From fedora-list Tue Apr 21 15:51:52 2009 From: Dave Feustel Date: Tue, 21 Apr 2009 15:51:52 +0000 To: fedora-list Subject: Re: Fedora 9 and Suse 11.0 ssh do not work together Message-Id: <200904211551.n3LFpqZP019996 () mx1 ! redhat ! com> X-MARC-Message: https://marc.info/?l=fedora-list&m=124032914316460 On Tue, Apr 21, 2009 at 11:28:43AM -0400, Todd Denniston wrote: > Dave Feustel wrote, On 04/20/2009 06:32 PM: >> I am running 32-bit fedora 9 and 64-bit Suse 11.0 and 64-bit OpenBSD 4.4 >> on a local net. Ssh does not work between F9 and Suse 11.0. Ssh >> from f9 to Suse times out. An ssh connection from Suse to F9 is refused >> by F9. Ssh from F9 to OpenBSD works. Ssh from OpenBSD to Suse times out >> at login. SSh from OpenBSD to F9 is denied (publickey,gssapi-with-mic). >> >> I was surprised that these 3 system do not talk to each other with their >> default config files. Is there a common set of config files with which >> all ssh connections work? >> >> Thanks. >> > > Is there a firewall installed on the SUSE machine? Yes there is, but I did not initially understand that to be the case. > Is the firewall setup to pass SSH? It is now via Yast. > Are you sure you get "(publickey,gssapi-with-mic)" when going from BSD to F9? > Because this message would indicate that you are not using the "default > config file" on F9, it would also indicate that the F9 firewall is not > blocking incoming SSH connections, but you should be getting the same > message when going from SUSE to F9. One of the puzzles (which I still do not fully understand) is that ssh outgoing connections to OpenBSD worked but ssh connections in the reverse direction did not work. > > BTW (publickey,gssapi-with-mic) means that the sshd on the machine being > connected TO has been configured to only allow connections authenticated > with one of publickey or gssapi-with-mic methods. > > Also by default Fedora, and probably other distros, usually setup their > firewalls to block connections to all privileged ports and allow the > administrator to pick which ports they want to have open, so the install > is more secure from the start. Yes. I came from OpenBSD and am a complete Linux newbie, so I had an incorrect understanding of the Linux firewall setup and didn't realize it. That was a biggie. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines