NAV 11 preventing ssh connections in Leopard

Not applicable

Greetings. I have a problem where Norton AntiVirus 11 is preventing ssh
connections on my Leopard macs (including my own) which in turn is
preventing me from using Casper to deploy software updates. I've made sure
Remote Login is on and that the Firewall is allowing connections.

It's as if port 22 keeps toggling off despite the GUI saying otherwise.
Here's the message I get when I try to ssh into one of the macs:
XXX-XXXXX:~ xxxxxxxx$ ssh -vvv x.x.x.x
OpenSSH_5.1p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to x.x.x.x http://x.x.x.x port 22.
debug1: connect to address x.x.x.x port 22: Connection refused
ssh: connect to host x.x.x.x port 22: Connection refused

The problem goes away when I uninstall NAV 11. It temporarily goes away
when I run Disk Utility and repair disk permissions. I am able to ssh in
for about 10-15 minutes before my connection is refused. Here¡¯s a log:

Repairing permissions for ©øMacintosh HD©÷
Reading permissions database.
Reading the permissions database can take several minutes.

User differs on "private/etc/hostconfig", should be 0, user is 99.
Group differs on "private/etc/hostconfig", should be 0, group is 99.
User differs on "System/Library/LaunchDaemons/ssh.plist", should be 0, user
is 99.
Group differs on "System/Library/LaunchDaemons/ssh.plist", should be 0,
group is 99.
Group differs on "private/etc/cups", should be 0, group is 26.
Permissions differ on "private/var/spool/cups/cache/rss", should be
drwxr-xr-x , they are drwxrwxr-x .

Permissions repair complete

This problem is consistent from 10.5-10.5.6. Anyone else run into this one?

G Lo
--
Gregory Lopez
Sr. Mac/Network Analyst
Wunderman - Seattle

2 REPLIES 2

jarednichols
Honored Contributor

With NAV functioning ¡°properly¡± can you do a sudo ipfw list and post the results?

Thanks

j

Not applicable

Here¡¯s what I get:

65535 allow ip from any to any

Interestingly, I¡¯m able to ssh into a few, but not all macs now. Hmmmm.

G Lo
--
Gregory Lopez
Sr. Mac/Network Analyst
Wunderman - Seattle