DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th August 2011
zeenmc zeenmc is offline
Port Guard
 
Join Date: Jun 2011
Posts: 18
Default I can't loggin on ssh on openbsd 4.9

Hi, I can log on server, with local IP (server IP is 192.168.1.30) but when I use static public IP (I get from my wisp one public static for my game ) I can't, I got this, ofcorse, I know my password, but, I don't know where is problem

Code:
zeenmc@MYPUBLICIP's password: 
Permission denied, please try again.
zeenmc@MYPUBLICIP's password:
]

Last edited by J65nko; 28th August 2011 at 05:11 PM. Reason: fixed quote/code tags
Reply With Quote
  #2   (View Single Post)  
Old 28th August 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Examine /var/log/authlog for information from sshd(8). It may provide some insight. If there is no record of the attempted connection, you are not reaching your server, but some other system instead. The fingerprint from the server would confirm this (you get the fingerprint the first time you attempt to connect to an unknown host).

Also inspect /etc/ssh/sshd_config for any local provisioning changes you may have performed.
Reply With Quote
  #3   (View Single Post)  
Old 28th August 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

From the ssh man page:

Code:
     -v      Verbose mode.  Causes ssh to print debugging messages about its
             progress.  This is helpful in debugging connection,
             authentication, and configuration problems.  Multiple -v options
             increase the verbosity.  The maximum is 3.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #4   (View Single Post)  
Old 28th August 2011
zeenmc zeenmc is offline
Port Guard
 
Join Date: Jun 2011
Posts: 18
Default

Quote:
zeenmc@tesla:~$ ssh -v zeenmc@freeland.brokenbyte.org
I have apache on that server, I am sure, I have connections on my server, I config on Mikrotik router, port forwarding, for ssh,

OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to freeland.brokenbyte.org [188.120.102.175] port 22.
debug1: Connection established.
debug1: identity file /home/zeenmc/.ssh/id_rsa type -1
debug1: identity file /home/zeenmc/.ssh/id_rsa-cert type -1
debug1: identity file /home/zeenmc/.ssh/id_dsa type -1
debug1: identity file /home/zeenmc/.ssh/id_dsa-cert type -1
debug1: identity file /home/zeenmc/.ssh/id_ecdsa type -1
debug1: identity file /home/zeenmc/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.3.0_Mikrotik_v2.9
debug1: match: OpenSSH_2.3.0_Mikrotik_v2.9 pat OpenSSH_2.3.0*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD(2048) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: DSA ed:4d:cb:43:bc:c6:5d:ab:dd:32:da:65:b3:f5:4b:08
debug1: Host 'freeland.brokenbyte.org' is known and matches the DSA host key.
debug1: Found key in /home/zeenmc/.ssh/known_hosts:4
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/zeenmc/.ssh/id_rsa
debug1: Trying private key: /home/zeenmc/.ssh/id_dsa
debug1: Trying private key: /home/zeenmc/.ssh/id_ecdsa
debug1: Next authentication method: password
zeenmc@freeland.brokenbyte.org's password:
Last part of /var/log/authlog
Quote:
Aug 28 19:31:46 freeland su: zeenmc to root on /dev/ttyp0
Aug 28 19:33:21 freeland sshd[17603]: Server listening on :: port 22.
Aug 28 19:33:21 freeland sshd[17603]: Server listening on 0.0.0.0 port 22.
Aug 28 19:35:19 freeland sshd[11863]: Accepted password for zeenmc from 192.168.1.2 port 54838 ssh2
Aug 28 19:35:47 freeland su: zeenmc to root on /dev/ttyp0
Aug 28 19:46:27 freeland sshd[4128]: Accepted password for zeenmc from 192.168.1.2 port 59717 ssh2
Aug 28 19:46:41 freeland su: zeenmc to root on /dev/ttyp1
Aug 28 19:48:39 freeland sshd[784]: Accepted password for zeenmc from 192.168.1.2 port 59756 ssh2
Aug 28 19:49:17 freeland su: zeenmc to root on /dev/ttyp2
Aug 28 19:53:34 freeland sshd[23181]: Accepted password for zeenmc from 192.168.1.2 port 44601 ssh2
Aug 28 19:53:36 freeland su: zeenmc to root on /dev/ttyp3
Aug 28 19:57:15 freeland sshd[2643]: Server listening on :: port 22.
Aug 28 19:57:15 freeland sshd[2643]: Server listening on 0.0.0.0 port 22.
Aug 28 23:49:17 freeland sshd[30099]: Accepted password for zeenmc from 192.168.1.2 port 38302 ssh2
Aug 28 23:49:23 freeland sshd[14861]: Received disconnect from 192.168.1.2: 11: disconnected by user
Aug 28 23:49:32 freeland sshd[3736]: Accepted password for zeenmc from 192.168.1.2 port 43344 ssh2
Aug 28 23:49:34 freeland su: zeenmc to root on /dev/ttyp0
Reply With Quote
  #5   (View Single Post)  
Old 28th August 2011
zeenmc zeenmc is offline
Port Guard
 
Join Date: Jun 2011
Posts: 18
Default

I make new connections

Quote:
zeenmc@tesla:~$ ssh root@freeland.brokenbyte.org
The authenticity of host 'freeland.brokenbyte.org (188.120.102.175)' can't be established.
DSA key fingerprint is ed:4d:cb:43:bc:c6:5d:ab:dd:32:da:65:b3:f5:4b:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'freeland.brokenbyte.org,188.120.102.175' (DSA) to the list of known hosts.
Reply With Quote
  #6   (View Single Post)  
Old 28th August 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

By default ssh does a reverse DNS lookup of the server it is connecting to. But your server does not have a reverse DNS entry
Code:
$ dig -x 188.120.102.175 

; <<>> DiG 9.4.2-P2 <<>> -x 188.120.102.175
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18872
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;175.102.120.188.in-addr.arpa.  IN      PTR

;; Query time: 510 msec
;; SERVER: 192.168.222.10#53(192.168.222.10)
;; WHEN: Mon Aug 29 00:07:46 2011
;; MSG SIZE  rcvd: 46
So it could be that your workstation is just retrying this lookup, which could take up to 2 minutes. Just try to wait for that long......

If you manage to log in after that long delay, you could add an entry for your server in your /etc/hosts file of your workstation:
Code:
188.120.102.175 freeland.brokenbyte.org
You did not give us a lot of details about the network topology, but you can check whether http://www.openbsd.dk/faq/pf/rdr.html#reflect applies to your situation
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #7   (View Single Post)  
Old 28th August 2011
zeenmc zeenmc is offline
Port Guard
 
Join Date: Jun 2011
Posts: 18
Default

Hm, I have static IP from mikrotik, second link is ADSL, what details you want ? that is no problem , I will maybe call mh WISP, and ask about this problem, maybe they can fix this, but, I will use hosts.conf Can I fix problem with reverse DNS entry, on zone edit, bicause I have account and brokenbyte.org zone there, I config that, maybe I do some bad config with DNS?


Quote:
zeenmc@tesla:~$ ssh zeenmc@188.120.102.175
zeenmc@188.120.102.175's password:
Permission denied, please try again.

Last edited by zeenmc; 29th August 2011 at 06:54 AM.
Reply With Quote
  #8   (View Single Post)  
Old 30th August 2011
BinarySpike BinarySpike is offline
New User
 
Join Date: Aug 2011
Posts: 7
Default

J65nko's link on traffic redirection was my problem when I was setting up my OpenBSD firewall. Specifically "RDR-TO and NAT-TO Combination".

Also, make sure that the account you are trying to login to has password login privilages. Have you edited your sshd_config file? You could have performed something like this: http://old.nabble.com/Disable-SSH-passwords-per-user-td27021767.html on accident.
Reply With Quote
  #9   (View Single Post)  
Old 30th August 2011
zeenmc zeenmc is offline
Port Guard
 
Join Date: Jun 2011
Posts: 18
Default

I have only put config for root login on ssh, only that, my NAT is on Mikrotik RouterOS (WISP) on OpenBSD (where is ssh) don't put anything on PF config file
Reply With Quote
Old 26th September 2011
zeenmc zeenmc is offline
Port Guard
 
Join Date: Jun 2011
Posts: 18
Default

uh, I find what is problem, you will kill me haha, Mikrotik router have sam problem in NAT, I don't know whay, I remove rule whit port forwarding, and put again the same rule, and start working, first, bicouse some bug, port forward is connect on mt ssh, although it is generally said to connect to a private IP address and port of the ssh
Reply With Quote
Old 26th September 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I don't understand your post. Are you referring to attempting to redirect from inside a NATted network, as described here?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:29 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick