[FUGSPBR] Problemas no modulo SSH

Andre Luis Forigato andre.forigato em uol.com.br
Ter Jul 10 21:50:58 BRT 2001


Amigos,

Estou enfrentando um problema com o ssh. Estou enviando o conteudo dos
meus arquivos para analise.
Espero que estas informacoes ajude a desmendar este misterio.
Conto com a colaboracao de todos.

Att,
Andre Luis Forigato
Administrador de Sistemas

*******************
forigato1# uname -a
FreeBSD forigato1.uol.com.br 4.3-STABLE FreeBSD 4.3-STABLE #1: Thu Jul
5 02:54:18 GMT 2001
root em forigato1.uol.com.br:/usr/obj/usr/src/sys/GENERIC  i386
forigato1#

*******************
forigato1# id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty),
5(operator),
20(staff), 31(guest)


*******************
forigato1# ssh -v -P forigato em 192.168.100.200
SSH Version OpenSSH_2.3.0 green em FreeBSD.org 20010321, protocol versions
1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 0 geteuid 0 anon 1
debug: Connecting to (null) [192.168.100.200] port 22.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version
OpenSSH_2.3.0 green em FreeBSD.org 20010321
debug: match: OpenSSH_2.3.0 green em FreeBSD.org 20010321 pat
^OpenSSH[-_]2\.3

debug: Local version string SSH-1.5-OpenSSH_2.3.0 green em FreeBSD.org
20010321
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host '192.168.100.200' is known and matches the RSA host key.
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Doing password authentication.
forigato em 192.168.100.200's password:
debug: Requesting pty.
debug: Requesting X11 forwarding with authentication spoofing.
debug: Requesting shell.
Jul  8 01:55:10 forigato1 sshd[778]: no modules loaded for `sshd'
service
Jul  8 01:55:10 forigato1 sshd[778]: no modules loaded for `sshd'
service
debug: Entering interactive session.
Jul  8 01:55:10 forigato1 sshd[778]: fatal: PAM session setup failed[6]:
Permission denied
Jul  8 01:55:10 forigato1 sshd[778]: fatal: PAM session setup failed[6]:
Permission denied
Connection to 192.168.100.200 closed by remote host.
Connection to 192.168.100.200 closed.
Jul  8 01:55:10 forigato1 sshd[778]: no modules loaded for `sshd'
service
Jul  8 01:55:10 forigato1 sshd[778]: no modules loaded for `sshd'
service
debug: Transferred: stdin 0, stdout 0, stderr 93 bytes in 0.0 seconds
debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 2253.1
debug: Exit status -1
forigato1#


*******************
forigato1# cat /etc/ssh/ssh_config
# This is ssh client systemwide configuration file.  This file provides
# defaults for users, and the values can be changed in per-user
configuration
# files or on the command line.
#
# $FreeBSD: src/crypto/openssh/ssh_config,v 1.2.2.3 2000/10/28 23:00:50
kris Exp $

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for various options

 Host *
   ForwardAgent yes
   ForwardX11 yes
   RhostsAuthentication yes
   RhostsRSAAuthentication yes
   RSAAuthentication yes
   PasswordAuthentication yes
   FallBackToRsh no
   UseRsh no
   BatchMode no
   CheckHostIP yes
   StrictHostKeyChecking no
   IdentityFile ~/.ssh/identity
   Port 22
#   Protocol 2,1
#   Cipher blowfish
#   EscapeChar ~
forigato1#


*******************
forigato1# more /etc/sshd_config

# This is ssh server systemwide configuration file.
#
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.3 2000/10/28 23:00:51
kris Exp $

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
HostDsaKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 120
KeyRegenerationInterval 3600
PermitRootLogin yes
# Rate-limit sshd connections to 5 connections per 10 seconds
# ConnectionsPerPeriod 5/10
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
#SkeyAuthentication no

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

CheckMail yes
UseLogin no

# Uncomment if you want to enable sftp
#Subsystem      sftp    /usr/libexec/sftp-server
#MaxStartups 10:30:60
forigato1#


*******************
forigato1# more /etc/rc.conf
# This file now contains just the overrides from /etc/defaults/rc.conf
# please make all changes to this file.

# Enable network daemons for user convenience.
# -- sysinstall generated deltas -- #
network_interfaces="rl0 rl1 lo0"
ifconfig_rl0="inet 192.168.100.200 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.101.1 netmask 255.255.255.0"
defaultrouter="192.168.100.10"
hostname="forigato1.uol.com.br"
gateway_enable="YES"
firewall_enable="YES"
#firewall_type="UNKNOW"
firewall_type="client"
firewall_quiet="YES"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-l -f /etc/natd.conf"

# -- sysinstall generated deltas -- #
moused_flags=""
moused_type="auto"
moused_enable="YES"
# -- sysinstall generated deltas -- #
moused_enable="YES"
saver="daemon"
keyrate="fast"
keymap="br275.cp850"
named_enable="YES"
linux_enable="YES"
sshd_enable="YES"
nfs_client_enable="YES"
nfs_server_enable="YES"
weak_mountd_authentication="NO"
nfs_reserved_port_only="NO"
rpc_statd_enable="YES"
portmap_enable="YES"
portmap_flags=""

# -- sysinstall generated deltas -- #
sendmail_enable="NO"
sshd_enable="YES"
portmap_enable="YES"
inetd_enable="YES"
nfs_reserved_port_only="YES"
# -- sysinstall generated deltas -- #
sendmail_enable="YES"
sshd_enable="YES"
portmap_enable="YES"
inetd_enable="YES"


*******************





#
# GENERIC -- Generic kernel configuration file for FreeBSD/i386
#
# For more information on this file, please read the handbook section on
# Kernel Configuration Files:
#
#    http://www.FreeBSD.org/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ./LINT configuration file. If you
are
# in doubt as to the purpose or necessity of a line, check first in
LINT.
#
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.20 2000/10/31 23:16:07
n_hibma Exp $

machine         i386
cpu             I386_CPU
cpu             I486_CPU
cpu             I586_CPU
cpu             I686_CPU
ident           GENERIC
maxusers        32

#makeoptions    DEBUG=-g                #Build kernel with gdb(1) debug
symbols

options         MATH_EMULATE            #Support for x87 emulation
options         INET                    #InterNETworking
options         INET6                   #IPv6 communications protocols
options         FFS                     #Berkeley Fast Filesystem
options         FFS_ROOT                #FFS usable as root device [keep
this!]
options         SOFTUPDATES             #Enable FFS soft updates support
options         MFS                     #Memory Filesystem
options         MD_ROOT                 #MD is a potential root device
options         NFS                     #Network Filesystem
options         NFS_ROOT                #NFS usable as root device, NFS
required
options         MSDOSFS                 #MSDOS Filesystem
options         EXT2FS                  # Kernel para o LINUX
options         CD9660                  #ISO 9660 Filesystem
options         CD9660_ROOT             #CD-ROM usable as root, CD9660
required
options         PROCFS                  #Process filesystem
options         COMPAT_43               #Compatible with BSD 4.3 [KEEP
THIS!]
options         SCSI_DELAY=15000        #Delay (in ms) before probing
SCSI
options         UCONSOLE                #Allow users to grab the console
options         USERCONFIG              #boot -c editor
options         VISUAL_USERCONFIG       #visual boot -c editor
options         KTRACE                  #ktrace(1) support
options         SYSVSHM                 #SYSV-style shared memory
options         SYSVMSG                 #SYSV-style message queues
options         SYSVSEM                 #SYSV-style semaphores
options         P1003_1B                #Posix P1003_1B real-time
extensions
options         _KPOSIX_PRIORITY_SCHEDULING
options         ICMP_BANDLIM            #Rate limit bad replies
options         KBD_INSTALL_CDEV        # install a CDEV entry in /dev

# To make an SMP kernel, the next two are needed
#options        SMP                     # Symmetric MultiProcessor
Kernel
#options        APIC_IO                 # Symmetric (APIC) I/O

device          isa
device          eisa
device          pci

# Floppy drives
device          fdc0    at isa? port IO_FD1 irq 6 drq 2
device          fd0     at fdc0 drive 0
device          fd1     at fdc0 drive 1

# ATA and ATAPI devices
device          ata0    at isa? port IO_WD1 irq 14
device          ata1    at isa? port IO_WD2 irq 15
device          ata
device          atadisk                 # ATA disk drives
device          atapicd                 # ATAPI CDROM drives
device          atapifd                 # ATAPI floppy drives
device          atapist                 # ATAPI tape drives
options         ATA_STATIC_ID           #Static device numbering
#options        ATA_ENABLE_ATAPI_DMA    #Enable DMA on ATAPI devices

# SCSI Controllers
device          ahb             # EISA AHA1742 family
device          ahc             # AHA2940 and onboard AIC7xxx devices
device          amd             # AMD 53C974 (Teckram DC-390(T))
device          isp             # Qlogic family
device          ncr             # NCR/Symbios Logic
device          sym             # NCR/Symbios Logic (newer chipsets)
options         SYM_SETUP_LP_PROBE_MAP=0x40
                                # Allow ncr to attach legacy NCR devices
when 
                                # both sym and ncr are configured

device          adv0    at isa?
device          adw
device          bt0     at isa?
device          aha0    at isa?
device          aic0    at isa?

device          ncv             # NCR 53C500
device          nsp             # Workbit Ninja SCSI-3
device          stg             # TMC 18C30/18C50

# SCSI peripherals
device          scbus           # SCSI bus (required)
device          da              # Direct Access (disks)
device          sa              # Sequential Access (tape etc)
device          cd              # CD
device          pass            # Passthrough device (direct SCSI
access)

# RAID controllers interfaced to the SCSI subsystem
device          asr             # DPT SmartRAID V, VI and Adaptec SCSI
RAID
device          dpt             # DPT Smartcache - See LINT for options!
device          mly             # Mylex AcceleRAID/eXtremeRAID

# RAID controllers
device          ida             # Compaq Smart RAID
device          amr             # AMI MegaRAID
device          mlx             # Mylex DAC960 family
device          twe             # 3ware Escalade

# atkbdc0 controls both the keyboard and the PS/2 mouse
device          atkbdc0 at isa? port IO_KBD
device          atkbd0  at atkbdc? irq 1 flags 0x1
device          psm0    at atkbdc? irq 12

device          vga0    at isa?

# splash screen/screen saver
pseudo-device   splash

# syscons is the default console driver, resembling an SCO console
device          sc0     at isa? flags 0x100

# Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver
#device         vt0     at isa?
#options        XSERVER                 # support for X server on a vt
console
#options        FAT_CURSOR              # start with block cursor
# If you have a ThinkPAD, uncomment this along with the rest of the PCVT
lines
#options        PCVT_SCANSET=2          # IBM keyboards are non-std

# Floating point support - do not disable.
device          npx0    at nexus? port IO_NPX irq 13

# Power management support (see LINT for more options)
device          apm0    at nexus? disable flags 0x20 # Advanced Power
Management

# PCCARD (PCMCIA) support
device          card
device          pcic0   at isa? irq 0 port 0x3e0 iomem 0xd0000
device          pcic1   at isa? irq 0 port 0x3e2 iomem 0xd4000 disable

# Serial (COM) ports
device          sio0    at isa? port IO_COM1 flags 0x10 irq 4
device          sio1    at isa? port IO_COM2 irq 3
device          sio2    at isa? disable port IO_COM3 irq 5
device          sio3    at isa? disable port IO_COM4 irq 9

# Parallel port
device          ppc0    at isa? irq 7
device          ppbus           # Parallel port bus (required)
device          lpt             # Printer
device          plip            # TCP/IP over parallel
device          ppi             # Parallel port interface device
#device         vpo             # Requires scbus and da


# PCI Ethernet NICs.
device          de              # DEC/Intel DC21x4x (``Tulip'')
device          fxp             # Intel EtherExpress PRO/100B (82557,
82558)
device          tx              # SMC 9432TX (83c170 ``EPIC'')
device          vx              # 3Com 3c590, 3c595 (``Vortex'')
device          wx              # Intel Gigabit Ethernet Card
(``Wiseman'')

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these
NICs!
device          miibus          # MII bus support
device          dc              # DEC/Intel 21143 and various workalikes
device          pcn             # AMD Am79C79x PCI 10/100 NICs
device          rl              # RealTek 8129/8139
device          sf              # Adaptec AIC-6915 (``Starfire'')
device          sis             # Silicon Integrated Systems SiS 900/SiS
7016
device          ste             # Sundance ST201 (D-Link DFE-550TX)
device          tl              # Texas Instruments ThunderLAN
device          vr              # VIA Rhine, Rhine II
device          wb              # Winbond W89C840F
device          xl              # 3Com 3c90x (``Boomerang'',
``Cyclone'')

# ISA Ethernet NICs.
device          ed0     at isa? port 0x280 irq 10 iomem 0xd8000
device          ex
device          ep
device          fe0     at isa? port 0x300
# WaveLAN/IEEE 802.11 wireless NICs. Note: the WaveLAN/IEEE really
# exists only as a PCMCIA device, so there is no ISA attatement needed
# and resources will always be dynamically assigned by the pccard code.
device          wi
# Aironet 4500/4800 802.11 wireless NICs. Note: the declaration below
will
# work for PCMCIA and PCI cards, as well as ISA cards set to ISA PnP
# mode (the factory default). If you set the switches on your ISA
# card for a manually chosen I/O address and IRQ, you must specify
# those paremeters here.
device          an
# Xircom Ethernet
device          xe
# The probe order of these is presently determined by
i386/isa/isa_compat.c.
device          ie0     at isa? port 0x300 irq 10 iomem 0xd0000
#device         le0     at isa? port 0x300 irq 5 iomem 0xd0000
device          lnc0    at isa? port 0x280 irq 10 drq 0
device          cs0     at isa? port 0x300
device          sn0     at isa? port 0x300 irq 10

# Pseudo devices - the number indicates how many units to allocated.
pseudo-device   loop            # Network loopback
pseudo-device   ether           # Ethernet support
pseudo-device   sl      1       # Kernel SLIP
pseudo-device   ppp     1       # Kernel PPP
pseudo-device   tun             # Packet tunnel.
pseudo-device   pty             # Pseudo-ttys (telnet etc)
pseudo-device   md              # Memory "disks"
pseudo-device   gif     4       # IPv6 and IPv4 tunneling
pseudo-device   faith   1       # IPv6-to-IPv4 relaying (translation)

# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device   bpf             #Berkeley packet filter

# USB support
device          uhci            # UHCI PCI->USB interface
device          ohci            # OHCI PCI->USB interface
device          usb             # USB Bus (required)
device          ugen            # Generic
device          uhid            # "Human Interface Devices"
device          ukbd            # Keyboard
device          ulpt            # Printer
device          umass           # Disks/Mass storage - Requires scbus
and da
device          ums             # Mouse
device          uscanner        # Scanners
# USB Ethernet, requires mii
device          aue             # ADMtek USB ethernet
device          cue             # CATC USB ethernet
device          kue             # Kawasaki LSI USB ethernet

# Acrescento o som
device pcm

# As linhas abaixo foram adcionadas pelo Mauricio

# NATD -- FreeBSD/i386
# FreeBSD 4.2
# 
# $FreeBSD: src/sys/i386/conf/NATD,v 1.0 2000/01/21 13:16:07 dennix Exp
$
options         INCLUDE_CONFIG_FILE
options         IPFIREWALL              #firewall
options         IPDIVERT
options         IPFIREWALL_FORWARD      #enable transparent proxy
support
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by
default
options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
#options         TCP_RESTRICT_RST        #restrict emission of TCP RST
#options         IPFIREWALL_VERBOSE     #print information about
#options         IPFIREWALL_VERBOSE_LIMIT=100   #limit verbosity
----
Para sair da lista envie um e-mail para majordomo em fugspbr.org
com as palavras "unsubscribe fugspbr" no corpo da mensagem.



Mais detalhes sobre a lista de discussão freebsd