2 problems I have faced before (may or may not be true for your case, but worth
looking into):
1. if you're behind a firewall - the best way to check this is to telnet to your
machine on port 22 from a remote machine and see if you get the ssh identifier
string. If you do, then you're ok.. if you get a connection refused error, then
your machine is behind a firewall and you need to open up port 22 to be able to ssh
in.
2. if the machine you're ssh'ing from is behind a firewall, make sure the firewall
does not block ports above 1024. If you're ssh'ing into this machine as root and
have a firewall into the machine you're ssh'ing from, then you need to set
UsePrivilegedPort no
on the machine you're ssh'ing from to prevent it from using ports <1024 which ssh
will try to do as default when run as root.
Hope that helps!
--Raj.
ed phillips wrote:
> "Gonyou, Austin" wrote:
> >
> > Are you listening on specific IPs and have strict host checking turned on?
> >
>
> Thank you Austin, I'm using the default sshd_config which I've attached
> for your perusal.
>
> Thanks again,
>
> Ed
>
> ------------------------------------------------------------------------
> # $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $
>
> # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
>
> # This is the sshd server system-wide configuration file. See sshd(8)
> # for more information.
>
> Port 22
> #Protocol 2,1
> #ListenAddress 0.0.0.0
> #ListenAddress ::
> HostKey /usr/local/etc/ssh_host_key
> HostKey /usr/local/etc/ssh_host_rsa_key
> HostKey /usr/local/etc/ssh_host_dsa_key
> ServerKeyBits 768
> LoginGraceTime 600
> KeyRegenerationInterval 3600
> PermitRootLogin yes
> #
> # Don't read ~/.rhosts and ~/.shosts files
> IgnoreRhosts yes
> # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
> #IgnoreUserKnownHosts yes
> StrictModes yes
> X11Forwarding no
> X11DisplayOffset 10
> PrintMotd yes
> #PrintLastLog no
> KeepAlive yes
>
> # Logging
> SyslogFacility AUTH
> LogLevel INFO
> #obsoletes QuietMode and FascistLogging
>
> RhostsAuthentication no
> #
> # For this to work you will also need host keys in /usr/local/etc/ssh_known_hosts
> RhostsRSAAuthentication no
> # similar for protocol version 2
> HostbasedAuthentication no
> #
> RSAAuthentication yes
>
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication yes
> PermitEmptyPasswords no
>
> # Uncomment to disable s/key passwords
> #ChallengeResponseAuthentication no
>
> # Uncomment to enable PAM keyboard-interactive authentication
> # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
> #PAMAuthenticationViaKbdInt yes
>
> # To change Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #AFSTokenPassing no
> #KerberosTicketCleanup no
>
> # Kerberos TGT Passing does only work with the AFS kaserver
> #KerberosTgtPassing yes
>
> #CheckMail yes
> #UseLogin no
>
> #MaxStartups 10:30:60
> #Banner /etc/issue.net
> #ReverseMappingCheck yes
>
> Subsystem sftp /usr/local/libexec/sftp-server
>
> ------------------------------------------------------------------------
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
