6444   

then trying to connect to server win netstat shows ESTABLISHED and then it's gone. There is no errors, PuTTY window hangs for some time and closes. I can only hear server HDD(old IBM) working sound when trying to connect, so it's actually doing something.

Have tried to change port, to disable iptables. No result. Maybe i have to generate some keys or smthing? How? Or maybe my config is wrong. I dont need very strong security, so maybe i can comment something?

Offline

#2 2005-03-15 13:04:41

sorcerer
Member
Registered: 2005-02-25
Posts: 18

Re: Cant connect to sshd with PuTTY

did you check your /etc/hosts.deny (this defaults to deny all in arch)

Offline

#3 2005-03-15 13:07:16

lucke
Member
From: Poland
Registered: 2004-11-30
Posts: 4,018

Re: Cant connect to sshd with PuTTY

Yep. But instead of modifying hosts.deny, just add 'sshd:ALL' (or whatever policy suits you) to hosts.allow.

Offline

#4 2005-03-15 14:35:37

wroot
Member
Registered: 2005-02-22
Posts: 26

Re: Cant connect to sshd with PuTTY

lucke wrote:

Yep. But instead of modifying hosts.deny, just add 'sshd:ALL' (or whatever policy suits you) to hosts.allow.

i've added

sshd : 10.1.5.0/24

to hosts.allow

but still cant connect..

Offline

#5 2005-03-15 14:47:30

wroot
Member
Registered: 2005-02-22
Posts: 26

Re: Cant connect to sshd with PuTTY

finally it works:)

but only with sshd:ALL

hmm. how can i restrict access by only local network?

Offline

#6 2005-03-15 14:48:37

lucke
Member
From: Poland
Registered: 2004-11-30
Posts: 4,018

Re: Cant connect to sshd with PuTTY

Try 'sshd : 10.1.5.0/255.255.255.0 : allow'.

Offline

#7 2005-03-15 20:51:52

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: Cant connect to sshd with PuTTY

sshd: 10.1.5.

note the trailing . it is not a typo


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#8 2005-03-16 09:51:20

wroot
Member
Registered: 2005-02-22
Posts: 26

Re: Cant connect to sshd with PuTTY

thanx, both ways works fine:)

Offline

Board footer

Powered by FluxBB