Simon Chang wrote:

  OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to [x.x.x.x] port 22.

What is really baffling is that if I try the exact same thing from, say,
a cygwin session on a host on the private network - this works fine.
So ... it's not a firewall problem as near as I can tell.  It may be
an ssh configuration problem - that is, the FreeBSD ssh client can't do
it, but another client (cygwin) can.

It would be helpful if you include your firewall ruleset, plus
sshd_config.  It's possible that one or more is misconfigured, but we
would have no way of knowing without your telling us about them.


I have opened up the firewall entirely just to test, and this does
not solve the problem:

00100  162  18088 divert 8668 ip from any to any via fxp0
00100    0      0 allow ip from any to any via lo0
00200    0      0 deny ip from any to
00300    0      0 deny ip from to any
65000  206  21586 allow ip from any to any
65535 3872 652732 deny ip from any to any

The ssh config is untouched and has only comments in it:

#       $OpenBSD: ssh_config,v 1.22 2006/05/29 12:56:33 dtucker Exp $
#       $FreeBSD: src/crypto/openssh/ssh_config,v 2006/11/11 00:51:28 
des Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP no
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers 
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VersionAddendum FreeBSD-20061110

Tim Daneliuk     [EMAIL PROTECTED]
PGP Key:

_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to