Thanks a lot. after recompile ssh with debug enabled, I found the reason is that my ip address is not listed in the AllowHost, and the ip reverse mapping doesn't work either. Thanks a lot . Best Regards. Johnny -----原始邮件----- 发件人: Calvin Bebermeyer [mailto:[EMAIL PROTECTED]] 发送时间: 1999年11月12日 2:26 收件人: yuqiang 主题: Re: question from new comer Though I do not use the "free" version of the client this may help. I had to compile the ssh2.0.13 with "debugging enabled" to successfully connect to the server. Also I had to forget about using the "tcp-wrappers" option and use the built in config file located in /etc/ssh2/ssh2d_config. The "AllowHosts" subparam here is where you would put the "computer_IPs" that you wish to allow to connect. Then using the DenySHosts subparam with the "*" wildcard for denying all other computers. The debugging enabled option seems to be the major adjustment. I didn't look real closely to which lines of code are not in the correct place but there appears to be several involved. Probably, the debug statement just needs to be moved but that is another day I would expect. Calvin Bebermeyer [EMAIL PROTECTED] On Thu, 11 Nov 1999, yuqiang wrote: > Hi,all > > I am a new comer both for ssh and for this mailing list. I need your help now. > > Here are the background of my question: > > ssh version: 2.0.13 > > Remote Server and local client: > Solaris 2.7 for sparc(result of uname -a : SunOS solaris2 5.7 Generic sun4u sparc >SUNW,Ultra-5_10) > Gcc 2.8.1 > > Remote Server have a "REAL" IP address while the client accessing the Internet via a >NAT ISDN router, so the client doesn't have a "REAL" IP address itself. > > > After installing the ssh both on the remote server and my local client, I did the >following: > 1. run ssh-keygen in local client > 2. echo "IdKey id_dsa_1024_a" > identification > > 3. run ssh-keygen in remote server and echo "IdKey id_dsa_1024_a" > identification > > 4. ftp id_dsa_1024_a.pub to the remote server , named it as office-sun.pub > > 5. echo "Key office-sun.pub" > authorization on the remote server > > after those five steps, the remote server looks like: > # ls > ... > drwxr-xr-x 3 yuq yuq 512 Nov 11 19:13 ./ > drwxr-x--- 19 yuq yuq 1024 Nov 11 19:03 ../ > -rw-r--r-- 1 yuq yuq 21 Nov 11 19:14 authorization > -rw------- 1 yuq yuq 872 Nov 11 19:04 id_dsa_1024_a > -rw-r--r-- 1 yuq yuq 733 Nov 11 19:04 id_dsa_1024_a.pub > -rw-r--r-- 1 yuq yuq 20 Nov 11 19:05 identification > -rw-r--r-- 1 yuq yuq 733 Nov 11 19:12 office-sun.pub > -rw------- 1 yuq yuq 512 Nov 11 19:09 random_seed > > and the local client looks like: > # ls -al > ... > drwxr-xr-x 3 yuq yuq 512 Nov 11 16:50 ./ > drwxr-xr-x 8 yuq yuq 512 Nov 11 17:30 ../ > -rw------- 1 yuq yuq 872 Nov 11 16:41 id_dsa_1024_a > -rw-r--r-- 1 yuq yuq 733 Nov 11 16:41 id_dsa_1024_a.pub > -rw-r--r-- 1 yuq yuq 20 Nov 11 16:48 identification > -rw------- 1 yuq yuq 512 Nov 11 18:08 random_seed > > > then I run the command on the local client: > #ssh <IP_of_remote_server> > Accepting host <IP_of_remote_server> key without checking. > > Disconnected; authentication error (No further authentication methods available.). > > My question is: > a. Are there anything wrong in my configuration? > b. From the error msg, it seems that the remote server did not think the >office-sun.pub matched the private key on local client. Are there anything with the >NAT? Is the key generated with ssh-keygen based on IP address? > c. how can I make the ssh working? > > any help will be highly appreciated. > > Best Regards > Johnny Yu. >
