broken ssh

Karl Auer kauer at biplane.com.au
Sun Jun 13 16:55:32 UTC 2010


On Sun, 2010-06-13 at 12:13 -0400, Mark C. Miller wrote:
> > If your password is rejected, check the sshd-config settings, make sure
> > connections are permitted from your IP address etc.
> 
> I'm not quite sure how to do this

Look at /etc/ssh/sshd_config. Check any settings that restrict logins.
For example, if your password is empty, PermitEmptyPasswords had better
be "yes" :-) Also look at things like AllowGroups, AllowUsers,
DenyUsers, DenyGroups, any use of Match, and maybe StrictModes.

> This how the router was set up back when it was working. If I understand 
> this, the "eyore.homelinux.net" assigned by dyndns gets the outside user 
> to the router.  From there port 22 (ssh) needs to be forwarded so that 
> the router processes any login attempts to the correct computeer 
> (192.198.1.104)

Are you certain that the name "eyore.homelinux.net" is correctly
pointing at the correct router? To make sure that you are not trying to
log in to some random other host, try doing ssh to the current outside
address of your router.

If you have more than one machine behind the router, are you certain
that you are forwarding port 22 (or whatever) to the correct machine?
Double check that.

One way to make sure you are talking to the right machine is to
edit /etc/ssh/sshd_config and set the Banner option to display something
recognisable. The banner is displayed before authentication happens, so
you'll see it even if the login fails. If you set the banner on the
remote host (don't forget to restart the sshd daemon!) and the banner is
not displayed when you try to log in, then you are not talking to the
machine you think you are talking to.

> mark at eyore:~$ ssh eyore15 at eyore.homelinux.net
> eyore15 at eyore.homelinux.net's password:
> Permission denied, please try again.
> eyore15 at eyore.homelinux.net's password:
> Permission denied, please try again.
> eyore15 at eyore.homelinux.net's password:
> Permission denied (publickey,password).
> mark at eyore:~$

If eyore.homelinux.net is definitely the right remote machine, then the
above is conclusive evidence that everything is working. The problem is
the password or some restriction on that account.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20100614/95932367/attachment.pgp>


More information about the ubuntu-users mailing list