FreeBSD (PC-BSD) にmacOS からSSHすると、接続できない件について

macOSからFreeBSDにSSH接続すると、失敗してしまう。

SSHのdebug messageは以下の通り。

mutoubushinokonpyuta [ ~ ] % ssh -vvv 192.168.24.40
OpenSSH_7.3p1, LibreSSL 2.4.1
debug1: Reading configuration data /Users/mutoh/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug2: resolving "192.168.24.40" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.24.40 [192.168.24.40] port 22.
debug1: Connection established.
debug1: identity file /Users/mutoh/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mutoh/.ssh/id_rsa-cert type -1
debug1: identity file /Users/mutoh/.ssh/id_dsa type 2
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mutoh/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mutoh/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mutoh/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mutoh/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mutoh/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
ssh_exchange_identification: Connection closed by remote host

FreeBSD側では、以下のログが出ている。

• /var/log/messages

Feb  5 05:45:41 pcbsd-t400 sshd[2457]: warning: /etc/hosts.allow, line 35: host name/name mismatch: mutoubushinokonpyuta.local != 

で、/etc/hosts.allowの該当箇所はこれ。

• /etc/hosts.allow

[mutoh@pcbsd-t400] ~/Scratch/ports/scratch% cat -n /etc/hosts.allow | head -35 | tail -7
    29  # Protect against simple DNS spoofing attacks by checking that the 
    30  # forward and reverse records for the remote host match. If a mismatch 
    31  # occurs, access is denied, and any positive ident response within 
    32  # 20 seconds is logged. No protection is afforded against DNS poisoning, 
    33  # IP spoofing or more complicated attacks. Hosts with no reverse DNS 
    34  # pass this rule. 
    35  ALL : PARANOID : RFC931 20 : deny 

以下のパッチで、とりあえず接続はできるようになる。 でも、こんな対応で大丈夫なんだろうか?

• /etc/hosts.allow

[mutoh@pcbsd-t400] ~% diff -u /etc/hosts.allow{.20170205,}
--- /etc/hosts.allow.20170205   2017-02-05 05:49:26.337581995 +0900
+++ /etc/hosts.allow    2017-02-05 05:49:42.165578014 +0900
@@ -32,7 +32,7 @@
 # 20 seconds is logged. No protection is afforded against DNS poisoning, 
 # IP spoofing or more complicated attacks. Hosts with no reverse DNS 
 # pass this rule. 
-ALL : PARANOID : RFC931 20 : deny 
+# ALL : PARANOID : RFC931 20 : deny 
  
 # Allow anything from localhost.  Note that an IP address (not a host 
 # name) *MUST* be specified for rpcbind(8). 

設定変更後、ssh ログインしてみると、まだなんか警告が出ている。

• /var/log/messages

Feb  5 05:50:22 pcbsd-t400 sshd[4733]: warning: /etc/hosts.allow, line 39: host name/name mismatch: mutoubushinokonpyuta.local != 
Feb  5 05:51:26 pcbsd-t400 sshd[4810]: warning: /etc/hosts.allow, line 39: host name/name mismatch: mutoubushinokonpyuta.local != 
Feb  5 05:51:29 pcbsd-t400 sshd[4811]: _secure_path: cannot stat /etc/login.conf: Not permitted in capability mode
Feb  5 05:51:29 pcbsd-t400 last message repeated 2 times

該当箇所は、以下の通り。 特に問題なく使えてるので、深く追求してない。

• /etc/hosts.allow

[mutoh@pcbsd-t400] ~/Scratch/ports/scratch% cat -n /etc/hosts.allow | head -39 | tail -3
    37  # Allow anything from localhost.  Note that an IP address (not a host 
    38  # name) *MUST* be specified for rpcbind(8). 
    39  ALL : localhost 127.0.0.1 : allow