-
Senior Member
registered user
OK, now I'm home and I got sshd to listen on port 80. So I can ssh ing from home on port 22 and then I try to ssh back from work on port 80 and I get "connection closed by remote host." So, that's some progress! It only timed-out before. I did forward the port onthe D-Link before it worked. However, I'm still not in.
Regards,
AJG
-
If you have ALL:ALL in /etc/hosts.deny try adding the following lines to hosts.allow
ssh sshd : workIP @domain : ALLOW
ssh sshd : 127.0.0.1 LOCAL : ALLOW
EDIT: You can do this with one line:
ssh sshd : 127.0.0.1 .workdomain : ALLOW
You might as well start by testing the connection from home to home just to rule out some problems.
-
Senior Member
registered user
OK, I'll try to edit hosts.allow as you suggest just as soon as I get home since I can't ssh there from work anymore and edit it from here! Boy, I never realized how much I had come to depend on ssh! What a pain this is. I've been using ssh, sftp and fish for tons of everyday stuff. In fact, I set up sshd because it was so easy to use and more secure than ftp and telnet ever was. I've never had to do anything to hosts.allow, but lets see what happens.
Anyway, here's the current state of affairs:
PC at work, I reset (after much tweaking) ssh_config and sshd_config to port 22.
PC at home, I also left ssh_config with port 22 but changed sshd_config at home to use port 80.
The idea is so I can still ssh from home to work without a problem:
ssh userid@homeip
Further, the idea was to ssh from work to home using port 80 thusly:
ssh userid@workip -p80
HomeToWork is fine. Before I switched to port 80, WorkToHome would timeout. I've apparently made some progress as now with port 80 I get connection closed by remote host! Now what?
Thanx,
AJG
-
Senior Member
registered user
OK, I'm home!
BTW, port 80 works fine internally on my home office PCs and port 22 works fine internally on my work LAN and hosts.deny has ALL:PARANOID in it. Does that mater?
I placed the following 2 lines in hosts.allow and restarted ssh but no joy!
ssh sshd : workip@ALL : ALLOW
ssh sshd : 127.0.0.1 LOCAL : ALLOW
is that correct?
What if I just comment out ALL:PARANOID in hosts.deny
and change ssh sshd : workip@ALL : ALLOW to ssh sshd : ALL@ALL : ALLOW
in hosts.allow?
-
![Quote](images/misc/quote_icon.png)
Originally Posted by
A. Jorge Garcia
OK, I'm home!
BTW, port 80 works fine internally on my home office PCs and port 22 works fine internally on my work LAN and hosts.deny has ALL:PARANOID in it. Does that mater?
I placed the following 2 lines in hosts.allow and restarted ssh but no joy!
ssh sshd : workip@ALL : ALLOW
ssh sshd : 127.0.0.1 LOCAL : ALLOW
is that correct?
Nope. try:
ssh sshd : workip @workdomain : ALLOW
What if I just comment out ALL:PARANOID in hosts.deny
and change ssh sshd : workip@ALL : ALLOW to ssh sshd : ALL@ALL : ALLOW
in hosts.allow?
You need a space before "@". You're allowing an ip AND a domain. (wishing I remembered the syntax correct)
Besides, are you sure you want the whole world to be able to connect? At least add AllowUsers user1 user2 and so on to sshd_config.
-
Senior Member
registered user
I don't understand what to put in for workdomain.
BTW, you need a userid and password and ipaddress to get in, right?
TIA,
AJG
-
Senior Member
registered user
OK, in a desperaate attempt to try to get this working agian I commented out everything in hosts.deny (ie: ALL:PARANOID) and added
ssh sshd : ALL@ALL : ALLOW
ALL : 127.0.0.1 LOCAL : ALLOW
to hosts.allow (everything else in that file is commented out too). I restarted sshd, I sshed in to the work PC but I still can't ssh back from there. Something really wierd is going on here!
Regards,
AJG
-
Ok, I'm getting clueless again. I ran a test as example:
First check if ssh is really listening:
root@fujibox:~# netstat -tupan|grep LISTEN
tcp6 0 0 :::80 :::* LISTEN 3149/sshd
# /etc/hosts.allow: list of hosts that are allowed to access the system.
# ssh sshd : ALL@ALL : ALLOW
ssh sshd : 127.0.0.1 LOCAL : ALLOW
ssh sshd : ip.from.where.iconnect : ALLOW
# snipped a few allowed lines ![Wink](images/smilies/icon_wink.gif)
#ALL : 127.0.0.1 LOCAL : ALLOW
#ALL : ALL@ALL : DENY
ALL:ALL:deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
#ALL: PARANOID
ALL:ALL
Opened in iptables:
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p udp -m udp --dport 80 -j ACCEPT
Forwarded in my router after checking inet addr with ifconfig:
to_IP:192.168.2.166 port:80 protocol:both enable
Connected with:
ssh -p 80 markus@my.ip.number
It then asks to save the rsa key and proceeds to connect.
-
Senior Member
registered user
OK, let me try all that. But, one thing, you now say that I use
ssh sshd : ip.from.where.iconnect : ALLOW
say
ssh sshd : 111.112.113.114 : ALLOW
in hosts.allow, not
ssh sshd : ip.from.where.iconnect @domainname: ALLOW
say
ssh sshd : 111.112.113.114 @school.edu: ALLOW
that's what is confusing me. I thought you said I had to specify a domainname for my work which I'm not sure of.
I'm wondering if something else is going on here. I never had a problem setting up ssh like this....
Thanx for all your help!
Regards,
AJG
-
First of all, I'm hardly an expert on this.
Second, sorry if I mislead you. I meant you can specify an IP and/or a domain from where you connect. I just use an IP myself.
The domain is probably the @part of your work email.
I'm not trying to confuse you more but you can also allow an IP-range.
Say your workip is 111.222.333.444 you can do: whois 111.222.333.444 which should give you close to the top of the output inetnum.
Say the range is 111.222.333.0 - 111.222.444.555 you can then put in hosts.allow:
ssh sshd : 111.222.333. : ALLOW
ssh sshd : 111.222.444. : ALLOW
Similar Threads
-
By kn2user in forum General Support
Replies: 0
Last Post: 12-06-2004, 06:43 PM
-
By ngtisu in forum Hardware & Booting
Replies: 4
Last Post: 09-27-2004, 03:13 PM
-
By KeTZer in forum Hardware & Booting
Replies: 0
Last Post: 05-13-2004, 01:47 PM
-
By oscar in forum Networking
Replies: 8
Last Post: 05-07-2003, 03:12 AM
-
By halvorj in forum Hardware & Booting
Replies: 5
Last Post: 04-11-2003, 04:16 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
![LOT OF 16 Intel Xeon E3-1241v3 3.50GHz Quad Core FCLGA1150 Server Processor picture](/store/img/g/BFEAAOSwBLxmbODU/s-l225/LOT-OF-16-Intel-Xeon-E3-1241v3-3-50GHz-Quad-Core-F.jpg)
LOT OF 16 Intel Xeon E3-1241v3 3.50GHz Quad Core FCLGA1150 Server Processor
$209.95
![Intel i7 3770 Quad Core 3.40 GHz CPU Processor LGA 1155 - 5 Available picture](/store/img/g/EZ0AAOSwzbtmYweO/s-l225/Intel-i7-3770-Quad-Core-3-40-GHz-CPU-Processor-LGA.jpg)
Intel i7 3770 Quad Core 3.40 GHz CPU Processor LGA 1155 - 5 Available
$28.00
![Intel - Core i9-14900K 14th Gen 24-Core 32-Thread - 4.4GHz (6.0GHz Turbo) Soc... picture](/store/img/g/YFUAAOSwTDplMDa3/s-l225/Intel-Core-i9-14900K-14th-Gen-24-Core-32-Thread-4-.jpg)
Intel - Core i9-14900K 14th Gen 24-Core 32-Thread - 4.4GHz (6.0GHz Turbo) Soc...
$546.99
![Intel - Core i7-14700K 14th Gen 20-Core 28-Thread - 4.3GHz (5.6GHz Turbo) Soc... picture](/store/img/g/0eYAAOSwcHZlMDWu/s-l225/Intel-Core-i7-14700K-14th-Gen-20-Core-28-Thread-4-.jpg)
Intel - Core i7-14700K 14th Gen 20-Core 28-Thread - 4.3GHz (5.6GHz Turbo) Soc...
$381.99
![Intel Core i5-12400F - 6-Core 2.5GHz 12th Gen Alder Lake LGA 1700 65W CPU picture](/store/img/g/wucAAOSwFLxh1X-c/s-l225/Intel-Core-i5-12400F-6-Core-2-5GHz-12th-Gen-Alder-.jpg)
Intel Core i5-12400F - 6-Core 2.5GHz 12th Gen Alder Lake LGA 1700 65W CPU
$118.84
![AMD Ryzen 5 7600x Processor (5.3 GHz, 6 Cores, LGA 1718/Socket AM5) NEW OEM Tray picture](/store/img/g/TPkAAOSwvv5mT7XN/s-l225/AMD-Ryzen-5-7600x-Processor-5-3-GHz-6-Cores-LGA-17.jpg)
AMD Ryzen 5 7600x Processor (5.3 GHz, 6 Cores, LGA 1718/Socket AM5) NEW OEM Tray
$169.98
![AMD Ryzen 3 2200G CPU @ 3.50GHz picture](/store/img/g/lVcAAOSw5T1lu~3U/s-l225/AMD-Ryzen-3-2200G-CPU-3-50GHz.jpg)
AMD Ryzen 3 2200G CPU @ 3.50GHz
$25.00
![AMD Ryzen 5 5600X 6-core 12-Thread Desktop Processor AVZ9 picture](/store/img/g/A0QAAOSwOQJmWcUn/s-l225/AMD-Ryzen-5-5600X-6-core-12-Thread-Desktop-Process.jpg)
AMD Ryzen 5 5600X 6-core 12-Thread Desktop Processor AVZ9
$104.99
![** Intel i3 10100F CPU Processor - USED ** picture](/store/img/g/068AAOSwcrJmXyYd/s-l225/-Intel-i3-10100F-CPU-Processor-USED-.jpg)
** Intel i3 10100F CPU Processor - USED **
$47.99
![AMD Ryzen 9 5900X Processor 4th Gen UNLOCKED (AM4 12 Cores 24 Threads 4.8GHz) picture](/store/img/g/F3gAAOSw3PBmcuy~/s-l225/AMD-Ryzen-9-5900X-Processor-4th-Gen-UNLOCKED-AM4-1.jpg)
AMD Ryzen 9 5900X Processor 4th Gen UNLOCKED (AM4 12 Cores 24 Threads 4.8GHz)
$229.00