DA prevent .ssh/config local config

[jocker]

Hi All,

I'm facing a strange probleme

On the 2 servers I have with DA, ssh client is ignoring the user "~/.ssh/config" file

My file

Host localhost
HostName localhost
Port 2220


I tried on my desktop and the config file is working. I tried on my server and ssh doesn't read the file

[root@my01 git]# ssh -v git@localhost
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host localhost port 22: Connection refused

On My desktop
sylvain@home:~$ ssh -v website.fr
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /home/sylvain/.ssh/config
debug1: /home/sylvain/.ssh/config line 1: Applying options for website.fr
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to myeshop.fr [91.123.36.247] port 2220.
debug1: Connection established.


There is not yet new version for openssh but that's shouldn't be the problem because it work on others servers with this versionof ssh and wich haven't DA

From what I read it could be a probleme of path because if I force the file it works

[root@my01 git]# ssh -v -F .ssh/config git@localhost
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data .ssh/config
debug1: Applying options for localhost
debug1: Connecting to localhost [127.0.0.1] port 2220.
debug1: Connection established.


I try on another server running DA and I have the same problem.

Thank you for your help.

 

[zEitEr]

Hello,

As far as I know, Directadmin does not modify your sshd_config, just add one-two lines at the end. So your issue has very little to do with Directadmin. And you should either read man/docs about sshd_config, or give us more details, the sshd_config full listing for example.

 

[jocker]

Hello

thanks for your reply. I know that DA don't change sshd config that's why I think it's not a sshd problem. As I said I did a try on another server with same sshd config and it works fine.
The problem appears ONLY on servers which have DA. (For example I have 2 mysql servers, same OS, centOS 5)
Maybe ca you have a try on one of your server to know if you get this error too or no.
Someone had a similar probleme and it was caused by a PATH error, so I don't know if maybe DA change

I spent hours to try to find a solution. The man doc is clear a .ssh/config should override config ... but it's not in these cases

Here is my sshd_config


# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

Port 2220
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
AllowUsers root
AllowUsers sylvain

 

[zEitEr]

And what if you run

ls -la ~/.ssh/config
ls -ld ~/.ssh/

Check permissions:

chmod 700 ~/.ssh/
chmod 600 ~/.ssh/config