Re: ssh - cannot log in

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If I were using a Linux ssh client, I would turn on the debug option.
Does Putty have a debug window one could look at which might give clues?

Does anything appear in the FC6 Linux log files?
In FC6 and FC7, /etc/syslog.conf sends authpriv.* to /var/log/secure

Is sshd running on FC6?  What does "service sshd status" indicate? 

Please examine /etc/ssh/sshd_config to see how sshd is configured.  The
paranoid, in me, thinks one might not want to share sshd_config with
anyone without proper sanitization.  Please look for the following:

# Specify names of users who can connect to this sshd.
AllowUsers name1 name2 name3
# Is your name on the list?

# Specify which port to listen on?  
Port xyz
# Is this the port you are trying to connect to?

# Specify the ssh protocols accepted, default was Protocol 2,1
# Maybe someone limited it to ssh protocol 2
Protocol 2
# Maybe Putty is not trying to use the correct protocol?

# Specify which interface IP address to listen on, default all
ListenAddress 10.0.0.1
# Only allow clients to connect to 10.0.0.1 if above is in....

# Following will prevent password authentication.  
# One would have to use some other form of authentication.
PasswordAuthentication no

UsePAM no
# -or-
UsePAM yes
ChallengeResponseAuthentication no

# Perhaps one is only allowing pubkeyauthentication

If push comes to shove and one couldn't get debug information from Putty
and/or log information from FC6, I might resort to wireshark to see if a
connection was established or an icmp error was returned when I tried to
connect.  If a connection is established, ssh will encrypt communication
making any further use of Wireshark pointless.

Debug information from Putty and/or any log information from FC6 might
give us a clue.  I am paranoid.  Look at the information before sending
it to the list to make sure there is nothing, security-wise, the public
should not see.

On Tue, 2007-06-26 at 21:02 -0700, David Katz wrote:
> I'm using Putty under XP to try to login to FC6 but it times out.
> 
> I can ping the external ip from my laptop.
> 
> Here's my iptables --list:
> 
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination        
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere           
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination        
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere           
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination        
> 
> Chain RH-Firewall-1-INPUT (2 references)
> target     prot opt source               destination        
> ACCEPT     all  --  anywhere             anywhere           
> ACCEPT     icmp --  anywhere             anywhere            icmp any
> ACCEPT     tcp  --  anywhere             anywhere            tcp 
> dpt:http flags:SYN,RST,ACK/SYN
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
> flags:SYN,RST,ACK/SYN
> ACCEPT     esp  --  anywhere             anywhere           
> ACCEPT     ah   --  anywhere             anywhere           
> ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
> ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
> ACCEPT     all  --  anywhere             anywhere            state 
> RELATED,ESTABLISHED
> ACCEPT     tcp  --  anywhere             anywhere            state NEW 
> tcp dpt:xdmcp
> ACCEPT     udp  --  anywhere             anywhere            state NEW 
> udp dpt:xdmcp
> ACCEPT     tcp  --  anywhere             anywhere            state NEW 
> tcp dpt:x11
> ACCEPT     tcp  --  anywhere             anywhere            state NEW 
> tcp dpt:x11-ssh-offset
> ACCEPT     tcp  --  anywhere             anywhere            state NEW 
> tcp dpt:ssh
> REJECT     all  --  anywhere             anywhere            reject-with 
> icmp-host-prohibited
> 
> I've tried without the windows firewall. The router is open to port 22 
> and nats over to what I think is my workstation (how can I check this?)
> 
> Thanks for any help.
> 
> Note - ultimately I'd like to use X but right now I'm just trying to get 
> a login prompt.
> 
> 
> 
> 

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux