su won't work at the far end of the tunnel?
some ssh settings must be off, here. i can't "su" to root when
logged in via ssh on our private tunnel...?
i've got two debian/potato firewalls running remote intranets --
one at home, say 1.2.3.4, and one at the office, say 2.4.6.8:
at home i use 192.168.1.* for my intranet address space. at the
office we use 10.1.1.*, and here's how we established the
tunnel:
# at home (public ip 1.2.3.4):
ip tunnel add office \
local 1.2.3.4 remote 2.4.6.8 \
mode ipip ttl 32
ifconfig office \
192.168.1.1 pointopoint 10.1.1.1 \
netmask 255.255.255.0
# at the office (public ip 2.4.6.8):
ip tunnel add residence \
local 2.4.6.8 remote 1.2.3.4 \
mode ipip ttl 32
ifconfig residence \
10.1.1.1 pointopoint 192.168.1.1 \
netmask 255.255.255.0
so now we can reach the residence computers from the office, and
vice-versa, using our private ip addresses (192.168.1.*,
10.1.1.*).
in theory.
from 10.1.1.1 (office) i try to connect to the home net from the
office--
will@office-local $ ssh 192.168.1.1
The authenticity of host '192.168.1.1' can't be established.
Key fingerprint is 1024 e5:c8:6f:f4:bb:a6:28:3f:7e:e1:c7:ae:2c:41:7a:74.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.1' to the list of known hosts.
will@192.168.1.1's password:
and there it sits until ^C. but using the public address, all is well:
will@office-local $ ssh 1.2.3.4
will@1.2.3.4's password:
Last login: Wed Mar 20 13:37:03 2002 from duo on pts/0
Linux residence 2.2.17 #1 Sun Jun 25 09:24:41 EST 2000 i586 unknown
will@home-remote $
now here's the weird part -- when going from home to the office:
will@home-local $ ssh 10.1.1.1
will@10.1.1.1's password:
Last login: Fri Mar 22 12:09:39 2002 from 192.168.1.1 on pts/1
Linux office 2.2.17 #1 Sun Jun 25 09:24:41 EST 2000 i586 unknown
will@office-remote $ su
all seems well until i try to do 'su' which locks everything up.
i haven't discovered a keystroke that'll break through -- i
spawn a secondary rxvt and kill the ssh process to free it up.
(i also logged in via public remote ip at the office, and did su
[successfully] and nosed around /proc/[pid-of-stuck-su] but it's
all greek to me. /proc/<pic>/status included 'State: S
(sleeping)' if that's significant.)
i tried 'login' instead (where i'd failed at 'su') and got:
will@office-remote $ login root
No utmp entry. You must exec "login" from the lowest level "sh"
will@office-remote $ ps afx [output trimmed]
263 ? S 0:27 /usr/sbin/sshd
30904 ? S 0:00 \_ /usr/sbin/sshd
30905 pts/1 S 0:00 \_ -bash
30912 pts/1 R 0:00 \_ ps afx
but again, when i get in via the public addresses (from home-to-
office, just as in office-to-home) all is right with the world:
will@home-local $ ssh 2.4.6.8
will@2.4.6.8's password:
Last login: Fri Mar 22 12:11:27 2002 from 192.168.1.1 on pts/1
Linux office 2.2.17 #1 Sun Jun 25 09:24:41 EST 2000 i586 unknown
will@office-remote $ ps afx [output trimmed]
263 ? S 0:27 /usr/sbin/sshd
30915 ? S 0:00 \_ /usr/sbin/sshd
30916 pts/1 S 0:00 \_ -bash
30921 pts/1 S 0:00 \_ bash
30926 pts/1 R 0:00 \_ ps afx
i don't know where to look. is this an sshd config thing? is pam
doing her thing a bit too well? which lsof thingie will reveal
the snag? will it be something in /proc that explains this?
or is it a side-effect of some 'ip tunnel' config?
--
I use Debian/GNU Linux version 2.2;
Linux server 2.2.17 #1 Sun Jun 25 09:24:41 EST 2000 i586 unknown
DEBIAN NEWBIE TIP #114 from D & E Radel <radel@inet.net.nz>
:
Installing gnome-apt (although a little buggy) is A GREAT WAY TO
FIND OUT WHAT PACKAGES ARE AVAILABLE and install/remove them
with ease!
Newbie tip: Also I discovered that
apt-get remove [packagename]
works much better when there are dependancy problems than
dpkg -r [packagename]
Also see http://newbieDoc.sourceForge.net/ ...
Reply to: