Ethan Benson <[EMAIL PROTECTED]> wrote: >have you tried adding: >ALL: 127.0.0.1 localhost <yourip> <yourhost.yourdomain> >to /etc/hosts.allow just for testing?
Thanks. Ok, I added 127.0.0.1 to hosts.deny on the remote end and it works now. But doesn't this rather weaken security ? I'd like to share what I've found out so far. If anybody is into ssh and PAM, please enlighten us. The local box is running Debian potato with openssh. ~% ssh -V SSH Version OpenSSH-1.2, protocol version 1.5. Compiled with SSL. The problematic remote is running RedHat 6.1 ~% ssh1 -V SSH Version 1.2.26 [i586-unknown-linux], protocol version 1.5. Standard version. Does not use RSAREF. Trying to login using ssh -v says ... debug: Requesting X11 forwarding with authentication spoofing. debug: Requesting authentication agent forwarding. debug: Sending command: /usr/X11R6/bin/xterm debug: Entering interactive session. debug: Remote: Fwd X11 connection from 127.0.0.1 refused by tcp_wrappers. X connection to foo.bar.baz.net:10.0 broken (explicit kill or server shutdown). Now, in /var/log/messages of the remote there is Dec 7 22:56:32 pyxis33 sshd2[453]: connection from "111.222.333.4444" Dec 7 22:56:33 pyxis33 sshd[8764]: log: Generating 768 bit RSA key. Dec 7 22:56:34 pyxis33 sshd[8764]: log: RSA key generation complete. Dec 7 22:56:34 pyxis33 sshd[8764]: log: Connection from 111.222.333.444 port 1023 Dec 7 22:56:34 pyxis33 PAM_pwdb[8764]: authentication failure; (uid=0) -> foo for ssh service Thus, no connection. This happens only on the RH6.1 boxes. I can login to any other machines (SunOS4, Solaris2.5, OSF1 4.0, IRIX6.2) no problem, and I can login from anywhere to my local box. X11Forwarding enabled. Why do I need 127.0.0.1 in hosts.allow on the RH6.1 machines ? My home directories are not group writable as suggested as problem with RSA ( /usr/doc/ssh/README.Debian) I'll try using ssh2 next to see if there's any difference.. Thanks to all for the suggestions. Tnx
