Re: [gentoo-user] SSH permission question

[Stephen Liu]

Hi Andrej, Stroller and others

Finally I discover the cause of the problem but still there are some 
minor problems remained unsolved.

PC1-RH9 box
==========
Recently I am testing Shorewall 1.4.7 on this box so that there are 2 
firewalls, Shorewall and Iptables, running on the same box but without 
conflict.  I have configured Shorewall 1.4.7 including IP masquerading 
leaving Iptables untouched as default firewall eversince the intallation 
of RH9.

After stopping Iptables
# /etc/init.d/iptables stop
Then PC1-RH9 box, both as ROOT and USER, can connect both ROOT's and 
USER's X-server of PC2-Gentoo box.

PC2-Gentoo box
============
This box also has 2 NICs
eth0    connected to broadband via ADSL modem when it works as 
standalone workstation.  At time of testing SSH there is no connection

eth1    connected to PC1-RH9 box

If I add 'adsl-start' in /etc/conf.d/local.start, this box can't connect 
X-server of PC1-RH9 box (however login to PC1-RH9 box being possible).  
I have to remove it from /etc/conf.d/local.start.  In the recent test I 
added it to reconfirm this discovery.

Now another minor problem popup after removing 'adsl-start' at finish of 
the aforesaid reconfirmation.  As ROOT PC1-Gentoo box can't connect 
X-server of PC1-RH9 box (login being possible)

# ssh -l root 192.168.0.1
[EMAIL PROTECTED]'s password:
Warning: No xauth data; using fake authentication data for X11 forwarding.
Last login: Sun Nov  9 16:53:10 2003 from 192.168.0.2
# konqueror
Xlib: connection to "localhost:11.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
konqueror: cannot connect to X server localhost:11.0
# kedit
Xlib: connection to "localhost:11.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
kedit: cannot connect to X server localhost:11.0
But as USER PC2-Gentoo box can connect X-server of PC1-RH9 box.

My new questions are;

1) How to configure Iptables so that it can coexist with Shorewall 
without affecting SSH
2) How to solve the remaining problem in PC2-Gentoo box as mentioned above

Thanks in advance.

B.R.
Stephen
On Sun, 09 Nov 2003 08:28:59 +0800
Stephen Liu <[EMAIL PROTECTED]> wrote:
sudo grep -i Root /etc/ssh/sshd_config
#PermitRootLogin yes
   

Shouldn't that be uncommented (without leading '#') ?



--
[EMAIL PROTECTED] mailing list