Re: cannot ssh into a box with DHCP assigned IP address
On 2/20/2013 5:55 AM, Anton Shterenlikht wrote: From feenb...@nber.org Wed Feb 20 13:39:28 2013 From: Fleuriot Damien m...@my.gd To: me...@bristol.ac.uk Subject: Re: cannot ssh into a box with DHCP assigned IP address Date: Wed, 20 Feb 2013 10:31:22 +0100 Cc: freebsd-questions@freebsd.org On Feb 20, 2013, at 10:28 AM, Anton Shterenlikht me...@bristol.ac.uk wrote: I have a laptop with FreeBSD -current, with ip address assigned via DHCP. The laptop has neither a static ip address, nor a domain. I can ping the laptop fine, but cannot I doubt that you can ping 172.21.220.12 from 137.222.187.241 as 172.21.220.12 is private IP address space and is not routed across the Internet. ssh into it. The sshd is running, /etc/ssh/ssd_config seems fine, /etc/hosts.allow is fine. However, /etc/hosts is just the default: While on the problem machine, can you ssh to localhost? ssh to the IP address? yes to both I would suspect the problem is in /etc/hosts.allow or /etc/hosts.deny, The first non-comment line in /etc/hosts.allow is ALL : ALL : allow and I don't have /etc/hosts.deny: root@zzz:~ # ls /etc/hosts* /etc/hosts /etc/hosts.equiv /etc/hosts.allow/etc/hosts.lpd root@zzz:~ # or perhaps the subnet mask is incorrect. Well.. what should it be? I have on the problem box (ssh server): wlan0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1 500 ether 00:21:5c:50:68:c3 inet 172.21.220.12 netmask 0xfc00 broadcast 255.255.255.255 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g status: associated ssid eduroam channel 1 (2412 MHz 11g) bssid 00:3a:98:62:cd:a0 country US authmode WPA2/802.11i privacy ON deftxkey UNDEF AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 14 bmiss 10 scanvalid 450 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme roaming MANUAL I'm trying to ssh from 137.222.187.241. I wonder, perhaps it somehow built into the Eduroam wireless, provided by the University, that the devices connected to it cannot be accessible. They can only initiate outgoing connections, but all incoming connections are somehow blocked? Given that the majority of the devices will be unsecured MS boxes, maybe the university thought that this is wise idea for safety. Perhaps I can investigate this with my IT guys. Or I might be talking complete nonsense here, not my area at all. It is kind of built in as you say. The Eduroam wireless network appears to be a private network sitting behind a NAT gateway. Thus what happens when you access the Internet is that your laptop sends that request to the NAT gateway on the Eduroam network. The NAT gateway strips off your private IP address and replaces it with a public IP address , marks the connection in its table, and sends it on it's way. Then when the answer comes back from the Internet, the NAT gateway strips off the public IP address and replaces with your private IP address, and sends it to your laptop. While on the Eduroam network, go to http://whatismyip.com. You will see that your IP is not 172.21.220.12. It will be a public IP address that Eduroam uses. Bottom line is that the only way you could ssh to your laptop from the Internet is if you got the university to give you a public IP address and port and then they set up NAT and port forwarding on their network to point that public IP address to your laptop private IP address ssh port. Since I doubt you will have much luck with that, I suspect the short answer is you can't ssh to your laptop from the Internet when it's connected to your university network. I'm sure this isn't the answer you wanted but hopefully this will save you some frustration. Cheers, Drew -- Like card tricks? Visit The Alchemist's Warehouse to learn card magic secrets for free! http://alchemistswarehouse.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot ssh into a box with DHCP assigned IP address
On Feb 20, 2013, at 10:28 AM, Anton Shterenlikht me...@bristol.ac.uk wrote: I have a laptop with FreeBSD -current, with ip address assigned via DHCP. The laptop has neither a static ip address, nor a domain. I can ping the laptop fine, but cannot ssh into it. The sshd is running, /etc/ssh/ssd_config seems fine, /etc/hosts.allow is fine. However, /etc/hosts is just the default: # ::1 localhost localhost.my.domain 127.0.0.1 localhost localhost.my.domain # Is it the lack of a domain that prevents me from getting ssh access? I try to ssh with just a dynamic ip address, for which ping seems to work fine. Or is the problem somewhere else? I'm not even sure I'm asking the right questions. Thanks Anton First, check what ports SSH listens on: sockstat | grep ssh Then, assuming SSH indeed listens on *:22 , check if you have a firewall running that could be preventing packets from reaching your box. By the way, do you get a login prompt at all, over SSH, or just a plain timeout or connection reset ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot ssh into a box with DHCP assigned IP address
On Feb 20, 2013, at 10:45 AM, Anton Shterenlikht me...@bristol.ac.uk wrote: From: Fleuriot Damien m...@my.gd To: me...@bristol.ac.uk Subject: Re: cannot ssh into a box with DHCP assigned IP address Date: Wed, 20 Feb 2013 10:31:22 +0100 Cc: freebsd-questions@freebsd.org On Feb 20, 2013, at 10:28 AM, Anton Shterenlikht me...@bristol.ac.uk wrote: I have a laptop with FreeBSD -current, with ip address assigned via DHCP. The laptop has neither a static ip address, nor a domain. I can ping the laptop fine, but cannot ssh into it. The sshd is running, /etc/ssh/ssd_config seems fine, /etc/hosts.allow is fine. However, /etc/hosts is just the default: # ::1 localhost localhost.my.domain 127.0.0.1 localhost localhost.my.domain # Is it the lack of a domain that prevents me from getting ssh access? I try to ssh with just a dynamic ip address, for which ping seems to work fine. Or is the problem somewhere else? I'm not even sure I'm asking the right questions. Thanks Anton First, check what ports SSH listens on: sockstat | grep ssh root@zzz:~ # sockstat | grep ssh mexasssh16193 3 tcp4 172.21.220.12:20541 137.222.187.241:22 root sshd 1091 3 tcp6 *:22 *:* root sshd 1091 4 tcp4 *:22 *:* root@zzz:~ # I also see: /var/log/auth.log:Feb 18 11:54:25 zzz sshd[1091]: Server listening on :: port 22 . /var/log/auth.log:Feb 18 11:54:25 zzz sshd[1091]: Server listening on 0.0.0.0 po rt 22. Is 0.0.0.0 expected? 0.0.0.0 = * = all IPs / interfaces Anything else I should check in the logs? Not that I'm aware of Then, assuming SSH indeed listens on *:22 , check if you have a firewall running that could be preventing packets from reaching your box. I don't think so. There's nothing in the kernel config By the way, do you get a login prompt at all, over SSH, or just a plain timeout or connection reset ? Just a timeout: root@zzz:~ # ifconfig wlan0 wlan0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 00:21:5c:50:68:c3 inet 172.21.220.12 netmask 0xfc00 broadcast 255.255.255.255 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g status: associated ssid eduroam channel 1 (2412 MHz 11g) bssid 00:3a:98:62:cd:a0 country US authmode WPA2/802.11i privacy ON deftxkey UNDEF AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 14 bmiss 10 scanvalid 450 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme roaming MANUAL root@zzz:~ # TZAV ping 172.21.220.12 PING 172.21.220.12 (172.21.220.12): 56 data bytes 64 bytes from 172.21.220.12: icmp_seq=0 ttl=60 time=2.056 ms 64 bytes from 172.21.220.12: icmp_seq=1 ttl=60 time=1.766 ms ^C TZAV ssh 172.21.220.12 ssh: connect to host 172.21.220.12 port 22: Operation timed out TZAV Thanks Anton Run this on your server: tcpdump -ni wlan0 ip and port 22 Then try to ssh to the box, see if SYN packets arrive, see if your box sends SYN/ACK back. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot ssh into a box with DHCP assigned IP address
From m...@my.gd Wed Feb 20 10:11:12 2013 Run this on your server: tcpdump -ni wlan0 ip and port 22 Then try to ssh to the box, see if SYN packets arrive, see if your box sends SYN/ACK back. 172.21.220.12 is the ssh server 137.222.187.241 is the ssh client (where I login from) There's lots of output on the server: 10:13:40.396933 IP 172.21.220.12.20541 137.222.187.241.22: Flags [P.], seq 528 :576, ack 897, win 1040, options [nop,nop,TS val 166697722 ecr 2764601194], leng th 48 10:13:40.400142 IP 137.222.187.241.22 172.21.220.12.20541: Flags [P.], seq 897 :945, ack 576, win 1040, options [nop,nop,TS val 2764601829 ecr 166697722], leng th 48 10:13:40.499768 IP 172.21.220.12.20541 137.222.187.241.22: Flags [.], ack 945, win 1040, options [nop,nop,TS val 166697825 ecr 2764601829], length 0 10:13:41.126804 IP 172.21.220.12.20541 137.222.187.241.22: Flags [P.], seq 576 :624, ack 945, win 1040, options [nop,nop,TS val 166698452 ecr 2764601829], leng th 48 10:13:41.129465 IP 137.222.187.241.22 172.21.220.12.20541: Flags [P.], seq 945 :993, ack 624, win 1040, options [nop,nop,TS val 2764602558 ecr 166698452], leng th 48 10:13:41.229792 IP 172.21.220.12.20541 137.222.187.241.22: Flags [.], ack 993, win 1040, options [nop,nop,TS val 166698555 ecr 2764602558], length 0 10:14:06.042148 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 691 166491:691166555, ack 2147595671, win 1040, options [nop,nop,TS val 2121228740 e cr 166423364], length 64 10:14:06.043854 IP 172.21.220.12.46009 137.222.187.241.22: Flags [P.], seq 1:3 3, ack 64, win 1040, options [nop,nop,TS val 166723368 ecr 2121228740], length 3 2 10:14:06.144924 IP 137.222.187.241.22 172.21.220.12.46009: Flags [.], ack 33, win 1040, options [nop,nop,TS val 2121228843 ecr 166723368], length 0 10:15:02.017361 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 159 04:16240, ack 7169, win 1040, options [nop,nop,TS val 2121284715 ecr 166779337], length 336 10:15:02.017969 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 162 40:16576, ack 7169, win 1040, options [nop,nop,TS val 2121284716 ecr 166779337], length 336 10:15:02.018079 IP 172.21.220.12.46009 137.222.187.241.22: Flags [.], ack 1657 6, win 1035, options [nop,nop,TS val 166779343 ecr 2121284715], length 0 10:15:02.018319 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 165 76:16896, ack 7169, win 1040, options [nop,nop,TS val 2121284716 ecr 166779337], length 320 10:15:02.018510 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 168 96:17232, ack 7169, win 1040, options [nop,nop,TS val 2121284716 ecr 166779337], length 336 10:15:02.018626 IP 172.21.220.12.46009 137.222.187.241.22: Flags [.], ack 1723 2, win 1030, options [nop,nop,TS val 166779344 ecr 2121284716], length 0 10:15:02.019583 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 172 32:17568, ack 7169, win 1040, options [nop,nop,TS val 2121284716 ecr 166779337], length 336 10:15:02.019840 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 175 68:17840, ack 7169, win 1040, options [nop,nop,TS val 2121284717 ecr 166779337], length 272 10:15:02.019927 IP 172.21.220.12.46009 137.222.187.241.22: Flags [.], ack 1784 0, win 1036, options [nop,nop,TS val 166779345 ecr 2121284716], length 0 Thanks Anton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot ssh into a box with DHCP assigned IP address
Ok I think you've got a DNS resolution problem here, so when you try to establish the connection, SSHD tries to resolve your client's hostname. It fails and times out, however your ssh login gracetime is already over. You have several options here: 1/ increase the login grace time in sshd_config 2/ set usedns no (or do both, btw) 3/ fix DNS resolution ;) I would definitely recommend turning off hostname resolution for sshd, it is of marginal value (to me at least). On Feb 20, 2013, at 11:21 AM, Anton Shterenlikht me...@bristol.ac.uk wrote: From m...@my.gd Wed Feb 20 10:11:12 2013 Run this on your server: tcpdump -ni wlan0 ip and port 22 Then try to ssh to the box, see if SYN packets arrive, see if your box sends SYN/ACK back. 172.21.220.12 is the ssh server 137.222.187.241 is the ssh client (where I login from) There's lots of output on the server: 10:13:40.396933 IP 172.21.220.12.20541 137.222.187.241.22: Flags [P.], seq 528 :576, ack 897, win 1040, options [nop,nop,TS val 166697722 ecr 2764601194], leng th 48 10:13:40.400142 IP 137.222.187.241.22 172.21.220.12.20541: Flags [P.], seq 897 :945, ack 576, win 1040, options [nop,nop,TS val 2764601829 ecr 166697722], leng th 48 10:13:40.499768 IP 172.21.220.12.20541 137.222.187.241.22: Flags [.], ack 945, win 1040, options [nop,nop,TS val 166697825 ecr 2764601829], length 0 10:13:41.126804 IP 172.21.220.12.20541 137.222.187.241.22: Flags [P.], seq 576 :624, ack 945, win 1040, options [nop,nop,TS val 166698452 ecr 2764601829], leng th 48 10:13:41.129465 IP 137.222.187.241.22 172.21.220.12.20541: Flags [P.], seq 945 :993, ack 624, win 1040, options [nop,nop,TS val 2764602558 ecr 166698452], leng th 48 10:13:41.229792 IP 172.21.220.12.20541 137.222.187.241.22: Flags [.], ack 993, win 1040, options [nop,nop,TS val 166698555 ecr 2764602558], length 0 10:14:06.042148 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 691 166491:691166555, ack 2147595671, win 1040, options [nop,nop,TS val 2121228740 e cr 166423364], length 64 10:14:06.043854 IP 172.21.220.12.46009 137.222.187.241.22: Flags [P.], seq 1:3 3, ack 64, win 1040, options [nop,nop,TS val 166723368 ecr 2121228740], length 3 2 10:14:06.144924 IP 137.222.187.241.22 172.21.220.12.46009: Flags [.], ack 33, win 1040, options [nop,nop,TS val 2121228843 ecr 166723368], length 0 10:15:02.017361 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 159 04:16240, ack 7169, win 1040, options [nop,nop,TS val 2121284715 ecr 166779337], length 336 10:15:02.017969 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 162 40:16576, ack 7169, win 1040, options [nop,nop,TS val 2121284716 ecr 166779337], length 336 10:15:02.018079 IP 172.21.220.12.46009 137.222.187.241.22: Flags [.], ack 1657 6, win 1035, options [nop,nop,TS val 166779343 ecr 2121284715], length 0 10:15:02.018319 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 165 76:16896, ack 7169, win 1040, options [nop,nop,TS val 2121284716 ecr 166779337], length 320 10:15:02.018510 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 168 96:17232, ack 7169, win 1040, options [nop,nop,TS val 2121284716 ecr 166779337], length 336 10:15:02.018626 IP 172.21.220.12.46009 137.222.187.241.22: Flags [.], ack 1723 2, win 1030, options [nop,nop,TS val 166779344 ecr 2121284716], length 0 10:15:02.019583 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 172 32:17568, ack 7169, win 1040, options [nop,nop,TS val 2121284716 ecr 166779337], length 336 10:15:02.019840 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 175 68:17840, ack 7169, win 1040, options [nop,nop,TS val 2121284717 ecr 166779337], length 272 10:15:02.019927 IP 172.21.220.12.46009 137.222.187.241.22: Flags [.], ack 1784 0, win 1036, options [nop,nop,TS val 166779345 ecr 2121284716], length 0 Thanks Anton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot ssh into a box with DHCP assigned IP address
From m...@my.gd Wed Feb 20 10:28:54 2013 Ok I think you've got a DNS resolution problem here, so when you try to establish the connection, SSHD tries to resolve your client's hostname. It fails and times out, however your ssh login gracetime is already over. You have several options here: 1/ increase the login grace time in sshd_config ok: LoginGraceTime 3m 2/ set usedns no (or do both, btw) ok: UseDNS no 3/ fix DNS resolution ;) Well, I'm waiting for the IT support guys to do this, but they are very slow. I would definitely recommend turning off hostname resolution for sshd, it is of marginal value (to me at least). Following the sshd man page, I'm also trying this: *quote* -u0 may also be used to prevent sshd from making DNS requests unless the authentication mechanism or configuration requires it. Authentication mechanisms that may require DNS include RhostsRSAAuthentication, HostbasedAuthentication, and using a from=pattern-list option in a key file. Configuration options that require DNS include using a USER@HOST pattern in AllowUsers or DenyUsers. *end quote* I set in /etc/ssh/sshd_config: RhostsRSAAuthentication no HostbasedAuthentication no AllowUsers mexas and I don't have DenyUsers at all. I then restart sshd as /usr/sbin/sshd -u0 However, I still see the same (I think) output from tcpdump and still get ssh timeout: 10:55:32.503085 IP 172.21.220.12.46009 137.222.187.241.22: Flags [P.], seq 535 20:53568, ack 64033, win 1040, options [nop,nop,TS val 169209828 ecr 2123714526] , length 48 10:55:32.604376 IP 137.222.187.241.22 172.21.220.12.46009: Flags [.], ack 5356 8, win 1040, options [nop,nop,TS val 2123715301 ecr 169209828], length 0 10:55:32.668861 IP 172.21.220.12.46009 137.222.187.241.22: Flags [P.], seq 535 68:53616, ack 64033, win 1040, options [nop,nop,TS val 169209994 ecr 2123715301] , length 48 10:55:32.671995 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 640 33:64161, ack 53616, win 1040, options [nop,nop,TS val 2123715368 ecr 169209994] , length 128 10:55:32.672501 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 641 61:64209, ack 53616, win 1040, options [nop,nop,TS val 2123715368 ecr 169209994] , length 48 10:55:32.672763 IP 172.21.220.12.46009 137.222.187.241.22: Flags [.], ack 6420 9, win 1040, options [nop,nop,TS val 169209998 ecr 2123715368], length 0 10:55:33.394762 IP 172.21.220.12.46009 137.222.187.241.22: Flags [P.], seq 536 16:53664, ack 64209, win 1040, options [nop,nop,TS val 169210720 ecr 2123715368] , length 48 10:55:33.396877 IP 137.222.187.241.22 172.21.220.12.46009: Flags [P.], seq 642 09:64257, ack 53664, win 1040, options [nop,nop,TS val 2123716093 ecr 169210720] , length 48 10:55:33.496782 IP 172.21.220.12.46009 137.222.187.241.22: Flags [.], ack 6425 7, win 1040, options [nop,nop,TS val 169210822 ecr 2123716093], length 0 Thanks Anton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot ssh into a box with DHCP assigned IP address
From feenb...@nber.org Wed Feb 20 13:39:28 2013 From: Fleuriot Damien m...@my.gd To: me...@bristol.ac.uk Subject: Re: cannot ssh into a box with DHCP assigned IP address Date: Wed, 20 Feb 2013 10:31:22 +0100 Cc: freebsd-questions@freebsd.org On Feb 20, 2013, at 10:28 AM, Anton Shterenlikht me...@bristol.ac.uk wrote: I have a laptop with FreeBSD -current, with ip address assigned via DHCP. The laptop has neither a static ip address, nor a domain. I can ping the laptop fine, but cannot ssh into it. The sshd is running, /etc/ssh/ssd_config seems fine, /etc/hosts.allow is fine. However, /etc/hosts is just the default: While on the problem machine, can you ssh to localhost? ssh to the IP address? yes to both I would suspect the problem is in /etc/hosts.allow or /etc/hosts.deny, The first non-comment line in /etc/hosts.allow is ALL : ALL : allow and I don't have /etc/hosts.deny: root@zzz:~ # ls /etc/hosts* /etc/hosts /etc/hosts.equiv /etc/hosts.allow/etc/hosts.lpd root@zzz:~ # or perhaps the subnet mask is incorrect. Well.. what should it be? I have on the problem box (ssh server): wlan0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1 500 ether 00:21:5c:50:68:c3 inet 172.21.220.12 netmask 0xfc00 broadcast 255.255.255.255 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g status: associated ssid eduroam channel 1 (2412 MHz 11g) bssid 00:3a:98:62:cd:a0 country US authmode WPA2/802.11i privacy ON deftxkey UNDEF AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 14 bmiss 10 scanvalid 450 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme roaming MANUAL I'm trying to ssh from 137.222.187.241. I wonder, perhaps it somehow built into the Eduroam wireless, provided by the University, that the devices connected to it cannot be accessible. They can only initiate outgoing connections, but all incoming connections are somehow blocked? Given that the majority of the devices will be unsecured MS boxes, maybe the university thought that this is wise idea for safety. Perhaps I can investigate this with my IT guys. Or I might be talking complete nonsense here, not my area at all. Thanks Anton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot ssh into a box with DHCP assigned IP address
From: Fleuriot Damien m...@my.gd To: me...@bristol.ac.uk Subject: Re: cannot ssh into a box with DHCP assigned IP address Date: Wed, 20 Feb 2013 10:31:22 +0100 Cc: freebsd-questions@freebsd.org On Feb 20, 2013, at 10:28 AM, Anton Shterenlikht me...@bristol.ac.uk wrote: I have a laptop with FreeBSD -current, with ip address assigned via DHCP. The laptop has neither a static ip address, nor a domain. I can ping the laptop fine, but cannot ssh into it. The sshd is running, /etc/ssh/ssd_config seems fine, /etc/hosts.allow is fine. However, /etc/hosts is just the default: While on the problem machine, can you ssh to localhost? ssh to the IP address? I would suspect the problem is in /etc/hosts.allow or /etc/hosts.deny, or perhaps the subnet mask is incorrect. The lack of a domain should not be a problem. daniel feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot ssh into a box with DHCP assigned IP address
On Feb 20, 2013, at 2:55 PM, Anton Shterenlikht me...@bristol.ac.uk wrote: From feenb...@nber.org Wed Feb 20 13:39:28 2013 From: Fleuriot Damien m...@my.gd To: me...@bristol.ac.uk Subject: Re: cannot ssh into a box with DHCP assigned IP address Date: Wed, 20 Feb 2013 10:31:22 +0100 Cc: freebsd-questions@freebsd.org On Feb 20, 2013, at 10:28 AM, Anton Shterenlikht me...@bristol.ac.uk wrote: I have a laptop with FreeBSD -current, with ip address assigned via DHCP. The laptop has neither a static ip address, nor a domain. I can ping the laptop fine, but cannot ssh into it. The sshd is running, /etc/ssh/ssd_config seems fine, /etc/hosts.allow is fine. However, /etc/hosts is just the default: While on the problem machine, can you ssh to localhost? ssh to the IP address? yes to both I would suspect the problem is in /etc/hosts.allow or /etc/hosts.deny, The first non-comment line in /etc/hosts.allow is ALL : ALL : allow and I don't have /etc/hosts.deny: root@zzz:~ # ls /etc/hosts* /etc/hosts /etc/hosts.equiv /etc/hosts.allow/etc/hosts.lpd root@zzz:~ # or perhaps the subnet mask is incorrect. Well.. what should it be? I have on the problem box (ssh server): wlan0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1 500 ether 00:21:5c:50:68:c3 inet 172.21.220.12 netmask 0xfc00 broadcast 255.255.255.255 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g status: associated ssid eduroam channel 1 (2412 MHz 11g) bssid 00:3a:98:62:cd:a0 country US authmode WPA2/802.11i privacy ON deftxkey UNDEF AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 14 bmiss 10 scanvalid 450 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme roaming MANUAL I'm trying to ssh from 137.222.187.241. I wonder, perhaps it somehow built into the Eduroam wireless, provided by the University, that the devices connected to it cannot be accessible. They can only initiate outgoing connections, but all incoming connections are somehow blocked? Given that the majority of the devices will be unsecured MS boxes, maybe the university thought that this is wise idea for safety. Perhaps I can investigate this with my IT guys. Or I might be talking complete nonsense here, not my area at all. Thanks Anton Any luck with Daniel's suggestion to try it directly on the problematic host ? ssh 127.0.0.1 ssh localhost ssh 172.21.220.12 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot ssh into a box with DHCP assigned IP address
From m...@my.gd Wed Feb 20 14:39:34 2013 On Feb 20, 2013, at 2:55 PM, Anton Shterenlikht me...@bristol.ac.uk wrote: From feenb...@nber.org Wed Feb 20 13:39:28 2013 From: Fleuriot Damien m...@my.gd To: me...@bristol.ac.uk Subject: Re: cannot ssh into a box with DHCP assigned IP address Date: Wed, 20 Feb 2013 10:31:22 +0100 Cc: freebsd-questions@freebsd.org On Feb 20, 2013, at 10:28 AM, Anton Shterenlikht me...@bristol.ac.uk wrote: I have a laptop with FreeBSD -current, with ip address assigned via DHCP. The laptop has neither a static ip address, nor a domain. I can ping the laptop fine, but cannot ssh into it. The sshd is running, /etc/ssh/ssd_config seems fine, /etc/hosts.allow is fine. However, /etc/hosts is just the default: While on the problem machine, can you ssh to localhost? ssh to the IP address? yes to both I would suspect the problem is in /etc/hosts.allow or /etc/hosts.deny, The first non-comment line in /etc/hosts.allow is ALL : ALL : allow and I don't have /etc/hosts.deny: root@zzz:~ # ls /etc/hosts* /etc/hosts /etc/hosts.equiv /etc/hosts.allow/etc/hosts.lpd root@zzz:~ # or perhaps the subnet mask is incorrect. Well.. what should it be? I have on the problem box (ssh server): wlan0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1 500 ether 00:21:5c:50:68:c3 inet 172.21.220.12 netmask 0xfc00 broadcast 255.255.255.255 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g status: associated ssid eduroam channel 1 (2412 MHz 11g) bssid 00:3a:98:62:cd:a0 country US authmode WPA2/802.11i privacy ON deftxkey UNDEF AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 14 bmiss 10 scanvalid 450 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme roaming MANUAL I'm trying to ssh from 137.222.187.241. I wonder, perhaps it somehow built into the Eduroam wireless, provided by the University, that the devices connected to it cannot be accessible. They can only initiate outgoing connections, but all incoming connections are somehow blocked? Given that the majority of the devices will be unsecured MS boxes, maybe the university thought that this is wise idea for safety. Perhaps I can investigate this with my IT guys. Or I might be talking complete nonsense here, not my area at all. Thanks Anton Any luck with Daniel's suggestion to try it directly on the problematic host ? ssh 127.0.0.1 ssh localhost ssh 172.21.220.12 yes to all (I replied already above). Thanks Anton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot ssh into a box with DHCP assigned IP address
El día Wednesday, February 20, 2013 a las 03:18:47PM +0100, Fleuriot Damien escribió: Well.. what should it be? I have on the problem box (ssh server): wlan0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1 500 ether 00:21:5c:50:68:c3 inet 172.21.220.12 netmask 0xfc00 broadcast 255.255.255.255 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g status: associated ssid eduroam channel 1 (2412 MHz 11g) bssid 00:3a:98:62:cd:a0 country US authmode WPA2/802.11i privacy ON deftxkey UNDEF AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 14 bmiss 10 scanvalid 450 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme roaming MANUAL I'm trying to ssh from 137.222.187.241. The class B network 172.16.0.0 to 172.31.255.255 is not routed in Internet (see RFC1918). This is a so called private addr you get from your Access Point. It is hided by the AP (or by some other router more far away) behind a real IP addr. You can check what this addr is by going to the page http://myip.nl/ And you can not SSH to the addr shown there, at least normally it would not be NAT'ed to your addr you got by DHCP. No way. matthias -- Sent from my FreeBSD netbook Matthias Apitz | - No system with backdoors like Apple/Android E-mail: g...@unixarea.de | - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | - No proprietary attachments phone: +49-170-4527211 | - Respect for open standards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot ssh into a box with DHCP assigned IP address
El día Wednesday, February 20, 2013 a las 03:43:43PM +0100, Matthias Apitz escribió: El día Wednesday, February 20, 2013 a las 03:18:47PM +0100, Fleuriot Damien escribió: Well.. what should it be? I have on the problem box (ssh server): wlan0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1 500 ether 00:21:5c:50:68:c3 inet 172.21.220.12 netmask 0xfc00 broadcast 255.255.255.255 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g status: associated ssid eduroam channel 1 (2412 MHz 11g) bssid 00:3a:98:62:cd:a0 country US authmode WPA2/802.11i privacy ON deftxkey UNDEF AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 14 bmiss 10 scanvalid 450 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme roaming MANUAL I'm trying to ssh from 137.222.187.241. On thing more: the IP addr you are ssh'ing from is reachable via Internet: $ telnet 137.222.187.241 22 Trying 137.222.187.241... Connected to mech-cluster241.men.bris.ac.uk. Escape character is '^]'. SSH-2.0-OpenSSH_6.1_hpn13v11 FreeBSD-20120901 If this is your intention (and not a fault) you should know what you are doing and have hardened the access, for example only RSA auth via SSH. HIH matthias -- Sent from my FreeBSD netbook Matthias Apitz | - No system with backdoors like Apple/Android E-mail: g...@unixarea.de | - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | - No proprietary attachments phone: +49-170-4527211 | - Respect for open standards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot ssh into a box with DHCP assigned IP address
El día Wednesday, February 20, 2013 a las 03:03:21PM +, Anton Shterenlikht escribió: The class B network 172.16.0.0 to 172.31.255.255 is not routed in Internet (see RFC1918). This is a so called private addr you get from your Access Point. It is hided by the AP (or by some other router more far away) behind a real IP addr. You can check what this addr is by going to the page http://myip.nl/ And you can not SSH to the addr shown there, at least normally it would not be NAT'ed to your addr you got by DHCP. No way. fuck.. This is the first thing I should've checked. Sorry for wasting everybody's time. The irony is that I know very little about networking, but the three private IP ranges is something I actually knew about. Thanks Anton ___ freebsd-po...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org And why you Cc freebsd-ports, when the thread was in freebsd-questions? matthias -- Sent from my FreeBSD netbook Matthias Apitz | - No system with backdoors like Apple/Android E-mail: g...@unixarea.de | - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | - No proprietary attachments phone: +49-170-4527211 | - Respect for open standards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org