----- Original Message ----- 
From: "Kevin D. Kinsey, DaleCo, S.P." <[EMAIL PROTECTED]>
Sent: Tuesday, April 13, 2004 4:19 AM
Subject: Re: ssh Connection refused

> RazorOnFreeBSD wrote:
> >I have a firewall and it's running.
> >But the outputs for the command "ps -auxv | grep sshd" are :
> >
> >root    93      0.0    0.4    3008    2176    ??    Is    6:19PM
> >/usr/sbin/sshd
> >root    168    0.0    0.0    336      204      v0    R+  6:58PM
> >grep sshd
> >
> >I don't really understand why I have two processes from sshd and also why
> >can't connect if it is running (apparently).
> >
> >???????
> >
> >
> >
> Two processes?  Please note that one process is the
> "grep" command.  Sshd does appear to be running,
> though.
> You didn't give us the output of "ipfw show", so
> we don't know if the port is being blocked; it seems
> like that it is, since you are being told "connection
> refused."  "Connection refused" means the port is
> closed, either because nothing is listening on that
> port, or because the firewall is blocking it...
> How about "netstat -anf inet" ?  It should show a
> LISTENING socket on port 22 for ssh....
> Kevin Kinsey

Thanks for the ps / grep information.
In my rc.conf file, I already set the firewall type on "OPEN", so the "ipfw
show" outputs are (with rl0 = OIF and dc0 = IIF) :

00050    3974    1855775    divert 8668 ip any from any via rl0
00100    100      15316        allow ip from any to any via lo0
00200    0          0                deny ip from any to
00300    0          0                deny ip from to any
65000    74375  16354274  allow ip from any to any
65535    0          0                deny ip from any to any

here are samples of "netstat -anf inet" outputs :

Proto        RecQ    SendQ    Local Address        Foreign Address

tcp4          0           0            *.22                        *.*
tcp46        0           0            *.22                        *.*

Do you think the sshd daemon could be altered itself .... I mean could have
a behaviour it isn't suppose to have because of the forced shutdown ???



[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to