"ip tunnel add" woes -- potato
some of my ssh settings must be off, here. i can't "su" to root
when logged in remotely using ssh via our private tunnel...?
==
i've got two debian/potato firewalls running remote intranets --
one at home, say 1.2.3.4, and one at the office, say 2.4.6.8:
at home i use 192.168.1.* for my intranet address space. at the
office we use 10.1.1.*, and here's how we established the
tunnel:
# at home (public ip 1.2.3.4):
ip tunnel add office \
local 1.2.3.4 remote 2.4.6.8 \
mode ipip ttl 32
ifconfig office \
192.168.1.1 pointopoint 10.1.1.1 \
netmask 255.255.255.0
# at the office (public ip 2.4.6.8):
ip tunnel add residence \
local 2.4.6.8 remote 1.2.3.4 \
mode ipip ttl 32
ifconfig residence \
10.1.1.1 pointopoint 192.168.1.1 \
netmask 255.255.255.0
so now we can reach the residence computers from the office, and
vice-versa, using our private ip addresses (192.168.1.*,
10.1.1.*).
...in theory.
from 10.1.1.1 (office) i try to connect to the home net--
will@office-local $ ssh 192.168.1.1
The authenticity of host '192.168.1.1' can't be established.
Key fingerprint is 1024 e5:c8:6f:f4:bb:a6:28:3f:7e:e1:c7:ae:2c:41:7a:74.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.1' to the list of known hosts.
will@192.168.1.1's password:
and there it sits until ^C. but using the public address, all is well:
will@office-local $ ssh 1.2.3.4
will@1.2.3.4's password:
Last login: Wed Mar 20 13:37:03 2002 from duo on pts/0
Linux residence 2.2.17 #1 Sun Jun 25 09:24:41 EST 2000 i586 unknown
will@home-remote $
i'd love to dianose that. but that's not the real kicker...
here's the weird part -- when going from home to the office:
will@home-local $ ssh 10.1.1.1
will@10.1.1.1's password:
Last login: Fri Mar 22 12:09:39 2002 from 192.168.1.1 on pts/1
Linux office 2.2.17 #1 Sun Jun 25 09:24:41 EST 2000 i586 unknown
will@office-remote $ su
all seems well until i try to do 'su' which locks everything up.
i haven't discovered a keystroke that'll break through -- i
spawn a secondary rxvt (local) and kill the ssh process to free
it up.
(i also logged in via public remote ip at the office, and did su
[successfully] and nosed around /proc/[pid-of-stuck-su] but it's
all greek to me. /proc/<pid>/status included 'State: S
(sleeping)' if that's significant.)
i tried 'login' instead (where i'd failed at 'su') and got:
will@office-remote $ login root
No utmp entry. You must exec "login" from the lowest level "sh"
will@office-remote $ ps afx [output trimmed]
263 ? S 0:27 /usr/sbin/sshd
30904 ? S 0:00 \_ /usr/sbin/sshd
30905 pts/1 S 0:00 \_ -bash
30912 pts/1 R 0:00 \_ ps afx
but again, when i get in via the public addresses (from home-to-
office, just as in office-to-home) all is right with the world:
will@home-local $ ssh 2.4.6.8
will@2.4.6.8's password:
Last login: Fri Mar 22 12:11:27 2002 from 192.168.1.1 on pts/1
Linux office 2.2.17 #1 Sun Jun 25 09:24:41 EST 2000 i586 unknown
will@office-remote $ ps afx [output trimmed]
263 ? S 0:27 /usr/sbin/sshd
30915 ? S 0:00 \_ /usr/sbin/sshd
30916 pts/1 S 0:00 \_ -bash
30921 pts/1 S 0:00 \_ bash
30926 pts/1 R 0:00 \_ ps afx
i don't know where to look. is this an sshd config thing? is pam
doing her thing a bit too well? which lsof thingie will reveal
the snag? will it be something in /proc that explains this?
or is it a side-effect of some 'ip tunnel' config? any pointers
are welcome -- thanks!
--
I use Debian/GNU Linux version 2.2;
Linux server 2.2.17 #1 Sun Jun 25 09:24:41 EST 2000 i586 unknown
DEBIAN NEWBIE TIP #58 from Thomas Zimmerman <thomas@zimres.net>
:
Wondering HOW TO SET YOUR SYSTEM CLOCK? There's a true
hardware clock on your computer's motherboard; at startup, it
sets your system's software clock. To set your hardware clock
use "hwclock" (apt-get install util-linux). Try the --localtime
and --systohc options. (Or even take a look at --help.)
Also see http://newbieDoc.sourceForge.net/ ...
Reply to: