[svlug] deny ssh

step1b@cyberspace.org step1b at cyberspace.org
Tue Nov 27 23:02:02 PST 2001


> Step 1 B wrote:
> > hi
> > How do I deny ssh from a particular host ?
> > I am using RH6.2.
> > 
> > hosts.deny/allow worked on RH7.1 but not on 6.2.
> 
> Red Hat 6.2 doesn't have an official Red Hat-provided ssh .RPM (RH 7.x
> does).  So you need to either get a built ssh from somewhere else, or
> build it yourself.  If you want to build openssh, use the
> --with-tcp-wrappers option on ./configure to get hosts.{allow,deny}
> support.
> 


the option was some with-libwrap, and it worked. thanks.
My server is neither CPU intensive not IO intensive,
I just want to prevent others from connecting to my
machine.

I have some questions about the working of ssh.

>From the 'man ssh', I understood the foll:
When a ssh  request comes from a certain clinet,
the server creates a random number and encrypts
it using the client's public key, calling this challenge.
It then sends this challenge to the client, and it
trusts the client only if it can decrypt the challenge
correctly.


But when I use the verbose mode to connect to a server,
it shows:
 Received server public key (768 bits) and host key (1024 bits).

What is this server public key for ? May be the client also verifies
if it is the  correct server that is responding. am I right ?

The verbose mode doesnt show anything about the challenge, why ?

Also sometimes I get
Remote protocol version 1.5, remote software version 1.2.30 
and sometimes
Remote protocol version 1.99, remote software version 3.0.1 SSH Secure Shell (non-commercial)
and some other times I do not get anything about the remote protocol.
Does this mean the client implementation is different ? or it is optional
for the server(remote host) to identify its protool version ?


And lastly, when I get the following:
 Waiting for server public key.
Connection closed by remote host. 

does it mean I am being denied login from this client machine?
or can it also mean something else ?

Thanks for your time.




More information about the svlug mailing list