in traveling the course to solve a "can't connect adjacent
boxes without first jumping outside the local netgroup"
problem, i ran across a situation that seems to merit comment--
i've solved the original problem i had, which was that i
couldn't ssh from A to C (nor vice-versa) but i could ssh from
either A or C to an outside box B, and then back in to the
target computer (C or A).
A 10.1.1.1 local LAN
B 10.10.10.10 way the heck Out There
C 10.1.1.5 local LAN
the error was:
[EMAIL PROTECTED] ssh 10.1.1.5
ssh_exchange_identification: Connection closed by remote host
vice-versa (from C to A):
[EMAIL PROTECTED] ssh 10.1.1.1
ssh_exchange_identification: Connection closed by remote host
A and C are on a subnet (29 bits as in 255.255.255.248) which B
is not a member of, if that's important. there's also a firewall
[clarkconnect.org] as one of the nodes on the subnet (but
neither A nor C are behind the firewall).
the obstruction was in fact /etc/hosts.deny and
/etc/hosts.allow, which contained basically just one line:
ALL : PARANOID : deny
which makes any incoming connection whose reported hostname that
does NOT jibe with the looked-up hostname, die because of
paranoiac security restrictions.
since dns is overkill for such a small group, my connect
attempts showed up as "paranoid-style-reject" based on the
hosts.deny instruction. as it should have.
(once i found "ssh -v" my debug time shortened considerably!)
===
here's the snag:
i tried adding
ALL : 10.1.1.1/29 : allow
and it didn't work, of course, because as the documentation
says, you use net.net.net.net/mask.mask.mask.mask not
net.net.net.net/bits as i'd hoped.
fine.
ALL : 10.1.1.1/255.255.255.248 : allow
this STILL REJECTED ALL LEGIT ATTEMPTS! from 10.1.1.0 to
10.1.1.8, all connection attempts were denied! (both in practice
and as predicted via tcpdmatch.)
so i changed it to
ALL : /etc/hosts.local.allow : allow
and added the IP's to /etc/hosts.local.allow such as
10.1.1.1
10.1.1.2
10.1.1.3
10.1.1.4
10.1.1.5
10.1.1.6
10.1.1.7
and THAT worked.
unless i seriously misread the docs, tho, shouldn't
N.N.N.N/M.M.M.M work as above?
--
I use Debian/GNU Linux version 3.0-bunk-1;
Linux server 2.4.20-k6 #1 Mon Jan 13 23:49:14 EST 2003 i586 unknown
DEBIAN NEWBIE TIP #96 from Joost Kooij <[EMAIL PROTECTED]>
:
Did you know that you can SWITCH BETWEEN VIRTUAL CONSOLES using
leftalt+cursor{left,right}? To change from vc4 to vc5, press
alt-cursorright. Going back to X from vc1 is as simple as
alt-cursorleft. (It doesn't work when you're already within
X11, though -- but control-alt-F1 does.)
Also see http://newbieDoc.sourceForge.net/ ...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
