Things to check when you can't ssh to another host.

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Been tearing my hair out intermittently for three days over this one.

I'm in the process of upgrading servers from old clunky 1 ghz single
cpu, two disk boxes to
older dual processor 500 Mhz, 8 SCSI disk boxes with redundent power

Anyway:  Two nearly identical old boxes, conan and postie.  Two new
boxes, peon and serf.

After appropriate key copying, root@serf can login to postie, but gets
a "Sorry can't connect"
message from conan.

Looked this up on the net, and while I found various suggestions, I
eventuallly found the answer myself.

Figured I'd enter it here.  If the FAQ maintainer wants to add this to
his FAQ, he has my blessing.

Things I checked:
1.  Compared the sshd_config files on both computers.  Both were
2.  Compared the ssh_config files.  Ditto.
3.  Ran sshd -p 27 -dd on conan, and then connected from serf.
Received disconnect just after
a PAM message.  Aha!
4.  Compared the pam.conf files. Identical.  Rats!
5.  Some one suggested login.conf.  Also identical.  Very large
6.  Finally found that login.access was different on conan.  I had
been clever when setting it up 4 years ago, and had forgotten that I'd
restricted the access.

Site Timeline