Проблема с SSH

cat /etc/hosts.allow

# /etc/hosts.allow # See `man tcpd┤ and `man 5 hosts_access┤ for a detailed description # of /etc/hosts.allow and /etc/hosts.deny. # # short overview about daemons and servers that are built with # tcp_wrappers support: # # package name | daemon path | token # ---------------------------------------------------------------------------- # ssh, openssh | /usr/sbin/sshd | sshd, sshd-fwd-x11, sshd-fwd-<port> # quota | /usr/sbin/rpc.rquotad | rquotad # tftpd | /usr/sbin/in.tftpd | in.tftpd # portmap | /sbin/portmap | portmap # The portmapper does not verify against hostnames # to prevent hangs. It only checks non-local addresses. # # (kernel nfs server) # nfs-utils | /usr/sbin/rpc.mountd | mountd # nfs-utils | /sbin/rpc.statd | statd # # (unfsd, userspace nfs server) # nfs-server | /usr/sbin/rpc.mountd | rpc.mountd # nfs-server | /usr/sbin/rpc.ugidd | rpc.ugidd # # (printing services) # lprng | /usr/sbin/lpd | lpd # cups | /usr/sbin/cupsd | cupsd # The cupsd server daemon reports to the cups # error logs, not to the syslog(3) facility. # # (Uniterrupted Power Supply Software) # apcupsd | /sbin/apcupsd | apcupsd # apcupsd | /sbin/apcnisd | apcnisd # # All of the other network servers such as samba, apache or X, have their own # access control scheme that should be used instead. # # In addition to the services above, the services that are started on request # by inetd or xinetd use tcpd to "wrap" the network connection. tcpd uses # the last component of the server pathname as a token to match a service in # /etc/hosts.{allow,deny}. See the file /etc/inetd.conf for the token names. # The following examples work when uncommented: # # # Example 1: Fire up a mail to the admin if a connection to the printer daemon # has been made from host foo.bar.com, but simply deny all others: # lpd : foo.bar.com : spawn /bin/echo "%h printer access" | \ # mail -s "tcp_wrappers on %H" root # # # Example 2: grant access from local net, reject with message from elsewhere. # in.telnetd : ALL EXCEPT LOCAL : ALLOW # in.telnetd : ALL : \ # twist /bin/echo -e "\n\raccess from %h declined.\n\rGo away.";sleep 2 # # # Example 3: run a different instance of rsyncd if the connection comes # from network 172.20.0.0/24, but regular for others: # rsyncd : 172.20.0.0/255.255.255.0 : twist /usr/local/sbin/my_rsyncd-script # rsyncd : ALL : ALLOW #

# /etc/hosts.allow
# See `man tcpd┤ and `man 5 hosts_access┤ for a detailed description
# of /etc/hosts.allow and /etc/hosts.deny.
#
# short overview about daemons and servers that are built with
# tcp_wrappers support:
# 
# package name  |       daemon path     |       token
# ----------------------------------------------------------------------------
# ssh, openssh  |  /usr/sbin/sshd       |  sshd, sshd-fwd-x11, sshd-fwd-<port>
# quota         | /usr/sbin/rpc.rquotad |  rquotad
# tftpd         | /usr/sbin/in.tftpd    |  in.tftpd
# portmap       |  /sbin/portmap        |  portmap
#                       The portmapper does not verify against hostnames
#                       to prevent hangs. It only checks non-local addresses.
# 
# (kernel nfs server)
# nfs-utils     |  /usr/sbin/rpc.mountd |  mountd
# nfs-utils     |  /sbin/rpc.statd      |  statd
#
# (unfsd, userspace nfs server)
# nfs-server    |  /usr/sbin/rpc.mountd |  rpc.mountd
# nfs-server    |  /usr/sbin/rpc.ugidd  |  rpc.ugidd
#
# (printing services)
# lprng         |  /usr/sbin/lpd        |  lpd
# cups          |  /usr/sbin/cupsd      |  cupsd
#                       The cupsd server daemon reports to the cups
#                       error logs, not to the syslog(3) facility.
#
# (Uniterrupted Power Supply Software)
# apcupsd       |  /sbin/apcupsd        |  apcupsd
# apcupsd       |  /sbin/apcnisd        |  apcnisd
# 
# All of the other network servers such as samba, apache or X, have their own
# access control scheme that should be used instead.
#
# In addition to the services above, the services that are started on request 
# by inetd or xinetd use tcpd to "wrap" the network connection. tcpd uses
# the last component of the server pathname as a token to match a service in
# /etc/hosts.{allow,deny}. See the file /etc/inetd.conf for the token names.
# The following examples work when uncommented:
#
#
# Example 1: Fire up a mail to the admin if a connection to the printer daemon
# has been made from host foo.bar.com, but simply deny all others:
# lpd : foo.bar.com : spawn /bin/echo "%h printer access" | \
#                               mail -s "tcp_wrappers on %H" root
# 
#
# Example 2: grant access from local net, reject with message from elsewhere.
# in.telnetd : ALL EXCEPT LOCAL : ALLOW
# in.telnetd : ALL : \
#    twist /bin/echo -e "\n\raccess from %h declined.\n\rGo away.";sleep 2
#
#
# Example 3: run a different instance of rsyncd if the connection comes 
#            from network 172.20.0.0/24, but regular for others:
# rsyncd : 172.20.0.0/255.255.255.0 : twist /usr/local/sbin/my_rsyncd-script
# rsyncd : ALL : ALLOW
#

less /var/log/messages OR /var/log/security OR что там у вас ещё прямо после коннекта.

/var/log/messages - ничего /var/log/security - вообще такого нет.

кем заходищь-то ? рутом небось...

Мда, SUSE, мда ...

Все сообщения sshd падают в /var/log/messages. "Красота".

>кем заходищь-то ? рутом небось...

Кем только не захожу, толку мало, доступ закрыт и все. В конфиге при этом ограничения на доступ рута нет.

cat /etc/hosts.deny

Ну и PAM за одно проверить...

# /etc/hosts.deny
# See `man tcpd_ and `man 5 hosts_access_ as well as /etc/hosts.allow
# for a detailed description.

http-rman : ALL EXCEPT LOCAL

Все проблемма решена, частично, не заходит только с моей машины с других машин заходит, но предварительно спросил про ключ шифрования. На моей машине ничего подобного не произошло. Волей судеб приходиться сидеть под виндой и работать через PUTTY. Такие банковские правила.