[FUGSPBR] Problemas no modulo SSH
Andre Luis Forigato
andre.forigato em uol.com.br
Ter Jul 10 21:50:58 BRT 2001
Amigos,
Estou enfrentando um problema com o ssh. Estou enviando o conteudo dos
meus arquivos para analise.
Espero que estas informacoes ajude a desmendar este misterio.
Conto com a colaboracao de todos.
Att,
Andre Luis Forigato
Administrador de Sistemas
*******************
forigato1# uname -a
FreeBSD forigato1.uol.com.br 4.3-STABLE FreeBSD 4.3-STABLE #1: Thu Jul
5 02:54:18 GMT 2001
root em forigato1.uol.com.br:/usr/obj/usr/src/sys/GENERIC i386
forigato1#
*******************
forigato1# id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty),
5(operator),
20(staff), 31(guest)
*******************
forigato1# ssh -v -P forigato em 192.168.100.200
SSH Version OpenSSH_2.3.0 green em FreeBSD.org 20010321, protocol versions
1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 0 geteuid 0 anon 1
debug: Connecting to (null) [192.168.100.200] port 22.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version
OpenSSH_2.3.0 green em FreeBSD.org 20010321
debug: match: OpenSSH_2.3.0 green em FreeBSD.org 20010321 pat
^OpenSSH[-_]2\.3
debug: Local version string SSH-1.5-OpenSSH_2.3.0 green em FreeBSD.org
20010321
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host '192.168.100.200' is known and matches the RSA host key.
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Doing password authentication.
forigato em 192.168.100.200's password:
debug: Requesting pty.
debug: Requesting X11 forwarding with authentication spoofing.
debug: Requesting shell.
Jul 8 01:55:10 forigato1 sshd[778]: no modules loaded for `sshd'
service
Jul 8 01:55:10 forigato1 sshd[778]: no modules loaded for `sshd'
service
debug: Entering interactive session.
Jul 8 01:55:10 forigato1 sshd[778]: fatal: PAM session setup failed[6]:
Permission denied
Jul 8 01:55:10 forigato1 sshd[778]: fatal: PAM session setup failed[6]:
Permission denied
Connection to 192.168.100.200 closed by remote host.
Connection to 192.168.100.200 closed.
Jul 8 01:55:10 forigato1 sshd[778]: no modules loaded for `sshd'
service
Jul 8 01:55:10 forigato1 sshd[778]: no modules loaded for `sshd'
service
debug: Transferred: stdin 0, stdout 0, stderr 93 bytes in 0.0 seconds
debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 2253.1
debug: Exit status -1
forigato1#
*******************
forigato1# cat /etc/ssh/ssh_config
# This is ssh client systemwide configuration file. This file provides
# defaults for users, and the values can be changed in per-user
configuration
# files or on the command line.
#
# $FreeBSD: src/crypto/openssh/ssh_config,v 1.2.2.3 2000/10/28 23:00:50
kris Exp $
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
Host *
ForwardAgent yes
ForwardX11 yes
RhostsAuthentication yes
RhostsRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication yes
FallBackToRsh no
UseRsh no
BatchMode no
CheckHostIP yes
StrictHostKeyChecking no
IdentityFile ~/.ssh/identity
Port 22
# Protocol 2,1
# Cipher blowfish
# EscapeChar ~
forigato1#
*******************
forigato1# more /etc/sshd_config
# This is ssh server systemwide configuration file.
#
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.3 2000/10/28 23:00:51
kris Exp $
Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
HostDsaKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 120
KeyRegenerationInterval 3600
PermitRootLogin yes
# Rate-limit sshd connections to 5 connections per 10 seconds
# ConnectionsPerPeriod 5/10
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging
RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
#SkeyAuthentication no
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
CheckMail yes
UseLogin no
# Uncomment if you want to enable sftp
#Subsystem sftp /usr/libexec/sftp-server
#MaxStartups 10:30:60
forigato1#
*******************
forigato1# more /etc/rc.conf
# This file now contains just the overrides from /etc/defaults/rc.conf
# please make all changes to this file.
# Enable network daemons for user convenience.
# -- sysinstall generated deltas -- #
network_interfaces="rl0 rl1 lo0"
ifconfig_rl0="inet 192.168.100.200 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.101.1 netmask 255.255.255.0"
defaultrouter="192.168.100.10"
hostname="forigato1.uol.com.br"
gateway_enable="YES"
firewall_enable="YES"
#firewall_type="UNKNOW"
firewall_type="client"
firewall_quiet="YES"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-l -f /etc/natd.conf"
# -- sysinstall generated deltas -- #
moused_flags=""
moused_type="auto"
moused_enable="YES"
# -- sysinstall generated deltas -- #
moused_enable="YES"
saver="daemon"
keyrate="fast"
keymap="br275.cp850"
named_enable="YES"
linux_enable="YES"
sshd_enable="YES"
nfs_client_enable="YES"
nfs_server_enable="YES"
weak_mountd_authentication="NO"
nfs_reserved_port_only="NO"
rpc_statd_enable="YES"
portmap_enable="YES"
portmap_flags=""
# -- sysinstall generated deltas -- #
sendmail_enable="NO"
sshd_enable="YES"
portmap_enable="YES"
inetd_enable="YES"
nfs_reserved_port_only="YES"
# -- sysinstall generated deltas -- #
sendmail_enable="YES"
sshd_enable="YES"
portmap_enable="YES"
inetd_enable="YES"
*******************
#
# GENERIC -- Generic kernel configuration file for FreeBSD/i386
#
# For more information on this file, please read the handbook section on
# Kernel Configuration Files:
#
# http://www.FreeBSD.org/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ./LINT configuration file. If you
are
# in doubt as to the purpose or necessity of a line, check first in
LINT.
#
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.20 2000/10/31 23:16:07
n_hibma Exp $
machine i386
cpu I386_CPU
cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident GENERIC
maxusers 32
#makeoptions DEBUG=-g #Build kernel with gdb(1) debug
symbols
options MATH_EMULATE #Support for x87 emulation
options INET #InterNETworking
options INET6 #IPv6 communications protocols
options FFS #Berkeley Fast Filesystem
options FFS_ROOT #FFS usable as root device [keep
this!]
options SOFTUPDATES #Enable FFS soft updates support
options MFS #Memory Filesystem
options MD_ROOT #MD is a potential root device
options NFS #Network Filesystem
options NFS_ROOT #NFS usable as root device, NFS
required
options MSDOSFS #MSDOS Filesystem
options EXT2FS # Kernel para o LINUX
options CD9660 #ISO 9660 Filesystem
options CD9660_ROOT #CD-ROM usable as root, CD9660
required
options PROCFS #Process filesystem
options COMPAT_43 #Compatible with BSD 4.3 [KEEP
THIS!]
options SCSI_DELAY=15000 #Delay (in ms) before probing
SCSI
options UCONSOLE #Allow users to grab the console
options USERCONFIG #boot -c editor
options VISUAL_USERCONFIG #visual boot -c editor
options KTRACE #ktrace(1) support
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options P1003_1B #Posix P1003_1B real-time
extensions
options _KPOSIX_PRIORITY_SCHEDULING
options ICMP_BANDLIM #Rate limit bad replies
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
# To make an SMP kernel, the next two are needed
#options SMP # Symmetric MultiProcessor
Kernel
#options APIC_IO # Symmetric (APIC) I/O
device isa
device eisa
device pci
# Floppy drives
device fdc0 at isa? port IO_FD1 irq 6 drq 2
device fd0 at fdc0 drive 0
device fd1 at fdc0 drive 1
# ATA and ATAPI devices
device ata0 at isa? port IO_WD1 irq 14
device ata1 at isa? port IO_WD2 irq 15
device ata
device atadisk # ATA disk drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID #Static device numbering
#options ATA_ENABLE_ATAPI_DMA #Enable DMA on ATAPI devices
# SCSI Controllers
device ahb # EISA AHA1742 family
device ahc # AHA2940 and onboard AIC7xxx devices
device amd # AMD 53C974 (Teckram DC-390(T))
device isp # Qlogic family
device ncr # NCR/Symbios Logic
device sym # NCR/Symbios Logic (newer chipsets)
options SYM_SETUP_LP_PROBE_MAP=0x40
# Allow ncr to attach legacy NCR devices
when
# both sym and ncr are configured
device adv0 at isa?
device adw
device bt0 at isa?
device aha0 at isa?
device aic0 at isa?
device ncv # NCR 53C500
device nsp # Workbit Ninja SCSI-3
device stg # TMC 18C30/18C50
# SCSI peripherals
device scbus # SCSI bus (required)
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI
access)
# RAID controllers interfaced to the SCSI subsystem
device asr # DPT SmartRAID V, VI and Adaptec SCSI
RAID
device dpt # DPT Smartcache - See LINT for options!
device mly # Mylex AcceleRAID/eXtremeRAID
# RAID controllers
device ida # Compaq Smart RAID
device amr # AMI MegaRAID
device mlx # Mylex DAC960 family
device twe # 3ware Escalade
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc0 at isa? port IO_KBD
device atkbd0 at atkbdc? irq 1 flags 0x1
device psm0 at atkbdc? irq 12
device vga0 at isa?
# splash screen/screen saver
pseudo-device splash
# syscons is the default console driver, resembling an SCO console
device sc0 at isa? flags 0x100
# Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver
#device vt0 at isa?
#options XSERVER # support for X server on a vt
console
#options FAT_CURSOR # start with block cursor
# If you have a ThinkPAD, uncomment this along with the rest of the PCVT
lines
#options PCVT_SCANSET=2 # IBM keyboards are non-std
# Floating point support - do not disable.
device npx0 at nexus? port IO_NPX irq 13
# Power management support (see LINT for more options)
device apm0 at nexus? disable flags 0x20 # Advanced Power
Management
# PCCARD (PCMCIA) support
device card
device pcic0 at isa? irq 0 port 0x3e0 iomem 0xd0000
device pcic1 at isa? irq 0 port 0x3e2 iomem 0xd4000 disable
# Serial (COM) ports
device sio0 at isa? port IO_COM1 flags 0x10 irq 4
device sio1 at isa? port IO_COM2 irq 3
device sio2 at isa? disable port IO_COM3 irq 5
device sio3 at isa? disable port IO_COM4 irq 9
# Parallel port
device ppc0 at isa? irq 7
device ppbus # Parallel port bus (required)
device lpt # Printer
device plip # TCP/IP over parallel
device ppi # Parallel port interface device
#device vpo # Requires scbus and da
# PCI Ethernet NICs.
device de # DEC/Intel DC21x4x (``Tulip'')
device fxp # Intel EtherExpress PRO/100B (82557,
82558)
device tx # SMC 9432TX (83c170 ``EPIC'')
device vx # 3Com 3c590, 3c595 (``Vortex'')
device wx # Intel Gigabit Ethernet Card
(``Wiseman'')
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these
NICs!
device miibus # MII bus support
device dc # DEC/Intel 21143 and various workalikes
device pcn # AMD Am79C79x PCI 10/100 NICs
device rl # RealTek 8129/8139
device sf # Adaptec AIC-6915 (``Starfire'')
device sis # Silicon Integrated Systems SiS 900/SiS
7016
device ste # Sundance ST201 (D-Link DFE-550TX)
device tl # Texas Instruments ThunderLAN
device vr # VIA Rhine, Rhine II
device wb # Winbond W89C840F
device xl # 3Com 3c90x (``Boomerang'',
``Cyclone'')
# ISA Ethernet NICs.
device ed0 at isa? port 0x280 irq 10 iomem 0xd8000
device ex
device ep
device fe0 at isa? port 0x300
# WaveLAN/IEEE 802.11 wireless NICs. Note: the WaveLAN/IEEE really
# exists only as a PCMCIA device, so there is no ISA attatement needed
# and resources will always be dynamically assigned by the pccard code.
device wi
# Aironet 4500/4800 802.11 wireless NICs. Note: the declaration below
will
# work for PCMCIA and PCI cards, as well as ISA cards set to ISA PnP
# mode (the factory default). If you set the switches on your ISA
# card for a manually chosen I/O address and IRQ, you must specify
# those paremeters here.
device an
# Xircom Ethernet
device xe
# The probe order of these is presently determined by
i386/isa/isa_compat.c.
device ie0 at isa? port 0x300 irq 10 iomem 0xd0000
#device le0 at isa? port 0x300 irq 5 iomem 0xd0000
device lnc0 at isa? port 0x280 irq 10 drq 0
device cs0 at isa? port 0x300
device sn0 at isa? port 0x300 irq 10
# Pseudo devices - the number indicates how many units to allocated.
pseudo-device loop # Network loopback
pseudo-device ether # Ethernet support
pseudo-device sl 1 # Kernel SLIP
pseudo-device ppp 1 # Kernel PPP
pseudo-device tun # Packet tunnel.
pseudo-device pty # Pseudo-ttys (telnet etc)
pseudo-device md # Memory "disks"
pseudo-device gif 4 # IPv6 and IPv4 tunneling
pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation)
# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device bpf #Berkeley packet filter
# USB support
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device usb # USB Bus (required)
device ugen # Generic
device uhid # "Human Interface Devices"
device ukbd # Keyboard
device ulpt # Printer
device umass # Disks/Mass storage - Requires scbus
and da
device ums # Mouse
device uscanner # Scanners
# USB Ethernet, requires mii
device aue # ADMtek USB ethernet
device cue # CATC USB ethernet
device kue # Kawasaki LSI USB ethernet
# Acrescento o som
device pcm
# As linhas abaixo foram adcionadas pelo Mauricio
# NATD -- FreeBSD/i386
# FreeBSD 4.2
#
# $FreeBSD: src/sys/i386/conf/NATD,v 1.0 2000/01/21 13:16:07 dennix Exp
$
options INCLUDE_CONFIG_FILE
options IPFIREWALL #firewall
options IPDIVERT
options IPFIREWALL_FORWARD #enable transparent proxy
support
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by
default
options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
#options TCP_RESTRICT_RST #restrict emission of TCP RST
#options IPFIREWALL_VERBOSE #print information about
#options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
----
Para sair da lista envie um e-mail para majordomo em fugspbr.org
com as palavras "unsubscribe fugspbr" no corpo da mensagem.
Mais detalhes sobre a lista de discussão freebsd