I can't thank you enough-> fixed! It was the port that wasn't in hosts.allow! A simple line like sshd 8070: my_laptop fixed the problem lickety split. I suppose the part that threw me off was that I didn't know sshd had the wrappers compiled in. I thought that since it ran as a deamon, that was bypassed. Then, when I ran tcpdchk, and it complained (still does ), I was really thrown off. One good thing came out of this: can do hosts.deny hosts.allow with my eyes closed now......spent so much time in there the past couple of days Keyboard smokes when I do a kill -HUP I suppose tommarow I'll look into sending Weitse a message (or probably Debian) Mike mgcon@getnet.com http://www.getnet.com/~mgcon Phoenix, AZ > Just began experiencing something unusual and annoying: > Whenever I go to ssh into my server at home, I can no longer > type 'ssh mybox'. It takes forever to get to the login. If > I use the ip number (192.168.3.1), poof, I am there. IP is > is both hosts file. FTP works fine, and so does pop. This > just began after an update (Debian). ftp and pop probably aren't doing reverse lookups. sshd should be. > Somethind else I can't figure out: SInce sshd is running in deamon > mode, I thought tcpd/inetd.conf/hosts.allow doesn't apply. It does. >>From the sshd manpage: SSH WITH TCP WRAPPERS When sshd is compiled with tcp wrappers libraries, then the host.allow/deny files also controls who can connect to ports forwarded by sshd. The program names in the hosts.allow/deny files are sshd­ fwd-, sshdfwd-, and sshdfwd-X11 for forwarded ports the ssh client or server is listening. If the port has name defined then you must use it. If that's an option, you can be pretty certain that debian would include it ;-). > If I put the line > sshd: mylaptop > in hosts.allow, then I am OK. But running tcpdchk complains that > sshd is not in inetd.conf. Have I misconfigured something. You should file a bug against tcpdchk. Thanks for letting me know about that one ;-), I'd completely forgotten about it. > Item #1 is just plain annoying (typing my ip [that hasn't changed > since Moses]), but I can still get in OK. Item 2 bothers me as I > would like to keep hosts.allow/hosts.deny tightened down pretty > good, but I would still like tcpdchk to not complain. > > Are the two related? I have checked host.conf, made sure all ip's > are still in hosts, etc. Probably. > When I do a tcpdump on my laptop (from the server), I notice that > the laptop is sending icmp packets to my nameservers. Are your nameservers correct? Do you have reverse addressing? If the update that you did moved from ssh-nonfree to openssh some of the default behavior changed. I haven't experienced what you're seeing, but I'm also pretty damned certain that my reverse lookups work ;-). ciao, der.hans -- # +++++++++++=================================+++++++++++ # # der.hans@LuftHans.com www.excelco.com # # http://home.pages.de/~lufthans/ # # I'm not anti-social, I'm pro-individual. - der.hans # # ===========+++++++++++++++++++++++++++++++++=========== # _______________________________________________ Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss ----- End forwarded message ----