Re: ssh - cannot log in
- From: Rick Sewill <rsewill@xxxxxxxxxxxx>
- Date: Wed, 27 Jun 2007 01:39:43 -0500
If I were using a Linux ssh client, I would turn on the debug option.
Does Putty have a debug window one could look at which might give clues?
Does anything appear in the FC6 Linux log files?
In FC6 and FC7, /etc/syslog.conf sends authpriv.* to /var/log/secure
Is sshd running on FC6? What does "service sshd status" indicate?
Please examine /etc/ssh/sshd_config to see how sshd is configured. The
paranoid, in me, thinks one might not want to share sshd_config with
anyone without proper sanitization. Please look for the following:
# Specify names of users who can connect to this sshd.
AllowUsers name1 name2 name3
# Is your name on the list?
# Specify which port to listen on?
Port xyz
# Is this the port you are trying to connect to?
# Specify the ssh protocols accepted, default was Protocol 2,1
# Maybe someone limited it to ssh protocol 2
Protocol 2
# Maybe Putty is not trying to use the correct protocol?
# Specify which interface IP address to listen on, default all
ListenAddress 10.0.0.1
# Only allow clients to connect to 10.0.0.1 if above is in....
# Following will prevent password authentication.
# One would have to use some other form of authentication.
PasswordAuthentication no
UsePAM no
# -or-
UsePAM yes
ChallengeResponseAuthentication no
# Perhaps one is only allowing pubkeyauthentication
If push comes to shove and one couldn't get debug information from Putty
and/or log information from FC6, I might resort to wireshark to see if a
connection was established or an icmp error was returned when I tried to
connect. If a connection is established, ssh will encrypt communication
making any further use of Wireshark pointless.
Debug information from Putty and/or any log information from FC6 might
give us a clue. I am paranoid. Look at the information before sending
it to the list to make sure there is nothing, security-wise, the public
should not see.
On Tue, 2007-06-26 at 21:02 -0700, David Katz wrote:
I'm using Putty under XP to try to login to FC6 but it times out.
I can ping the external ip from my laptop.
Here's my iptables --list:
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT tcp -- anywhere anywhere tcp
dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
flags:SYN,RST,ACK/SYN
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:xdmcp
ACCEPT udp -- anywhere anywhere state NEW
udp dpt:xdmcp
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:x11
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:x11-ssh-offset
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
I've tried without the windows firewall. The router is open to port 22
and nats over to what I think is my workstation (how can I check this?)
Thanks for any help.
Note - ultimately I'd like to use X but right now I'm just trying to get
a login prompt.
Attachment:
signature.asc
Description: This is a digitally signed message part
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- References:
- ssh - cannot log in
- From: David Katz
- ssh - cannot log in
- Prev by Date: Re: 24 hour time in Thunderbird -
- Next by Date: Re: grub and partition
- Previous by thread: ssh - cannot log in
- Next by thread: Re: ssh - cannot log in
- Index(es):
Relevant Pages
|
