Re: fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port yyyyy: Permission denied

From: KIRIYAMA Kazuhiko <kiri_at_kx.openedu.org>
Date: Wed, 23 Nov 2016 17:24:32 +0900
At Tue, 22 Nov 2016 10:47:17 -0500,
Allan Jude wrote:
> 
> [1 Re: fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port yyyyy: Permission denied <multipart/mixed (7bit)>]
> [1.1  <text/plain; windows-1252 (quoted-printable)>]
> On 2016-11-22 02:37, KIRIYAMA Kazuhiko wrote:
> > Hi, all
> > 
> > I've updated to HEAD(r308871) at 2 days ago, and also ports
> > too(r426562). Then all stuffs including applications have
> > been updated and tried to slogin to this host,but can't
> > connect with the message `userauth_pubkey: key type ssh-dss
> > not in PubkeyAcceptedKeyTypes [preauth]' in
> > /var/log/auth.log. I found new OpenSSH-7.* has not been
> > supported DSA and to connect from client with old ssh(lower
> > than OpenSSH-7.0),set `ssh-dss' or some values set to
> > relevant variables in /etc/ssh/sshd_config. According to [1]
> > and [2] I've set these variables as below:
> > 
> > PubkeyAcceptedKeyTypes=+ssh-dss
> > HostKeyAlgorithms=+ssh-dss
> > KexAlgorithms=+diffie-hellman-group-exchange-sha256
> > 
> > and successfully slogined:
> > 
> 
> snip
> 
> > 
> > And with the message `fatal: Fssh_packet_write_poll:
> > Connection from xxx.xxx.xx.xx port yyyyy: Permission denied'
> > in /var/log/auth.log:
> > 
> > 
> > Nov 22 16:07:51 kx sshd[73878]: Accepted publickey for admin from xxx.xxx.xx.xx port 64147 ssh2: DSA SHA256:6uPsONRWeNkYjlj9BU4GZYUUeH60ZbUCB25jolvrvj8
> > Nov 22 16:07:51 kx sshd[73880]: fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port 64147: Permission denied
> > 
> > 
> > Is there any suggesions?
> > My environments are as follows:
> > 
> > - Server:
> > 
> > admin_at_kx:~ % uname -a
> > FreeBSD kx.truefc.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13 r308871M: Sun Nov 20 15:51:21 JST 2016     admin_at_kx.truefc.org:/usr/obj/usr/src/sys/XIJ  amd64
> > admin_at_kx:~ % ssh -V
> > OpenSSH_7.2p2, OpenSSL 1.0.2j-freebsd  26 Sep 2016
> > admin_at_kx:~ % 
> > 
> > - Client:
> > 
> > kiri_at_kazu:~[995]% uname -a
> > FreeBSD kazu.pis 9.2-STABLE FreeBSD 9.2-STABLE #5 r259404M: Mon Dec 16 00:12:52 JST 2013     admin_at_kazu.pis:/usr/obj/usr/src/sys/GENERIC  amd64
> > kiri_at_kazu:~[996]% ssh -V
> > OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013
> > kiri_at_kazu:~[997]% 
> > 
> > 
> > Best regards.
> > 
> > 
> > [1] https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html
> > [2] https://lists.freebsd.org/pipermail/freebsd-current/2016-August/062853.html
> > 
> > ---
> > KIRIYAMA Kazuhiko
> > _______________________________________________
> > freebsd-current_at_freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-current
> > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
> > 
> 
> 
> Newer versions of OpenSSH, like the one shipped in 11.0 and 12-current,
> do not accept DSA keys anymore. You will need to use RSA keys, or the
> newer ECDSA or ED25519 key types.

Yes indeed :) So I've generated RSA key and scp again,but
failed:

kiri_at_kazu:~[1012]% scp -vvv tfc:/jails/desktop/commonjail/home/kiri/projects/xemacs/xemacs-packages/sdoc-mode-1.10-pkg.tar.gz ~/projects/xemacs/xemacs-packages/sdoc-mode-1.10-pkg.tar.gz
Executing: program /usr/bin/ssh host tfc, user (unspecified), command scp -v -f /jails/desktop/commonjail/home/kiri/projects/xemacs/xemacs-packages/sdoc-mode-1.10-pkg.tar.gz
OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013
debug1: Reading configuration data /home/kiri/.ssh/config
debug1: /home/kiri/.ssh/config line 13: Applying options for tfc
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to xx.xxxxxx.xxx [yyy.yyy.yy.yy] port zzzzz.
debug1: Connection established.
debug1: could not open key file '/etc/ssh/ssh_host_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/kiri/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/kiri/.ssh/id_rsa type 1
debug1: identity file /home/kiri/.ssh/id_rsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/kiri/.ssh/id_dsa" as a RSA1 public key
debug1: identity file /home/kiri/.ssh/id_dsa type 2
debug1: identity file /home/kiri/.ssh/id_dsa-cert type -1
debug1: identity file /home/kiri/.ssh/id_ecdsa type -1
debug1: identity file /home/kiri/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2_hpn13v11 FreeBSD-20130515
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2 FreeBSD-20160310
debug1: match: OpenSSH_7.2 FreeBSD-20160310 pat OpenSSH*
debug1: Remote is not HPN-aware
debug2: fd 3 setting O_NONBLOCK
debug3: put_host_port: [xx.xxxxxx.xxx]:zzzzz
debug3: ssh_load_hostkeys: loading entries for host "[xx.xxxxxx.xxx]:zzzzz" from file "/home/kiri/.ssh/known_hosts"
debug3: ssh_load_hostkeys: found key type ECDSA in file /home/kiri/.ssh/known_hosts:170
debug3: ssh_load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01_at_openssh.com,ecdsa-sha2-nistp384-cert-v01_at_openssh.com,ecdsa-sha2-nistp521-cert-v01_at_openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01_at_openssh.com,ecdsa-sha2-nistp384-cert-v01_at_openssh.com,ecdsa-sha2-nistp521-cert-v01_at_openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01_at_openssh.com,ssh-dss-cert-v01_at_openssh.com,ssh-rsa-cert-v00_at_openssh.com,ssh-dss-cert-v00_at_openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm_at_openssh.com,aes256-gcm_at_openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc_at_lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm_at_openssh.com,aes256-gcm_at_openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc_at_lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm_at_openssh.com,hmac-sha1-etm_at_openssh.com,umac-64-etm_at_openssh.com,umac-128-etm_at_openssh.com,hmac-sha2-256-etm_at_openssh.com,hmac-sha2-512-etm_at_openssh.com,hmac-ripemd160-etm_at_openssh.com,hmac-sha1-96-etm_at_openssh.com,hmac-md5-96-etm_at_openssh.com,hmac-md5,hmac-sha1,umac-64_at_openssh.com,umac-128_at_openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160_at_openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm_at_openssh.com,hmac-sha1-etm_at_openssh.com,umac-64-etm_at_openssh.com,umac-128-etm_at_openssh.com,hmac-sha2-256-etm_at_openssh.com,hmac-sha2-512-etm_at_openssh.com,hmac-ripemd160-etm_at_openssh.com,hmac-sha1-96-etm_at_openssh.com,hmac-md5-96-etm_at_openssh.com,hmac-md5,hmac-sha1,umac-64_at_openssh.com,umac-128_at_openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160_at_openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib_at_openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib_at_openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: curve25519-sha256_at_libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: chacha20-poly1305_at_openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm_at_openssh.com,aes256-gcm_at_openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: chacha20-poly1305_at_openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm_at_openssh.com,aes256-gcm_at_openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: umac-64-etm_at_openssh.com,umac-128-etm_at_openssh.com,hmac-sha2-256-etm_at_openssh.com,hmac-sha2-512-etm_at_openssh.com,hmac-sha1-etm_at_openssh.com,umac-64_at_openssh.com,umac-128_at_openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: umac-64-etm_at_openssh.com,umac-128-etm_at_openssh.com,hmac-sha2-256-etm_at_openssh.com,hmac-sha2-512-etm_at_openssh.com,hmac-sha1-etm_at_openssh.com,umac-64_at_openssh.com,umac-128_at_openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,zlib_at_openssh.com
debug2: kex_parse_kexinit: none,zlib_at_openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-sha1-etm_at_openssh.com
debug1: kex: server->client aes128-ctr hmac-sha1-etm_at_openssh.com none
debug2: mac_setup: found hmac-sha1-etm_at_openssh.com
debug1: kex: client->server aes128-ctr hmac-sha1-etm_at_openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 41:61:5e:8c:03:c7:70:c4:e7:d8:52:56:2a:36:86:21
debug3: put_host_port: [yyy.yyy.yy.yy]:zzzzz
debug3: put_host_port: [xx.xxxxxx.xxx]:zzzzz
debug3: ssh_load_hostkeys: loading entries for host "[xx.xxxxxx.xxx]:zzzzz" from file "/home/kiri/.ssh/known_hosts"
debug3: ssh_load_hostkeys: found key type ECDSA in file /home/kiri/.ssh/known_hosts:170
debug3: ssh_load_hostkeys: loaded 1 keys
debug1: Host '[xx.xxxxxx.xxx]:zzzzz' is known and matches the ECDSA host key.
debug1: Found key in /home/kiri/.ssh/known_hosts:170
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/kiri/.ssh/id_rsa (0x8028540d0),
debug2: key: /home/kiri/.ssh/id_dsa (0x802854100),
debug2: key: /home/kiri/.ssh/id_ecdsa (0x0),
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/kiri/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp 39:bd:18:5c:13:30:7b:dc:41:17:a1:1c:4e:9b:93:35
debug3: sign_and_send_pubkey: RSA 39:bd:18:5c:13:30:7b:dc:41:17:a1:1c:4e:9b:93:35
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to xx.xxxxxx.xxx ([yyy.yyy.yy.yy]:zzzzz).
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: HPN to Non-HPN Connection
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling

debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions_at_openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-00_at_openssh.com want_reply 0
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x08
debug2: client_session2_setup: id 0
debug1: Sending command: scp -v -f /jails/desktop/commonjail/home/kiri/projects/xemacs/xemacs-packages/sdoc-mode-1.10-pkg.tar.gz
debug2: channel 0: request exec confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug2: channel 0: rcvd ext data 58
debug2: tcpwinsz: 65894 for connection: 3
Sending file modes: C0644 16613 sdoc-mode-1.10-pkg.tar.gz
debug2: channel 0: written 58 to efd 6
debug2: tcpwinsz: 65894 for connection: 3
Sink: C0644 16613 sdoc-mode-1.10-pkg.tar.gz
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
sdoc-mode-1.10-pkg.tar.gz                                                            0%    0     0.0KB/s   --:-- ETAdebug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
sdoc-mode-1.10-pkg.tar.gz                                                            0%    0     0.0KB/s   --:-- ETAdebug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
sdoc-mode-1.10-pkg.tar.gz                                                            0%    0     0.0KB/s   --:-- ETAdebug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug2: tcpwinsz: 65894 for connection: 3
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)

debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Connection to xx.xxxxxx.xxx closed by remote host.
Transferred: sent 3312, received 19332 bytes, in 2.4 seconds
Bytes per second: sent 1401.1, received 8178.3
debug1: Exit status -1
lost connection
kiri_at_kazu:~[1013]% 

I don't know why remote server send fingerprint with ECDSA.
Remote sshd server configuration as below:

root_at_kx:~ # sshd -T
port xxxxx
protocol 2
addressfamily any
listenaddress 0.0.0.0:xxxxx
listenaddress [::]:xxxxx
usepam no
serverkeybits 1024
logingracetime 120
keyregenerationinterval 3600
x11displayoffset 10
maxauthtries 6
maxsessions 10
clientaliveinterval 0
clientalivecountmax 3
streamlocalbindmask 0177
permitrootlogin no
ignorerhosts yes
ignoreuserknownhosts no
rhostsrsaauthentication no
hostbasedauthentication no
hostbasedusesnamefrompacketonly no
rsaauthentication yes
pubkeyauthentication yes
kerberosauthentication no
kerberosorlocalpasswd yes
kerberosticketcleanup yes
gssapiauthentication no
gssapicleanupcredentials yes
passwordauthentication no
kbdinteractiveauthentication yes
challengeresponseauthentication yes
printmotd yes
x11forwarding yes
x11uselocalhost yes
permittty yes
permituserrc yes
strictmodes yes
tcpkeepalive yes
permitemptypasswords no
permituserenvironment no
uselogin no
compression delayed
gatewayports no
usedns yes
allowtcpforwarding yes
allowagentforwarding yes
allowstreamlocalforwarding yes
useprivilegeseparation sandbox
fingerprinthash SHA256
useblacklist no
pidfile /var/run/sshd.pid
xauthlocation /usr/local/bin/xauth
ciphers chacha20-poly1305_at_openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm_at_openssh.com,aes256-gcm_at_openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
macs umac-64-etm_at_openssh.com,umac-128-etm_at_openssh.com,hmac-sha2-256-etm_at_openssh.com,hmac-sha2-512-etm_at_openssh.com,hmac-sha1-etm_at_openssh.com,umac-64_at_openssh.com,umac-128_at_openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
versionaddendum FreeBSD-20160310
kexalgorithms curve25519-sha256_at_libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
hostbasedacceptedkeytypes ecdsa-sha2-nistp256-cert-v01_at_openssh.com,ecdsa-sha2-nistp384-cert-v01_at_openssh.com,ecdsa-sha2-nistp521-cert-v01_at_openssh.com,ssh-ed25519-cert-v01_at_openssh.com,ssh-rsa-cert-v01_at_openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01_at_openssh.com,ecdsa-sha2-nistp384-cert-v01_at_openssh.com,ecdsa-sha2-nistp521-cert-v01_at_openssh.com,ssh-ed25519-cert-v01_at_openssh.com,ssh-rsa-cert-v01_at_openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01_at_openssh.com,ecdsa-sha2-nistp384-cert-v01_at_openssh.com,ecdsa-sha2-nistp521-cert-v01_at_openssh.com,ssh-ed25519-cert-v01_at_openssh.com,ssh-rsa-cert-v01_at_openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
loglevel INFO
syslogfacility AUTH
authorizedkeysfile .ssh/authorized_keys .ssh/authorized_keys2
hostkey /etc/ssh/ssh_host_rsa_key
hostkey /etc/ssh/ssh_host_dsa_key
hostkey /etc/ssh/ssh_host_ecdsa_key
hostkey /etc/ssh/ssh_host_ed25519_key
subsystem sftp /usr/libexec/sftp-server
maxstartups 10:30:100
permittunnel no
ipqos lowdelay throughput
rekeylimit 0 0
permitopen any
root_at_kx:~ # 

And local server sshd configuration as below:

root_at_kazu:~ # sshd -T
port 22
protocol 2
addressfamily any
listenaddress [::]:22
listenaddress 0.0.0.0:22
usepam 0
serverkeybits 1024
logingracetime 120
keyregenerationinterval 3600
x11displayoffset 10
maxauthtries 6
maxsessions 10
clientaliveinterval 0
clientalivecountmax 3
permitrootlogin no
ignorerhosts yes
ignoreuserknownhosts no
rhostsrsaauthentication yes
hostbasedauthentication no
hostbasedusesnamefrompacketonly no
rsaauthentication yes
pubkeyauthentication yes
kerberosauthentication no
kerberosorlocalpasswd yes
kerberosticketcleanup yes
gssapiauthentication no
gssapicleanupcredentials yes
passwordauthentication no
kbdinteractiveauthentication yes
challengeresponseauthentication yes
printmotd yes
printlastlog yes
x11forwarding yes
x11uselocalhost yes
strictmodes yes
tcpkeepalive yes
permitemptypasswords no
permituserenvironment no
uselogin no
compression delayed
gatewayports no
usedns yes
allowtcpforwarding yes
useprivilegeseparation yes
pidfile /var/run/sshd.pid
xauthlocation /usr/local/bin/xauth
versionaddendum FreeBSD-20130515
loglevel INFO
syslogfacility AUTH
authorizedkeysfile .ssh/authorized_keys
hostkey /etc/ssh/ssh_host_rsa_key
hostkey /etc/ssh/ssh_host_dsa_key
hostkey /etc/ssh/ssh_host_ecdsa_key
authenticationmethods
subsystem sftp /usr/libexec/sftp-server
maxstartups 10:30:100
permittunnel no
ipqos lowdelay throughput
permitopen any
root_at_kazu:~ # 

> 
> -- 
> Allan Jude
> 
> [2 OpenPGP digital signature <application/pgp-signature (7bit)>]
> 

---
KIRIYAMA Kazuhiko
Received on Wed Nov 23 2016 - 07:24:41 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:08 UTC