Many, many thanks to Mark Round, who pointed me to /etc/hosts.allow . Basically, SST puts in place its own /etc/hosts.allow and /etc/hosts.deny . In /etc/hosts.allow i modified the sshd entry from sshd: LOCAL to sshd: ALL and it all worked as expected. Cheers Loris -----Original Message----- From: Loris Serena Sent: 17 August 2005 16:07 To: sunmanagers@sunmanagers.org Subject: SunSSH erratic behaviour after applying SST (Jass) 4.2 to a Solar is 10 x86 box. SunManagers, I have this Solaris 10 x86 box that worked fine (i.e. I could connect to it via ssh just ok) I've downloaded and installed SST 4.2 (Solaris Security Toolkit - aka Jass) and installed it with the -d secure.driver. After rebooting, I'm experiencing some difficulties logging in via ssh. 1. no changes were made to sshd_config by SST (except Banner /etc/issue) [minivip]$ ssh -V Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f [minivip]$ Also, I'm not (yet) using SSH keys, just standard unix username/password authentication 2. I can no longer ssh from a Wintel box using PuTTY (0.58); a. PuTTY returns "Server unexpectedly closed network connection" b. putty.log logs nothing; c. in /var/adm/messages on the Solaris 10 box I get: Aug 17 15:39:05 minivip sshd[637]: [ID 947420 auth.warning] refused connect from 10.40.5.182 3. I can no longer ssh from (the same) Wintel box using Win32OpenSSH(3.8.1)/cygwin; a. $ ssh -v -v -v 10.40.5.23 OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004 debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.40.5.23 [10.40.5.23] port 22. debug1: Connection established. debug1: identity file /home/lserena/.ssh/identity type -1 debug1: identity file /home/lserena/.ssh/id_rsa type -1 debug1: identity file /home/lserena/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host $ b. in /var/adm/messages on the Solaris 10 box I get: Aug 17 15:42:21 minivip sshd[647]: [ID 947420 auth.warning] refused connect from 10.40.5.182 4. A cmd/DOS "telnet 10.40.5.23 22" seems to go through OK 5. I still can ssh from a Solaris 8 x86 using OpenSSH 4.1 [nemo]$ ssh -V OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005 [nemo]$ 6. I still can ssh from a Solaris 9 SPARC [birba]$ ssh -V SSH Version Sun_SSH_1.0, protocol versions 1.5/2.0. [birba]$ I even had a look at Sunsolve (Sun Alert ID: 101834) http://sunsolve.sun.com/search/document.do?assetkey=1-26-101834-1&searchclau se=101834 <http://sunsolve.sun.com/search/document.do?assetkey=1-26-101834-1&searchcla use=101834> but I've actually patch 119076-05 installed already. Here is the sshd_config on the Solaris 10 x86 box. [minivip]/etc/ssh$ cat sshd_config | grep -v "^#" | grep -v "^$" Protocol 2 Port 22 ListenAddress :: AllowTcpForwarding no GatewayPorts no X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes Banner /etc/issue PrintMotd no KeepAlive yes SyslogFacility auth LogLevel info HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 KeyRegenerationInterval 3600 StrictModes yes LoginGraceTime 600 MaxAuthTries 6 MaxAuthTriesLog 3 PermitEmptyPasswords no PasswordAuthentication yes PAMAuthenticationViaKBDInt yes PermitRootLogin no Subsystem sftp /usr/lib/ssh/sftp-server IgnoreRhosts yes RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes [minivip]/etc/ssh$ Does anybody know how to get this sorted or could you please point me to the right direction? Thanks in advance Loris BT Communications Ireland Limited is a wholly owned subsidiary of BT Group plc Registered in Ireland, Registration No. 141524 Grand Canal Plaza, Upper Grand Canal Street, Dublin, Ireland This electronic message contains information (and may contain files) from BT Communications Ireland Limited which may be privileged or confidential. The information is intended to be for the sole use of the individual(s) or entity named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information and or files is prohibited. If you have received this electronic message in error, please notify us by telephone or email (to the numbers or address above) immediately. http://www.btireland.ie _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers BT Communications Ireland Limited is a wholly owned subsidiary of BT Group plc Registered in Ireland, Registration No. 141524 Grand Canal Plaza, Upper Grand Canal Street, Dublin, Ireland This electronic message contains information (and may contain files) from BT Communications Ireland Limited which may be privileged or confidential. The information is intended to be for the sole use of the individual(s) or entity named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information and or files is prohibited. If you have received this electronic message in error, please notify us by telephone or email (to the numbers or address above) immediately. http://www.btireland.ie _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed Aug 17 11:40:37 2005
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:50 EST