OS: FreeBSD 4.11-STABLE #3: Fri Jan 14 23:53:07 CST 2005 I ssh my host by using putty or any ssh client in WindowsXP, and I can't login lately. (But telnet and other services are ok.) my test: (use cmd.exe) ########################################### C:\>telnet 192.168.0.1 22 SSH-1.99-OpenSSH_3.5p1 FreeBSD-20030924 Protocol mismatch. ########################################### What's going on my sshd ? Thanks for answer. :) --- CryBaby <mailinglist@ms94.url.com.tw>
> OS: FreeBSD 4.11-STABLE #3: Fri Jan 14 23:53:07 CST 2005Firewall: ipfilter + ipfw NAT: ipnat ### % less /etc/ipnat.conf ### map vr0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto map vr0 192.168.0.0/24 -> 0/32 ### /etc/ipf.conf ### (vr0: outer interface, rl0: inner interface) block in log quick all with short block in log quick all with ipopts pass in on rl0 all pass out on rl0 all pass in on lo0 all pass out on lo0 all pass in log on vr0 all pass out log on vr0 all pass out log on vr0 proto icmp all keep state pass out log on vr0 proto tcp/udp from any to any keep state pass in quick on vr0 proto tcp from any to any port = ftp-data keep state pass in quick on vr0 proto tcp from any port = ftp-data to any port > 1023 keep state --- CryBaby <mailinglist@ms94.url.com.tw>
On 15/01/2005 21:05 CryBaby wrote:> OS: FreeBSD 4.11-STABLE #3: Fri Jan 14 23:53:07 CST 2005 > > I ssh my host by using putty or any ssh client in WindowsXP, and I can't login > lately. (But telnet and other services are ok.) > > my test: (use cmd.exe) > ########################################### > C:\>telnet 192.168.0.1 22 > SSH-1.99-OpenSSH_3.5p1 FreeBSD-20030924 > > Protocol mismatch. > ###########################################You are using a tool (telnet) that doesn't know a thing about the SSH protocol, so the server answers correctly stating that there is a "Protocol mismatch". The only thing you can say with your test is that the SSH server is alive. To troubleshoot your problem, try connecting first from localhost using "-vv" with the OpenSSH client. then try from a remote machine. Watch for error messages in your system logs. -- Saad Kadhi "He who relieves the poor makes Ahura king"
On Sun, 2005-Jan-16 04:05:11 +0800, CryBaby wrote:>OS: FreeBSD 4.11-STABLE #3: Fri Jan 14 23:53:07 CST 2005 > >I ssh my host by using putty or any ssh client in WindowsXP, and I can't login >lately. (But telnet and other services are ok.)What has changed (both on FreeBSD and WinXP) since it last worked? Have you tried running sshd in a debug mode and looking at what it reports? eg "sshd -d -p 8022" and then ssh to port 8022. Use up to 3 d's for more detail. I'm not sure if PuTTY has anything equivalent to 'ssh -v' but if so, have you tried looking at what it reports? -- Peter Jeremy
PS: 
[root]/# ident /usr/lib/pam_ssh.so
/usr/lib/pam_ssh.so:
     $FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.28.2.4 2002/07/12
09:24:56 des Exp $
---
CryBaby <mailinglist@ms94.url.com.tw>
I think I used a wrong subject. The subject should be "sshd PAM: initialisation failed". The protocol mismatch should mean that I use the wrong protocol - telnet. : ( --- CryBaby <mailinglist@ms94.url.com.tw>
On Sun, Jan 16, 2005 at 04:05:11AM +0800 I heard the voice of CryBaby, and lo! it spake thus:> OS: FreeBSD 4.11-STABLE #3: Fri Jan 14 23:53:07 CST 2005 > > I ssh my host by using putty or any ssh client in WindowsXP, and I > can't login lately. (But telnet and other services are ok.)Check that the version 1 protocol and/or PasswordAuthentication are enabled. I had to do one or both of those to let Putty work with sshd a while back; can't remember which it was. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet"
I already fixed it.
% less /var/log/auth.log
Jan 18 01:57:55 jazzcafe login: _pam_init_handlers: no default config
/etc/pam.d/other
Jan 18 01:57:55 jazzcafe login: error reading PAM configuration file
% man pam
    ...
    files  located  in  the  /etc/pam.d/  directory.   The presence of this
directory
    will cause PAM to ignore /etc/pam.conf.
    ...
% rmdir /etc/pam.d
% END
---
CryBaby <mailinglist@ms94.url.com.tw>