using: slack7, openssh (installed fine from source), ipchains strong ruleset.
before today, i've never even touched or really looked at ssh (or other crypto stuff), so i have no idea what i'm doing apart from the readme and install files. i went through and did the installation of openssh, generated my key, edited my firewall script to allow external ssh connections, and allow ssh output. even edited /etc/hosts.allow to say ' sshd:all '. sshd seems to run fine, but i can't authenticate anyone. yes i know my own passwords, but they don't work. so i set in sshd_config 'UseLogin yes' thinking that it might not be using /bin/login. still no go.
ideas anyone ?? please....

i can telnet and ftp in to my box (just to show it's not a basic connect problem). i would prefer to change from telnet to ssh cos my regular user can su.

[This message has been edited by :david: (edited 29 December 1999).]

I've never generated a key with ssh, so maybe I am more clueless than you. But never-the-less...

Try temporarily disabling your ipchains ruleset, and putting "ALL : ALL" in /etc/hosts.allow - if sshd works properly then, it is probably something wrong with your security setup.

If that doesn't work, it is probably a different problem, or something related directly to sshd.

What error message do you get? Can you connect from localhost?

FYI, don't bother editing /etc/hosts.allow unless you are running sshd from inetd (which isn't a good idea). Most people run sshd as a standalone daemon, because running from inetd causes poor performance (sshd takes a while to start, since it has to generate a new key for each session).

Hope this helps.


------------------
Klamath
Get my GnuPG key from:
http://klamath.dyndns.org/mykey.asc

no i'm not running it via inetd, i did come across the mentioning of sshd reading /etc/hosts.* only when it's run via inetd, but i tried changing them anyway. i tried messing with my firewall, set all chains to accept, no go. same thing. i've tried running the ssh client in verbose to see error messages, i'm not getting any. just 'permission denied, please try again.' something's wrong with the authentication. the passwords i'm using are correct (unless i have to set up accounts, i'm assuming ssh is like telnet and starting a(n interactive) shell after authentication via /bin/login (i mentioned above that i set UseLogin to yes in sshd_config, please note that this was AFTER my first number of unsuccessful attempts).
it's not working, whatever it's trying to do http://www.linuxnewbie.org/ubb/frown.gif

[This message has been edited by :david: (edited 29 December 1999).]

does it have something to do with my use of shadow passwords ?

Are you getting any errors in the server-side logs?

No, I wouldn't expect it has much to do with shadow passwords, unless you haven't setup shadow passwords properly. I use shadow passwords with ssh with no problems.


------------------
Klamath
Get my GnuPG key from:
http://klamath.dyndns.org/mykey.asc

no, just failed authetications
it's not authenticating properly.

i want to know why ?
i think i'm gonna try the proprietary ssh server (from ssh.org) maybe that might change something

Are you using MD5 passwords?
does ssh know that you're using MD5 passwords?

try using keypairs instead of UNIX passwords

actually, i uninstalled (make uninstall) openssh. and installed ssh1 and ssh2, ssh2 being default, it fires up ssh1 if someone asks for ssh1 protocol.
i can now login from my machine, but can't find a winbloze client that'll do anything.
i tried mindterm, but you have to sign the applet before it'll let you connect to external machines (sorry, don't know how), and then i tried terraterm pro or something or another, it has an ssh addon (.dll), but dammit, it's not even trying to authenticate. it just disconnects (i see connections in my logs, but no failed authentication or anything like it).
so now, i need a damn ssh client (free) for winbloze.
there's no good freeware in winbloze. and that's a shame. makes the os that much less usable.

The ssh addon for teraterm pro should be an executable and a dll.
You should use the addon's executable (tssh ?), not teraterm itself.
Here is web site that may help:
http://www.jfitz.com/tips/ssh_for_windows.html

I don't know if you wanted any help with openssh since you got ssh1 to work, but I'll give you it anyways...

I'm running openssh on 3 slack 7.0 boxes, and 2 slack 4.0 boxes.

Make sure you have the newest version of openssh, because i've had problems building on the slack 4.0 boxes. The most recent is openssh-1.2.1.pre24.

Before you think about installing openssh, you must first install zlib, then openssl. I won't go into any detail on compiling them, cause I'm pretty sure you already know how.

After you do that, you'll want to build and compile openssh.

Untar the files, and run ./configure ; make ; make install

I usually do a ./configure --prefix=/usr/local/openssh just so I know where they are.

Depending on where you installed it to, you will want to run /usr/local/openssh/sbin/sshd. It will complain about not having a key, so the next step is to build a key.

/usr/local/openssh/bin/ssh-keygen -b 1024 -f /usr/local/openssh/etc/ssh_host_key -N ''

Then run /usr/local/openssh/sbin/sshd again, and it should run without any problems.

Run telnet localhost 22 and it should say 'SSH-1.5-OpenSSH-1.2.1'

Also run ssh -V and it should say something like 'SSH Version OpenSSH-1.2.1, protocal version 1.5.

I hope this helps.

blah

Just to make a correction to one of the previous posts:
If sshd is compiled with TCP Wrappers support it will make use of hosts.allow, even if it is running standalone. More and more servers are offering tcp wrappers support for standalone (non-inetd-controlled) servers.
The default Debian openSSH configuration (which I am using) is one such example.

Cool, thanks for the correction Slimy. Good to know...

------------------
Klamath
Get my GnuPG key from:
http://klamath.dyndns.org/mykey.asc

Just installed OpenSSH, but it's not letting me get in with ssh1 quite yet.

I had installed the commercial ssh before. and it's working and lets me in with ssh2.

ssh -V tells me i'm using OpenSSH,
however telnet localhost 22
tells me SSH-2.0-2.3.0 SSH Secure Shell (non-commercial)

hrm....

:david: try using PuTTy for winbloze. It's a nice ssh client. See if it works for you. If it does, let me know http://www.linuxnewbie.org/ubb/smile.gif

I had the same problem with open ssh and I couldn't get and answer...
This thread helped alot but... why doesn't it work..?
frustrating...
I just gave up and use telnet...
I want to get it going...
does anyone know why the sshd won't authenticate...?