|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Introduction plus SSH login hang question.
Hello ladies and gents,
Im an engineer and it has is becoming apparent that in my in undustry web servers are becoming more necessary for every day use. I have therefore taken on the duty of learning an OS. Having looked around and various flavours of linux etc I have opted to go for Openbsd. The reason being security and the fact that you have to get your hands dirty in order to get things running smoothly and as you want. At the moment I'm reading through the ABSOLUTE OPENBSD book by Michael W Lucas and it's great. I have been looking around for a forum that covers bsd and this seems to fit the bill. There seem to be some very knowledgable characters around and I'm sure If I had the knowledge they did I too would help fledgling users such as myself. My reason for the post is to introduce myself and let you know what I have done so far having started to study the anatomy of the file structure etc. It really is a baptism of fire for myself and trial and error seem to be the call of the day at the moment. That is until I pick up some second nature command line skills. Please forgive my newbie way of explanations below as I do not work in the industry and only have to pick the slang terms up in time. Anyway I have Installed Openbsd 4.6 on an old optiplex gx110 at home it is old but for all intense and purposes I think it is powerful enough for my needs at home. My topoglogy is as follows External Firewall (192.168.1.254) - 24port switch - Internal lan (192.168.1.x) The External firewall acts as a dhcp server for internal lan clients including my bsd box (initially). Now I have fixed the IP address in bsd with the /etc/hostname.xl0 inet 192.168.1.64 255.255.255.0 NONE and set /etc/mygate 192.168.1.254 I have also changed the default ssh port to 1234 using the /etc/ssh/sshd_config file the computer will not be exposed to the outside world until I'm absolutely sure the box is secure. This will be done using pf but I'm a way off that yet. Over the last couple of evening I have been using vi for editing although I have installed nano and find it a little easier for the newb that I am. ----------------------------------------------------- The reason I have been prompted to join a forum is I have an alterior motive (here it comes). Over the last day or so I have logged into ssh and after typing tin the username and pressing return the command prompt will hang for about 1 minutes then ask for the password. Having typed the password I can the login and get on with whatever it is I wish to do. My first quaetion would be does anyone have an idea as to why the system would hang like this. All other scripts are in a default state untouched. Thanks people Pico -------------------- Print out of /var/run/dmesg.boot OpenBSD 4.6 (GENERIC) #58: Thu Jul 9 21:24:42 MDT 2009 deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III ("GenuineIntel" 686-class) 665 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MC A,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 132399104 (126MB) avail mem = 119201792 (113MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/18/00, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf0450 (58 entries) bios0: vendor Dell Computer Corporation version "A05" date 09/18/2000 bios0: Dell Computer Corporation OptiPlex GX110 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbc40/176 (9 entries) pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371AB PIIX4 ISA" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc0000/0x8000 0xc8000/0x8000 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82810E Host" rev 0x03 vga1 at pci0 dev 1 function 0 "Intel 82810E Video" rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xf8000000, size 0x4000000 ppb0 at pci0 dev 30 function 0 "Intel 82801AA Hub-to-PCI" rev 0x02 pci1 at ppb0 bus 1 rl0 at pci1 dev 8 function 0 "Realtek 8139" rev 0x10: irq 10, address 00:30:bd:07:90:af rlphy0 at rl0 phy 0: RTL internal PHY xl0 at pci1 dev 12 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 5, address 00:b0:d0:b9:25:e7 bmtphy0 at xl0 phy 24: 3C905C internal PHY, rev. 7 ichpcib0 at pci0 dev 31 function 0 "Intel 82801AA LPC" rev 0x02: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 "Intel 82801AA IDE" rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: <Maxtor 6E040L0> wd0: 16-sector PIO, LBA, 39205MB, 80293248 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: <SAMSUNG, CD-ROM SC-148C, C002> ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 31 function 2 "Intel 82801AA USB" rev 0x02: irq 11 ichiic0 at pci0 dev 31 function 3 "Intel 82801AA SMBus" rev 0x02: SMBus disabled auich0 at pci0 dev 31 function 5 "Intel 82801AA AC97" rev 0x02: irq 10, ICH AC97 ac97: codec id 0x41445348 (Analog Devices AD1881A) ac97: codec features headphone, Analog Devices Phat Stereo audio0 at auich0 isa0 at ichpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: <PC speaker> spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec usb0 at uhci0: USB revision 1.0 uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 biomask fb45 netmask ff65 ttymask ffff mtrr: Pentium Pro MTRR support softraid0 at root root on wd0a swap on wd0b dump on wd0b /var/log/authlog Mar 27 07:24:38 pico sshd[9094]: Server listening on :: port 1234. Mar 27 07:24:38 pico sshd[9094]: Server listening on 0.0.0.0 port 1234. Mar 27 07:59:58 pico sshd[24941]: Accepted password for pico from 192.168.1.78 port 1536 ssh2 Mar 27 08:00:14 pico su: pico to root on /dev/ttyp0 Mar 27 08:11:02 pico sshd[8614]: Server listening on :: port 1234. Mar 27 08:11:02 pico sshd[8614]: Server listening on 0.0.0.0 port 1234. Mar 27 08:29:25 pico sshd[20526]: Accepted password for pico from 192.168.1.78 port 1771 ssh2 Mar 27 08:30:20 pico su: pico to root on /dev/ttyp0 Mar 27 08:51:02 pico sshd[8287]: Server listening on :: port 1234. Mar 27 08:51:02 pico sshd[8287]: Server listening on 0.0.0.0 port 1234. Mar 27 08:54:50 pico su: pico to root on /dev/ttyC0 Mar 27 08:56:57 pico sshd[11891]: Server listening on :: port 1234. Mar 27 08:56:57 pico sshd[11891]: Server listening on 0.0.0.0 port 1234. Mar 27 09:03:39 pico sshd[17745]: Accepted password for pico from 192.168.1.78 port 1858 ssh2 Mar 27 09:03:52 pico su: pico to root on /dev/ttyp0 /var/log/daemon (sorry dont know what this file does yet thought I would put it up anyway) Mar 23 19:09:28 pico savecore: no core dump Mar 23 21:24:28 pico savecore: no core dump Mar 23 22:12:12 pico savecore: no core dump Mar 23 21:18:22 pico savecore: no core dump Mar 24 18:13:19 pico savecore: no core dump Mar 24 18:41:13 pico savecore: no core dump Mar 25 19:30:00 pico savecore: no core dump Mar 25 19:33:02 pico savecore: no core dump Mar 25 21:42:52 pico savecore: no core dump Mar 26 06:49:23 pico savecore: no core dump Mar 26 19:48:04 pico savecore: no core dump Mar 26 19:52:12 pico savecore: no core dump Mar 26 20:47:06 pico savecore: no core dump Mar 27 07:24:36 pico savecore: no core dump Mar 27 08:11:00 pico savecore: no core dump Mar 27 08:51:00 pico savecore: no core dump Mar 27 08:56:55 pico savecore: no core dump # ifconfig lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33200 priority: 0 groups: lo inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 rl0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:30:bd:07:90:af priority: 0 media: Ethernet autoselect status: no carrier xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:b0:d0:b9:25:e7 priority: 0 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.1.64 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::2b0:d0ff:feb9:25e7%xl0 prefixlen 64 scopeid 0x2 enc0: flags=0<> mtu 1536 priority: 0 pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200 priority: 0 groups: pflog # |
|
|||
Ok a little further
I'm sure this will engage someone into slapping some sense into me.
I have been playing around a little and it appears that if I put my hostname file into dhcp rather than fixed the ssh login is fluent. When I put it back to my config above it halts on login. I'm sure this is basic so any ideas would be greatly appreciated. Below is my dhcp info above is my fixed info (maybe my fixed info has something incorrect). # dhclient xl0 DHCPDISCOVER on xl0 to 255.255.255.255 port 67 interval 1 DHCPOFFER from 192.168.1.254 (00:19:e4:a2:74:29) DHCPREQUEST on xl0 to 255.255.255.255 port 67 DHCPACK from 192.168.1.254 (00:19:e4:a2:74:29) bound to 192.168.1.64 -- renewal in 43200 seconds. # # ifconfig lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33200 priority: 0 groups: lo inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 rl0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:30:bd:07:90:af priority: 0 media: Ethernet autoselect status: no carrier xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:b0:d0:b9:25:e7 priority: 0 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::2b0:d0ff:feb9:25e7%xl0 prefixlen 64 scopeid 0x2 inet 192.168.1.64 netmask 0xffffff00 broadcast 192.168.1.255 enc0: flags=0<> mtu 1536 priority: 0 pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200 priority: 0 groups: pflog Cheers Pico |
|
|||
Fixed it myself
After going through /etc/ with a fine toothed comb I found out it was my
/etc/resolv.conf I had the name server set to a bogus ip address rather than the firewalls address. Changed it to the correct on and shazam one working ssh with no hang ups. I'm happy how far I have got with this system. Now on to apache I suspect I have a lot of reading to do in order to make sure I have security sewn up although ny default from reading it looks pretty good. Cheers Pico |
|
|||
Welcome to the forums,
You were definitely on the right track, sshd was blocking while doing reverse DNS lookups.. you can disable it outright in /etc/ssh/sshd_config, by setting UseDNS to no. As for the difficulty with vi(1), you may have better luck using mg(1).. which is an emacs clone, but ultimately it's worth learning how to use vi. Good luck. |
|
|||
Thanks for the tip BSDfan666
Thanks for the tip BSDfan666.
I will have a look. All I can say is I'm loving this Openbsd. I have always toyed around with electrical equipment for years and been on computers in various types. What I can say for Openbsd is the anatomy of file system is great for a logical breakdown of things. Now I'm looking into cobbling together a pf rule set and hopefully someone can have a look here and give me the nod as to it's integrity. Then its on to finding some form of native openbsd intrusion detection system like tripwire nut a openbsd flavour. That is of course unless you people don't think one is necessary. It would be great to have most bases covered and getting an audit trail back to potential compromises would be great (of course this is an art in itself). So many things to do and my weekend is running out very quickly then it's back to the grind. Damn What I can say though is if you do this for a living it certainly is a full time job because presumably you would have numerous system all running different OS and all suffering from needed patches etc. It makes my head spin just thinking about it . I take my hat off to you all. Regards Pico |
|
|||
Recognize that vi(1) is available on virtually all Unix & Unix-like systems. It helps to have some level of fluency.
Quote:
Quote:
|
|
|||
I just got two new OpenBSD books I wish I had a year ago: 'The Book of PF' and 'Secure Architectures with OpenBSD'. I'd seriously get my hands on these two if you want get up to speed a lot faster and use a secure X configuration and SSh. I have 'Absolute OpenBSD' I love it I read it from cover to cover all the time hoping I remember important facets of the OBSD OS.
|
|
|||
Just got the book of pf tetro very good indeed. I have a bank holiday off now so a little time to read and play. My wife has roped me into digging over the veggie patch though... bummer.
I will look into the secure architectures book sounds good. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
external drive partition question + fdisk question | gosha | OpenBSD General | 15 | 15th June 2009 02:00 PM |
cannot login after installation | ccc | FreeBSD Installation and Upgrading | 3 | 28th October 2008 11:54 AM |
How to set up ssh login | cssgalactic | FreeBSD General | 12 | 28th June 2008 06:00 PM |
Designing BSD Rootkits: An Introduction to Kernel Hacking | cajunman4life | Book reviews | 2 | 21st June 2008 03:27 PM |
Semi-brief introduction to file permissions, | BSDfan666 | Guides | 4 | 7th June 2008 02:38 PM |