SSH - fish, sftp - will settle for anything

[nishtya]

I have two computers. Cable modem. Router. Everything connects to internet fine. Now I am trying to get them to talk to each other, well at least be able to pluck files from one to other. I have assured ssh running on both machines. I have been trying ssh myusername@192.168.1.whateverforwhichevermachine. Likewise tried sftp and fish:// in konqueror. I am never rewarded with a password request. Just times out.

I use guarddog as frontend to configure iptables. There is no sftp protocol that I can find (yes, I am blind practically) where am I going wrong? It seems like it is blocked but I don't where to unblock it.

Help appreciated - I just want to be able to stop running up and down stairs with disks. Thanks much

[mzilikazi]

1) Turn off your software firewalls.

2) Can each box ping each of the other boxes on your network?

3) ps aux|grep sshd (on each box)

4) Have you configured ssh keys on each box? Easiest way:

$ wget http://kanotix.com/files/fix-ssh.sh
$ chmod +x fix-ssh.sh
# ./fix-ssh.sh

[nishtya]

ping does not work. But if I shutoff my firewall what is the purpose of it? I might as well use windows. Sad but at least with it I can block outsiders and have a network. I don't think it is right to shut off the firewall. There should be a way to allow this protocol or user without shutting off protection

[nishtya]

yeah hokey pokey and turned myself around. And I still can't network two little puters in linux. Badabingbadabanbadaboom and it is done in windows. But since I don't have any files in windows worth a damn to share between the two puters it is useless. Windows cannot see the linux partitions so there will be no sharing the linux files on the two.

All I want to do is that fishing thing. I have ssh going, I allowed ping in guarddog and I can ping between the two until the cows come home. Still couldn't fish. I uninstalled the firewall for goodness sake. No joy.

But the worst thing? I actually read man pages for iptables. You want to know hell? It is man pages in iptables.

Problem is sftp is apparently a figment of someone's imagination. The protocol doesn't exist to allow (or you would think vice versa) no, I am not kidding. Somewhere along the line of all my linux installs I remember seeing some remote share option that I always shut OFF. Now I can't find the bloody thing.....please help?

[mzilikazi]

ping does not work. But if I shutoff my firewall what is the purpose of it?

nishtya you need to simplify your life. Turning off the software firewall lets you rule out one more potential snag in the overall networking picture. After you get simple networking established between your machines then you can restart your software firewall. Keep it simple! BTW you ARE already behind a hardware firewall.

OK according to your next post you can now ping between the two boxes. Good. Did you confirm that you have sshd running?

ps aux|grep ssh

OK if that's running did you set up ssh keys as I previously posted?

Oh and I already know that it's easy (and insecure) to set up file sharing in windows. You're trying to set up ssh which is Secure SHell. Note the emphasis on security.

[nishtya]

gone fishing

but, I don't know what I did different this time. Even without firewall I couldn't get ssh or fish (is fish using ssh or sftp? - I can't get a handle on sftp) so I reinstalled the firewall. This time it works. Go figure - maybe it was the reboot. Or, I am not sure if I had ssh allowed locally on both before - just internet. So many places to look for things!

I am starting ssh in runlevel 5 on both boxes but it seems to not be working on one, I have to start it manually. Sorting through that. And how to make sure it is secure. I had run kano's script when I installed but ran again to be sure. Is there some way to make ssh only for one machine to another, not allow it from elsewhere? (I wouldn't care to login in from outside - the machines are shut off when I am out anyway). I am more secure in windows because I understand it better though it is inherently less secure (does that make sense?). If I live to be 100 I will never be proficient in linux, when I read man pages it is like greek to me.
Thanks

[mzilikazi]

gone fishing

but, I don't know what I did different this time. Even without firewall I couldn't get ssh or fish (is fish using ssh or sftp? - I can't get a handle on sftp) so I reinstalled the firewall. This time it works. Go figure - maybe it was the reboot. Or, I am not sure if I had ssh allowed locally on both before - just internet. So many places to look for things!

fish is a virtual file system usable only through Konqueror and mc (AFAIK).

I am starting ssh in runlevel 5 on both boxes but it seems to not be working on one, I have to start it manually. Sorting through that.

To start a service on boot:

Code:

update-rc.d ssh defaults

To stop a service from starting:

Code:

update-rc.d -f ssh remove

And how to make sure it is secure.

Start with a good passphrase. You may want to look here for more info on ssh.

I had run kano's script when I installed but ran again to be sure. Is there some way to make ssh only for one machine to another, not allow it from elsewhere? (I wouldn't care to login in from outside - the machines are shut off when I am out anyway).

If a box does not run the sshd then it is impossible to ssh into that box. Keep in mind that you will *never* be able to ssh into any of your LAN boxes from the outside unless you forward port 22 to a specific i.p. address on your LAN. The same is true of a web server or ftp server etc. You would first need to tell your router to allow access on port 22 then forward port 22 to the i.p. of the box you want to ssh into from the outside.

I am more secure in windows because I understand it better though it is inherently less secure (does that make sense?). If I live to be 100 I will never be proficient in linux, when I read man pages it is like greek to me.
Thanks

Indeed man pages can be a nightmare but you have already gotten your network up and running! Congrats

[nishtya]

oh DARN! I spoke too soon. Not working both ways. Only one way, the other I am getting this (it was working last night, really it was)

"@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
(I have cut this out).
Please contact your system administrator.
Add correct host key in /home/nishtya/.ssh/known_hosts to get rid of this message.
Offending key in /home/nishtya/.ssh/known_hosts:1
RSA host key for 192.168.1.100 has changed and you have requested strict checking.
Host key verification failed"

alright, what have I done?

[mzilikazi]

alright, what have I done?

SImple. You changed your hostkey. Just do as it tells you and put the correct key in /home/nishtya/.ssh/known_hosts.
Of course since you're only on your home LAN you could always just nuke /home/nishtya/.ssh/known_hosts. When you log in again the file will be recreated. That's just a workaround to make things simple. By no means is it *good* advice allthough it does work.

[nishtya]

didn't change my host key. At least, I don't know how to change my host key Mz, I have one of my folks here at work trying to help me understand the key biz too and I have become hopelessly lost.

This is the setup:
one computer downstairs (main one - it generally has all the files I want on it) it has two linux distros and windows (don't care about windows files).

one computer upstairs (usually needs files that are on downstairs puter) runs only 1 linux distro and windows.

Last night I could have sworn I had either linuxes downstairs and the one upstairs merrily sshing each other (maybe, I am old senile blind and gimpy )This morning although I could get into the upstairs box from downstairs box when I tried it the other way I got this error. And it generally will be that way that I need to get files from the downstairs computer onto the one upstairs while I am upstairs

Now if I have to delete some key file or whatnot on the one machine every time I want to ssh into it from the other it sort of defeats the purpose and I am back to running up and down the stairs, no? Or can I keep the same key through reboots (if I only use one linux maybe on that downstairs puter?) My coworker says I could do something with a static IP but it is getting to be a bit beyond my level of expertise (none)