Have the passwords on the source machine changed so that they might now be out of sync with the target? Ditto for ssh keys. John J. Boyer writes: > Janina, > > I never get a password prompt. The debug message just before the > permission denied message is "no more authentication methods to try." I > moved the .ssh file. The passwords on the target machine have not changed. > The source machine can access anothem Redhat machine on our LAN with ssh. > > Thanks, > John > > > On Fri, 8 Oct 2004, Janina Sajka wrote: > > > Hi, John: > > > > OK, I think there's some progress here. > > > > Can you please provide a little more information? At what point does the > > "permission denied" come up? Do you get a password prompt first? That's > > where I am most accustomed to seeing this error. > > > > Which raises this question, any chance the user passwords > > have changed? Or, perhaps the machine you're address you're coming from > > has had some kind of systems change? > > > > Try the following. In the target user home directory, do: > > > > mv .ssh .ssh-old > > > > to get all the old user specific ssh data out of the way. Now what > > happens? > > > > PS: Is this box on the net in a way that I can get to it? I don't need > > an account, it would just be useful to see how it fails. > > > > John J. Boyer writes: > > > Janina, > > > > > > Turning off iptables at least produced a change. Now it says "Permission > > > denied: PublicKey/interactive. The -v option prints out a lot of messages, > > > but nothing that seems particularly enlightening, excebpt that it is > > > definitely accessing the user directory on the target machine. > > > > > > Thanks, > > > John > > > > > > > > > On Fri, 8 Oct 2004, Janina Sajka wrote: > > > > > > > Yes, but you still haven't shown us anything that confirms whether (or > > > > not) sshd is actually running. > > > > > > > > I've suggested nmap (which is installed with a Fedora or Redhat > > > > "everything" install). Others have suggested more primitive strategies, > > > > such as looking for pidof sshd, or telnet [address] 22, which also > > > > works. > > > > > > > > Is there actually an sshd listening at that machine/s address, whatever > > > > it happens to be? > > > > > > > > PS: To get iptables out of the way (certainly an important thing when > > > > debugging) do: > > > > > > > > service iptables stop > > > > > > > > John J. Boyer writes: > > > > > John, > > > > > > > > > > I really think the problem may be with iptables. We've eliminated just > > > > > about everything else. H?owever, there is no ma pagel for netconfig, and > > > > > when I tried running it, I wasn't sure what to do. Really, all I need is > > > > > to let one IP address use ssh. There is a man mage for iptables, but it > > > > > looks so complicated that I wouldn't want to mess with it unless I knew > > > > > exactly what I was doing. > > > > > > > > > > Thanks, > > > > > John > > > > > > > > > > > > > > > On Fri, 8 Oct 2004, John Heim wrote: > > > > > > > > > > > At 11:22 AM 10/7/2004, Mike Gorse you wrote: > > > > > > >Also, are you sure that sshd is running on the machine (ie, pidof sshd > > > > > > >returns something)? If so, then try using ipchains or iptables to make > > > > > > >sure it isn't being firewalled. At one point we had a RH box at work on > > > > > > >which I was trying to enable ssh, but the person who installed rh had > > > > > > >selected an option for a firewall, so I wound up needing to edit a file in > > > > > > >/etc/sysconfig (the file did say that manually editing it was not > > > > > > >recommended, but it didn't say how I was supposed to edit it if not > > > > > > >manually) to tell it to accept connections on port 22 as it did for 23 and > > > > > > >others. > > > > > > > > > > > > > > > > > > You can run netconfig. It would allow you to allow ssh connections through > > > > > > your firewall. When you exit, it saves it's settings in > > > > > > /etc/sysconfig/iptables. That file is the one that says you shouldn't edit > > > > > > it manually. > > > > > > > > > > > > That netconfig program is pretty limited in what it can do. And the file > > > > > > it creates has the same format as iptables-save. So what you can do is > > > > > > issue iptables commands until you've got your firewall configured just the > > > > > > way you want it thand do this: > > > > > > > > > > > > $ iptables-save > /etc/sysconfig/iptables > > > > > > > > > > > > The next time you reboot, your firewall will be just like it was when you > > > > > > issued the above command. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > > > > > Blinux-list@xxxxxxxxxx > > > > > > https://www.redhat.com/mailman/listinfo/blinux-list > > > > > > > > > > > > > > > > -- > > > > > John J. Boyer; Executive Director, Chief Software Developer > > > > > Computers to Help People, Inc. > > > > > http://www.chpi.org > > > > > 825 East Johnson; Madison, WI 53703 > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > > > Blinux-list@xxxxxxxxxx > > > > > https://www.redhat.com/mailman/listinfo/blinux-list > > > > > > > > > > > > > > -- > > > John J. Boyer; Executive Director, Chief Software Developer > > > Computers to Help People, Inc. > > > http://www.chpi.org > > > 825 East Johnson; Madison, WI 53703 > > > > > > > > > _______________________________________________ > > > > > > Blinux-list@xxxxxxxxxx > > > https://www.redhat.com/mailman/listinfo/blinux-list > > > > > > -- > John J. Boyer; Executive Director, Chief Software Developer > Computers to Help People, Inc. > http://www.chpi.org > 825 East Johnson; Madison, WI 53703 > > > _______________________________________________ > > Blinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/blinux-list -- Janina Sajka, Chair Accessibility Workgroup Free Standards Group (FSG) janina@xxxxxxxxxxxxxxxxx Phone: +1 202.494.7040 _______________________________________________ Blinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/blinux-list