On Fri, 2008-02-15 at 20:59 +0200, Alan McKinnon wrote: > On Friday 15 February 2008, Florian Philipp wrote: > > Hi list! > > > > For some time now, there's a very odd situation: There are two > > computers, DAU and NOTE. > > > > I can use ssh to login from DAU to NOTE but not vice versa. I've > > played around with several settings before this happened but I'm sure > > it worked after my last change. > > > > Well, ultimately I've unmerged openssh, keychain and denyhosts on > > both computers and removed /etc/ssh and .ssh in root's and the users' > > home directories and then reemerged just openssh. > > Ah. You probably shouldn't have done that, unless you know for a fact > that YOU screwed the ssh config up beyond all hope of recovery. > Usually, you just sit with the same problem anyway, or make it worse by > removing the configs that still work > > > Yet, the situation didn't change. > > > > Here's what happening: > > > > [EMAIL PROTECTED] > ssh -vvv DAU > > > > OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g 19 Oct 2007 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug2: ssh_connect: needpriv 0 > > debug1: Connecting to DAU [192.168.2.4] port 22. > > debug1: Connection established. > > debug1: identity file /home/dsl/.ssh/identity type -1 > > debug1: identity file /home/dsl/.ssh/id_rsa type -1 > > debug1: identity file /home/dsl/.ssh/id_dsa type -1 > > ssh_exchange_identification: Connection closed by remote host > > > > [EMAIL PROTECTED] > tail /var/log/messages > > > > [...] > > Feb 15 19:20:30 DAU sshd[6269]: refused connect from NOTE.xxx > > (192.168.2.2) > > It's not a firewall, xinetd, tcpwrappers or denyhost problem :-) Your > connection attempt was received by sshd which denied it. > > The information you gave is inadequate to answer your question, because > I don't know how long a piece of string is. > > Post the complete contents of /etc/sshd/sshd_config on DAU and we can > probably tell you why though > >
Thanks so far. Since there wasn't that much customization, trying vanilla settings from the ebuild didn't sound that bad. At least it didn't make it worse ;). Okay, when I delete every line that's commented out, my sshd-settings read as follows: Protocol 2 PasswordAuthentication no (changing to yes doesn't change anything) UsePAM yes (changing to no doesn't change anything) Subsystem sftp /usr/lib64/misc/sftp-server Useflags: X hpn pam tcpd -X509 -chroot -kerberos -ldap -libedit -selinux -skey -smartcard -static
signature.asc
Description: This is a digitally signed message part