Topic: Unable to use putty for access

[loejf]

http://sourceforge.net/project/downloading.php?group_id=103886&filename=setupssh381-20040709.zip&a=76605850

[cactus]

Hi.
I have had some of the same problems with Putty.
And it seems, that Putty is not able to handle OpenSSH keys to the SME server.
So instead of using Putty, we use the OpenSSH package for windows with cygwin, and that works.
Loejf.

Correct, and that is why the wiki article, which all started this, tells you to convert your OpenSSH key to be used with PuTTy: http://wiki.contribs.org/SSH_Public-Private_Keys#Converting_the_OpenSSH_Private_Key_to_work_with_PuTTY

[beast]

OK - for the mean time I have been using the keyboard directly connected to the server so this thread was not acted upon until now.

Now I really need to get this up and running - I have read everything in this thread carefully again (somebody will properly tell me in the next couple of post that it was not good enough).

I need to get back to default behavior (SSH/Certificate etc.)

I have tried

Code: [Select]

rm /home/e-smith/ssl.crt/servername.domain.com.crt
rm /home/e-smith/ssl.key/servername.domain.com.key
rm /home/e-smith/ssl.pem/servername.domain.com.pem
signal-event post-upgrade
signal-event reboot
With no luck! I have tried to connect from an Ubuntu box

Code: [Select]

benny@benny-desktop:~$ ssh admin@192.168.1.11 -v
OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.11 [192.168.1.11] port 22.
debug1: Connection established.
debug1: identity file /home/benny/.ssh/identity type -1
debug1: identity file /home/benny/.ssh/id_rsa type -1
debug1: identity file /home/benny/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
But it do seam as if the server just reject all identity types!

Any help is really appreciated 

Thank you!

[beast]

It must be related to the daily cron job that seam to make an error - E.g.

Code: [Select]

/etc/cron.daily/conf-mod_ssl:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:State or Province Name (full name) [Berkshire]:Locality Name (eg, city) [Newbury]:Organization Name (eg, company) [My Company Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []:Email Address []:
What this script does is to exec expand-template /home/e-smith/ssl.pem/pem

when I try to execute "sh conf-mod_ssl" it shows the same text and return me right to the prompt. When I write "expand-template /home/e-smith/ssl.pem/pem" directly at the command line is terminate the current session or start another - I am back to the login screen again!

This may help in debugging the situation!

[CharlieBrady]

I have tried

Code: [Select]

rm /home/e-smith/ssl.crt/servername.domain.com.crt
rm /home/e-smith/ssl.key/servername.domain.com.key
rm /home/e-smith/ssl.pem/servername.domain.com.pem
signal-event post-upgrade
signal-event reboot
With no luck!

Those certificates have absolutely nothing to do with SSH. Those are SSL certiificates, used for https, imaps and smtps access.

It is unsurprising that your actions here haven't helped with ssh access.

[beast]

Those certificates have absolutely nothing to do with SSH. Those are SSL certiificates, used for https, imaps and smtps access.

It is unsurprising that your actions here haven't helped with ssh access.

Yes I know - but I am beginning to try almost anything 

[beast]

When I try to make a SSH connection from another computer I get this in the log:

Aug  2 21:02:04 beastserver sshd: refused connect from benny.beast.dk (192.168.1.200)

but there is nothing in /var/log/sshd/current ???

[Stefano]

is your SME's lan address 192.168.1.X?

Stefano

[beast]

is your SME's lan address 192.168.1.X?

Yes the server is 192.168.1.11 and the client is 192.168.1.200

[beast]

This is really strange!

Some times I am able to access the server with putty and sometimes not (many days between the shifts).

This really makes me wonder what is the cause of this ?????

I can not see that I do anything that may trigger the shift!

It is just a private server with no big activity but I also have company servers that have SME server installed and because of this I like to find out about this!

In hope for a solution?

[beast]

Think I have found out why I get this random access with Putty !!

It is because the contrib "SSH denyhosts" is blocking my computer that are on the internal network?????

How is this possible? Has it something to do with the SSH Public-Private Keys that I did not finish?

Regards
Benny

[janet]

beast

> It is because the contrib "SSH denyhosts" is blocking my computer that are on the internal network?????

According to the Wiki article:
Denyhosts bans hosts which failed too many login attempts to your ssh deamon.
It contains also a panel in the server manager to see who is blocked, add some allowed hosts not to block and enable or disable the service.

I suggest you totally remove that contrib (and any configuration).

[Stefano]

I suggest you totally remove that contrib (and any configuration).

or, at least, to read the wiki and the infos in the panel

[beast]

The funny thing is that I have not have made error attemps to log in. Eg. do not supply the wrong password and still I end up on the blocked list - this make me wonder ??? Hacker or.....

I have other servers where this problem do not occur!

Now I have stated that my IP shall never be blocked.

Would be nice if the contrib made a more descriptive message in the log

Regards
Benny

[Stefano]

Would be nice if the contrib made a more descriptive message in the log

if this contrib is in smecontribs repo then open a nfr in bugzilla, otherwise send a mail to the rpm's mantainer