I have the following ipfw settings on my Mac OS X 10.4 Tiger:
00100 allow ip from any to 123.123.123.123
00110 allow tcp from any to 123.123.123.123
00120 allow udp from any to 123.123.123.123
00130 allow ip from 123.123.123.123 to any
00140 allow tcp from 123.123.123.123 to any
00150 allow udp from 123.123.123.123 to any
65534 deny ip from any to any
65535 allow ip from any to any
I am trying to ssh to the Mac from a Linux computer which has IP address 123.123.123.123, and sshd is running on the Mac. However, the ssh client outputs the following:
ssh [email protected] -v
OpenSSH_5.5p1, OpenSSL 1.0.0d-fips 8 Feb 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to mac.example.com [10.10.10.10] port 22.
debug1: Connection established.
debug1: identity file /home/me/.ssh/id_rsa type -1
debug1: identity file /home/me/.ssh/id_rsa-cert type -1
debug1: identity file /home/me/.ssh/id_dsa type -1
debug1: identity file /home/me/.ssh/id_dsa-cert type -1
ssh_exchange_identification: Connection closed by remote host
What could cause the Mac to suddenly close the connection before even asking for a password?
I believe it has to do with the IPFW settings, because the ssh worked when I simply had 65535 allow ip from any to any as the IPFW settings. E.g., do I need a rule for a reverse DNS lookup?
First, there's no need to specify tcp and udp if you're allowing all
ipin the first place. Also, it's usually easier to start your rules withallow ip from me to anyto allow all outbound connections.Try this ruleset and see what happens:
An improved stateful version: