Failed none and iptables

Posted by Michael on Server Fault See other posts from Server Fault or by Michael
Published on 2011-03-13T04:21:39Z Indexed on 2011/03/13 8:11 UTC
Read the original article Hit count: 246

Filed under:
|

The problem is that when I ssh to my host with putty and enter user name, after that the password prompt delays. Found this is directly related to my iptables and can solve by changing default policy to ACCEPT. If default INPUT policy is ACCEPT, then password prompt is coming immediately.

Mar 13 00:05:01 server-ubuntu sshd[6154]: Connection from 192.168.0.10 port 26304
Mar 13 00:05:06 server-ubuntu sshd[6154]: Failed none for acid from 192.168.0.10 port 26304 ssh2

However, if default INPUT policy is DROP, I got slight delay in getting password prompt after I enter username

Mar 13 00:07:12 server-ubuntu sshd[6177]: Connection from 192.168.0.10 port 26333
Mar 13 00:07:35 server-ubuntu sshd[6177]: Failed none for acid from 192.168.0.10 port 26333 ssh2

For the second case, I tried to set default policy for FORWARD and OUTPUT chains to ACCEPT, but it didn't help. The only rule in this case is:

-A INPUT -i eth1 -m mac --mac-source 00:26:XX:XX:XX:XX -j ACCEPT

00:26:XX:XX:XX:XX is the mac address from which I am trying to ssh to server's LAN(eth1).

I'm sure there has to be some rule, which I can use while default INPUT chain policy is DENY in order to get password prompt immediately. I realize that the error message in the log is something normal and part of some verification procedure.

© Server Fault or respective owner

Related posts about iptables

Related posts about ubuntu-10.04