BOX A (linux):
opensuse 11.3 samba ldap server config
Reserved (fixed) ip adress configured on the router and send via dhcp.
hosts :
**192.168.1.50 linux.mydom.net linux
127.0.0.1 localhost.localdomain localhost
127.0.0.2 linux.mydom.net linux
**
LAPTOP B (qosmio) :
opensuse desktop 11.3
Dynamic dhcp ip adress
hosts :
**127.0.0.1 localhost.localdomain localhost
127.0.0.2 qosmio.WORKGROUP qosmio
**
On each box same hosts.allow sshd : 192.168.1. : allow
sshd : localhost : allow
sshd : ALL : deny
On each box same /etc/ssh/sshd_config using Port 11945
Protocol 2
PermitRootLogin yes
AllowGroups ssh_user
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
PasswordAuthentication no
UsePAM yes
X11Forwarding yes
Subsystem sftp /usr/lib64/ssh/sftp-server
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
On each box same /etc/ssh/ssh_config Port 11945
Protocol 2
ForwardX11Trusted yes
Host *
VisualHostKey no
HashKnownHosts yes
on LAPTOP (qosmio) BOX B
I have to comment out the last line of hosts.allow #sshd : ALL : deny
otherwise I get an error when I try to connect to myself .
ssh root@qosmio
ssh_exchange_identification: Connection closed by remote host
or with a misspell hosts
ssh root@qosmi
ssh: Could not resolve hostname qosmi: Name or service not known
But I did not get error when connecting to BOX A (linux).
ssh root@linux
Last login: Sun Jun 12 00:48:09 2011 from 192.168.1.65
Have a lot of fun…
I have no problem on the server side, connecting to itself or to laptop
Nota : I need root user because the server ( BOX A ) has no screen and no keyboard ( headless server) and is managed and stop from the laptop.
This is the reason of my title : “irrational behavior”.
If you look at the beginning of the post you will see that it is working from the BOX A
/etc/hosts.allow :
**sshd : 192.168.1. : allow
sshd : localhost : allow
sshd : ALL : deny
**
Have then change /etc/hosts.allow for both
**sshd : 192.168.130. : allow
sshd : 127.0.0. : allow
sshd : ALL : deny
**
It is working for both; but still irrational behavior. :\
It works to A because there is no restriction on outgoing. And A allows from 192.168.1.*, which covers B. In case you are unclear, hosts.{allow,deny} only control incoming connections. When you connect from B to B, you are using 127.0.0.2 and this falls under the category ALL. All perfectly rational.
When I am physically on BOX A and SSH logging to BOX A ( I am testing ssh locally on BOX A )
WITH :
/etc/hosts.allow :
sshd : 192.168.1. : allow
sshd : localhost : allow
sshd : ALL : deny
It is working. I can log to myself ON BOX A to BOX A (Internal connection on BOX A).
(By the way I can log from box A to box B)
When I am physically on laptop BOX B and SSH logging to laptop BOX B ( I am testing ssh locally on laptop BOX B )
WITH :
/etc/hosts.allow :
sshd : 192.168.1. : allow
sshd : localhost : allow
sshd : ALL : deny
It is not working. I can’t log to myself ON laptop BOX B to laptop BOX B (Internal connection on BOX B)…
(By the way I can log from BOX B to BOX A).
It doesn’t work because you used a name on B that maps to 127.0.0.2, as I’ve already pointed out right from the beginning, and this is not covered by the localhost clause and falls under ALL. localhost = 127.0.0.1 and is not the same as 127.0.0.
ken yap wrote:
> jcdole;2353328 Wrote:
>> When I am physically on laptop BOX B and SSH logging to laptop BOX B ( I
>> am testing ssh locally on laptop BOX B )
>> WITH :
>> /etc/hosts.allow :
>> sshd : 192.168.1. : allow
>> sshd : localhost : allow
>> sshd : ALL : deny
>>
>> It is not working. I can’t log to myself ON laptop BOX B to laptop BOX
>> B (Internal connection on BOX B)…
>> (By the way I can log from BOX B to BOX A).
>
> It doesn’t work because you used a name on B that maps to 127.0.0.2,
> as I’ve already pointed out right from the beginning, and this is not
> covered by the localhost clause and falls under ALL. localhost =
> 127.0.0.1 and is not the same as 127.0.0.
What the OP may not also be seeing is the misconfiguration on box A
(duplicate use of hostname with two different IP addresses). So it uses
the 192.168.1. permission on that host.
BOX A (linux):
opensuse 11.3 samba ldap server config
Reserved (fixed) ip adress configured on the router and send via dhcp.
hosts :
192.168.1.50 LINUX.MYDOM.NET LINUX
127.0.0.1 LOCALHOST.LOCALDOMAIN LOCALHOST
127.0.0.2 LINUX.MYDOM.NET LINUX
Here initial configuration made by opensuse install (see below 127.0.0.1 and 1217.0.0.2).
I have remove all ipv6 reference and just replace the standard name generated by installer : linux-sb5k.site linux-sb5k by my own name.
If the configuration is wrong, give me some advice. (SAMBA and LDAP SERVER must be resolvable at startup)
LINUX INSTALLER
hosts This file describes a number of hostname-to-address
mappings for the TCP/IP subsystem. It is mostly
used at boot time, when no name servers are running.
On small systems, this file can be used instead of a