sshd Failing New Inbound Connections

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I managed to lock myself out of my firewall today.

I disabled inet6 resolution by removing it from the `family` option in 
resolve.conf(5). After a while I noticed I couldn't make new inbound
connections using either ipv4 or ipv6. My client kept reporting:

"kex_exchange_identification: Connection closed by remote host"

On the server I found the following errors in /var/log/authlog:

"fatal: bad addr or host: ::1 (no address associated with name)"

Totally my fault for changing resolv.conf without enough thought, but 
perhaps sshd could disable the listener in such cases.

Client Details:

MacOS 12.3
OpenSSH_8.6p1, LibreSSL 3.3.5


Server Details:

OpenBSD 7.0 GENERIC.MP#5 amd64
OpenSSH_8.8, LibreSSL 3.4.1

# cat sshd_config

AcceptEnv LC_CTYPE
AllowUsers <snip>
ClientAliveInterval 3
ClientAliveCountMax 30
ListenAddress ::1
ListenAddress 127.0.0.1
PasswordAuthentication no
PermitRootLogin forced-commands-only
TrustedUserCAKeys /etc/ssh/ca.pub

# relevant /etc/pf.conf

pass quick inet proto tcp from (em2:network) to { (em2) (egress) } \
port ssh divert-to lo0 port ssh

Cheers,

--Aaron
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux