Can't set sshd-parameter PermitTunnel

Discussion in 'Server Operation' started by hfr, Feb 3, 2011.

  1. hfr

    hfr New Member

    Hello,

    I have an CentOS 5.5 64-Bit Server which provides an apache, mysql, postfix and so on.

    Now i tried to customize sshd-config /etc/ssh/sshd_config a little bit. I want to enable PermitTunnel. But after removing the trailing #, sshd does not start anymore.

    Error-Message:
    What can I do to fix this? I have a second webserver with the same os installed and there it works.

    sshd-Version (on both servers):
    Name : openssh-server
    Arch : x86_64
    Version : 4.3p2
    Release : 41.el5_5.1

    Why does sshd not know this option?
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Can you post your /etc/ssh/sshd_config?
     
  3. hfr

    hfr New Member

    Of course:

    Code:
    #       $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
    
    # This is the sshd server system-wide configuration file.  See
    # sshd_config(5) for more information.
    
    # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
    
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented.  Uncommented options change a
    # default value.
    
    #Port 22
    #Protocol 2,1
    Protocol 2
    #AddressFamily any
    #ListenAddress 0.0.0.0
    ListenAddress 0.0.0.0:59725
    
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
    
    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 768
    
    # Logging
    # obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    SyslogFacility AUTHPRIV
    #LogLevel INFO
    
    # Authentication:
    
    #LoginGraceTime 2m
    PermitRootLogin no
    #StrictModes yes
    #MaxAuthTries 6
    
    #RSAAuthentication yes
    #PubkeyAuthentication yes
    #AuthorizedKeysFile     .ssh/authorized_keys
    
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    
    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no
    PasswordAuthentication yes
    
    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
    ChallengeResponseAuthentication no
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    
    # GSSAPI options
    #GSSAPIAuthentication no
    
    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication mechanism.
    # Depending on your PAM configuration, this may bypass the setting of
    # PasswordAuthentication, PermitEmptyPasswords, and
    # "PermitRootLogin without-password". If you just want the PAM account and
    # session checks to run without PAM authentication, then enable this but set
    # ChallengeResponseAuthentication=no
    #UsePAM no
    
    #AllowTcpForwarding yes
    #GatewayPorts no
    #X11Forwarding no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #TCPKeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #ShowPatchLevel no
    #UseDNS yes
    #PidFile /var/run/sshd.pid
    #MaxStartups 10
    #PermitTunnel no
    
    # no default banner path
    #Banner /some/path
    
    # override default of no subsystems
    Subsystem       sftp    /usr/libexec/openssh/sftp-server
    
     
  4. falko

    falko Super Moderator ISPConfig Developer

  5. hfr

    hfr New Member

    No, I only have this version mentioned above installed.
     
  6. falko

    falko Super Moderator ISPConfig Developer

    Hm...
    What's the output of
    Code:
    getenforce
    on both servers?
     
  7. hfr

    hfr New Member

    Where it works: Permissive
    Where it does not work: Disabled

    Hm, vice versa it would have been more logical?!
     
  8. falko

    falko Super Moderator ISPConfig Developer

    That's strange. Does it work if you set it from disabled to permissive?
     
: sshd

Share This Page