Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: SSH. irrational behavior

  1. #1
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,020

    Default SSH. irrational behavior

    BOX A (linux):
    opensuse 11.3 samba ldap server config
    Reserved (fixed) ip adress configured on the router and send via dhcp.
    hosts :
    192.168.1.50 linux.mydom.net linux
    127.0.0.1 localhost.localdomain localhost
    127.0.0.2 linux.mydom.net linux


    LAPTOP B (qosmio) :
    opensuse desktop 11.3
    Dynamic dhcp ip adress
    hosts :
    127.0.0.1 localhost.localdomain localhost
    127.0.0.2 qosmio.WORKGROUP qosmio


    On each box same hosts.allow
    sshd : 192.168.1. : allow
    sshd : localhost : allow
    sshd : ALL : deny


    On each box same /etc/ssh/sshd_config using
    Port 11945
    Protocol 2
    PermitRootLogin yes
    AllowGroups ssh_user
    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile %h/.ssh/authorized_keys
    PasswordAuthentication no
    UsePAM yes
    X11Forwarding yes
    Subsystem sftp /usr/lib64/ssh/sftp-server
    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    AcceptEnv LC_IDENTIFICATION LC_ALL


    On each box same /etc/ssh/ssh_config
    Port 11945
    Protocol 2
    ForwardX11Trusted yes
    Host *
    VisualHostKey no
    HashKnownHosts yes


    on LAPTOP (qosmio) BOX B
    I have to comment out the last line of hosts.allow
    #sshd : ALL : deny

    otherwise I get an error when I try to connect to myself .

    ssh root@qosmio
    ssh_exchange_identification: Connection closed by remote host

    or with a misspell hosts

    ssh root@qosmi
    ssh: Could not resolve hostname qosmi: Name or service not known


    But I did not get error when connecting to BOX A (linux).

    ssh root@linux
    Last login: Sun Jun 12 00:48:09 2011 from 192.168.1.65
    Have a lot of fun...

    I have no problem on the server side, connecting to itself or to laptop

    Nota : I need root user because the server ( BOX A ) has no screen and no keyboard ( headless server) and is managed and stop from the laptop.

    Help is welcome.
    Last edited by jcdole; 11-Jun-2011 at 16:33. Reason: more infos
    Thanks for helping. JCD
    __________

    server leap 15-- ASUS g75vw KDE leap 42.3 -- ASUS g750JZ KDE leap 42.3 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  2. #2
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: SSH. irrational behavior

    localhost means 127.0.0.1. When you connect to root@qosmi, that's = root@127.0.0.2. You should allow 127.0.0.2 if you want to do this.

  3. #3
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,345
    Blog Entries
    3

    Default Re: SSH. irrational behavior

    In my "hosts.allow":
    Code:
    sshd : 192.168. 127.0.0.1 [::1]
    Unless you have disabled ipv6, you will also need that "[::1]"
    openSUSE Leap 15.1; KDE Plasma 5;

  4. #4
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,020

    Default Re: SSH. irrational behavior

    Quote Originally Posted by nrickert View Post
    In my "hosts.allow":
    Code:
    sshd : 192.168. 127.0.0.1 [::1]
    Unless you have disabled ipv6, you will also need that "[::1]"
    Yes I have disabled ipv6.
    Thanks for helping. JCD
    __________

    server leap 15-- ASUS g75vw KDE leap 42.3 -- ASUS g750JZ KDE leap 42.3 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  5. #5
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,020

    Default Re: SSH. irrational behavior

    Quote Originally Posted by ken_yap View Post
    localhost means 127.0.0.1. When you connect to root@qosmi, that's = root@127.0.0.2. You should allow 127.0.0.2 if you want to do this.
    This is the reason of my title : "irrational behavior".

    If you look at the beginning of the post you will see that it is working from the BOX A
    /etc/hosts.allow :
    sshd : 192.168.1. : allow
    sshd : localhost : allow
    sshd : ALL : deny



    Have then change /etc/hosts.allow for both
    sshd : 192.168.130. : allow
    sshd : 127.0.0. : allow
    sshd : ALL : deny


    It is working for both; but still irrational behavior.

    Any way thank you for helping.
    Thanks for helping. JCD
    __________

    server leap 15-- ASUS g75vw KDE leap 42.3 -- ASUS g750JZ KDE leap 42.3 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  6. #6
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: SSH. irrational behavior

    It works to A because there is no restriction on outgoing. And A allows from 192.168.1.*, which covers B. In case you are unclear, hosts.{allow,deny} only control incoming connections. When you connect from B to B, you are using 127.0.0.2 and this falls under the category ALL. All perfectly rational.

  7. #7
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,020

    Default Re: SSH. irrational behavior

    Quote Originally Posted by ken_yap View Post
    It works to A because there is no restriction on outgoing. And A allows from 192.168.1.*, which covers B. In case you are unclear, hosts.{allow,deny} only control incoming connections. When you connect from B to B, you are using 127.0.0.2 and this falls under the category ALL. All perfectly rational.
    When I am physically on BOX A and SSH logging to BOX A ( I am testing ssh locally on BOX A )
    WITH :
    /etc/hosts.allow :
    sshd : 192.168.1. : allow
    sshd : localhost : allow
    sshd : ALL : deny

    It is working. I can log to myself ON BOX A to BOX A (Internal connection on BOX A).
    (By the way I can log from box A to box B)

    When I am physically on laptop BOX B and SSH logging to laptop BOX B ( I am testing ssh locally on laptop BOX B )
    WITH :
    /etc/hosts.allow :
    sshd : 192.168.1. : allow
    sshd : localhost : allow
    sshd : ALL : deny

    It is not working. I can't log to myself ON laptop BOX B to laptop BOX B (Internal connection on BOX B)..
    (By the way I can log from BOX B to BOX A).

    After changing hosts.allow on both box

    sshd : 192.168.1. : allow
    sshd : 127.0.0. : allow
    sshd : ALL : deny

    They have the same behavior.

    That was the reason of my post. The behavior of box B was not identical at the behavior of box A.

    Any way that you for your help.

    Thanks for helping. JCD
    __________

    server leap 15-- ASUS g75vw KDE leap 42.3 -- ASUS g750JZ KDE leap 42.3 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  8. #8
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,345
    Blog Entries
    3

    Default Re: SSH. irrational behavior

    Is there any difference in the output from
    Code:
    grep localhost /etc/hosts
    on those two boxes?
    openSUSE Leap 15.1; KDE Plasma 5;

  9. #9
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: SSH. irrational behavior

    Quote Originally Posted by jcdole View Post
    When I am physically on laptop BOX B and SSH logging to laptop BOX B ( I am testing ssh locally on laptop BOX B )
    WITH :
    /etc/hosts.allow :
    sshd : 192.168.1. : allow
    sshd : localhost : allow
    sshd : ALL : deny

    It is not working. I can't log to myself ON laptop BOX B to laptop BOX B (Internal connection on BOX B)..
    (By the way I can log from BOX B to BOX A).
    It doesn't work because you used a name on B that maps to 127.0.0.2, as I've already pointed out right from the beginning, and this is not covered by the localhost clause and falls under ALL. localhost = 127.0.0.1 and is not the same as 127.0.0.

  10. #10

    Default Re: SSH. irrational behavior

    ken yap wrote:
    > jcdole;2353328 Wrote:
    >> When I am physically on laptop BOX B and SSH logging to laptop BOX B ( I
    >> am testing ssh locally on laptop BOX B )
    >> WITH :
    >> /etc/hosts.allow :
    >> sshd : 192.168.1. : allow
    >> sshd : localhost : allow
    >> sshd : ALL : deny
    >>
    >> It is not working. I can't log to myself ON laptop BOX B to laptop BOX
    >> B (Internal connection on BOX B)..
    >> (By the way I can log from BOX B to BOX A).

    >
    > It doesn't work because you used a name on B that maps to 127.0.0.*2*,
    > as I've already pointed out right from the beginning, and this is not
    > covered by the localhost clause and falls under ALL. localhost =
    > 127.0.0.1 and is not the same as 127.0.0.


    What the OP may not also be seeing is the misconfiguration on box A
    (duplicate use of hostname with two different IP addresses). So it uses
    the 192.168.1. permission on that host.

    BOX A (linux):
    opensuse 11.3 samba ldap server config
    Reserved (fixed) ip adress configured on the router and send via dhcp.
    hosts :
    192.168.1.50 LINUX.MYDOM.NET LINUX
    127.0.0.1 LOCALHOST.LOCALDOMAIN LOCALHOST
    127.0.0.2 LINUX.MYDOM.NET LINUX

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •