-
Senior Member
registered user
Thanx for all your generous help so far markus!
OK, here's the current state of affairs:
I checked netstat in a root shell and its OK.
I did all that iptable stuff you said in a root shell.
Here's my whole /etc/hosts.deny file (except for commented lines):
ALL:ALL
Here's my whole /etc/hosts.allow file (except for commented lines):
ssh sshd : 127.0.0.1 LOCAL : ALLOW
ssh sshd : XX.XX.XX.XX : ALLOW
ALL:ALL:deny
Here's my whole /etc/ssh/ssh_config file (except for commented lines):
Host localhost
ForwardAgent yes
ForwardX11 yes
Host *
ForwardX11 yes
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication yes
FallBackToRsh no
UseRsh no
CheckHostIP yes
Port 22
Protocol 2,1
Cipher blowfish
Here's my whole /etc/ssh/sshd_config file (except for commented lines):
Port 80
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
IgnoreRhosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog no
KeepAlive yes
SyslogFacility AUTH
LogLevel INFO
RhostsRSAAuthentication no
HostbasedAuthentication no
RSAAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
Subsystem sftp /usr/lib/sftp-server
UsePAM yes
I issued the following command in a root shell:
/etc/init.d/ssh restart
I logged-in to my workpc from home (using port 22)
ssh apcs@XX.XX.XX.XX
Then I logged-in from there to my homepc (using port 80)
ssh apcs@XX.XXX.XXX.XX -p80
and the best I get is:
ssh_exchange_identification: Connection closed by remote host
ARRGGGHHHHH!
Frustrated,
AJG
-
Originally Posted by
A. Jorge Garcia
I did all that iptable stuff you said in a root shell.
Umm, thats a line I use in my firewall.sh, it's not a command.
Do you have iptables running? Check with iptables -nL
Here's my whole
/etc/hosts.deny file (except for commented lines):
ALL:ALL
Here's my whole
/etc/hosts.allow file (except for commented lines):
ssh sshd : 127.0.0.1 LOCAL : ALLOW
ssh sshd : XX.XX.XX.XX : ALLOW
ALL:ALL:deny
Can't see a fault there..
Here's my whole
/etc/ssh/ssh_config file (except for commented lines):
That's only for outward connections.
Is the missing space between p and 80 a typo?
That I believe.
In your sshd_config:
HostKey /etc/ssh/ssh_host_key ---this would accept also ssh1 protocol
Well, here's my sshd_config:
Port 22
Protocol 2 ---your missing this if you want protocol 2 only
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes ---not sure if this is important
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 600
PermitRootLogin no ---change this to no
StrictModes yes
RSAAuthentication yes ---your missing this
PubkeyAuthentication yes ---your missing this
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
PasswordAuthentication no
X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
Subsystem sftp /usr/lib/sftp-server
UsePAM yes
I just ssh'd with this to work and back to home so at least for me it works. Could it be that your work has disabled the not so secure protocol1?
How about: ssh -2 -p 80 login@IP
Check first if you can connect from home to home with ssh -p 80 homelogin@homeIP and ssh -2 -p 80 homelogin@homeIP
We might be barking up the wrong tree. For all I know the answer is probably obvious and simple. I'm just not seeing it.
EDIT: Another thought. Try deleting the line for your homeIP in the known_hosts file at your work.
-
Senior Member
registered user
Well, I never had to setup iptables before! So I didn't know what I was doing when I used that shell command you gave me.
Anyway, here's what iptables -nL returns:
root@gaurdian.mil:~# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
BTW, ssh apcs@localhost -p80 works fine as does ssh apcs@localhost -p 80
Also, ssh apcs@localhost -p80 works fine as does ssh -2 apcs@localhost -p80
EDIT: OK, maybe you're on to something again with the known_hosts file....
Stumped,
AJG
-
Originally Posted by
A. Jorge Garcia
Well, I never had to setup iptables before! So I didn't know what I was doing when I used that shell command you gave me.
Anyway, here's what iptables -nL returns:
root@gaurdian.mil:~# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Ok, so iptables is running. Are you sure it wasn't running before? Otherwise I'm not sure where you got those chains. How about a reboot and then check if iptables is still running. Or check in /etc/rc2-5.d if you see something calling iptables. I haven't played with the iptables script in knoppix so I don't even know what starts it.
BTW,
ssh apcs@localhost -p80 works fine as does
ssh apcs@localhost -p 80
Ok, so space isn't important.
Also,
ssh apcs@localhost -p80 works fine as does
ssh -2 apcs@localhost -p80
Oh well, home to home seems to work too and protocol isn't important at home but how about from work with -2.
Let's hope it's the known_hosts file because quite frankly I'm really getting out of ideas here.
-
Senior Member
registered user
Sorry, I'm not up on iptables. I just issued the commands you gave me in a root shell:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -m udp --dport 80 -j ACCEPT
Regards,
AJG
-
Senior Member
registered user
I'm free, free a last, thank God almighty, free at last!!!
Markus, you are an officer, a gentleman and a genius! I just tweaked everything again on the homePC and the workPC and on the router - now all of it works! I don't know just exactly what I fixed, but I did delete the known_host files on both PCs. I think that was the clincher.
BTW, the only thing I didn't change was
PermitRootLogin yes
so I can tweak the workPC from home and the homePC from work if necessary (like I did today).
Again, thank you, and underscore, so very much!
Relieved,
AJG
-
Originally Posted by
A. Jorge Garcia
I'm free, free a last, thank God almighty, free at last!!!
Well done. Would be nice to know what it was but the main thing is it's working.
BTW, the only thing I didn't change was
PermitRootLogin yes
so I can tweak the workPC from home and the homePC from work if necessary (like I did today).
You can still do su to root even when it's set to no, the Permit thingy is just to keep out script kiddies and such that try to login directly as root with different password lists.
-
Senior Member
registered user
Thanx , Markus, for all your help. You are god amoung Linux Gurus!
BTW, I think maybe I will remove root permission after all.
Regards,
AJG
-
Ahem, you're very welcome but I'm really just another semi-intermediate user.
Wish there was some certified ladder to climb , like:
ultranoob
newbie
accomplished newb
semi-intermediate user
intermediate user
user
accomplished user
semi-guru
guru
kernel hacker
-
Senior Member
registered user
I guess I'll aspire to one day be an AccomplishedNoob!
Remember when this forum first started out? People would get some kind of rank based on how many posts they made. What happened to that? With over 1000 posts I guess I would be awarded the rank of UltraNoob since most of my posts have been questions....
Regards,
AJG
Similar Threads
-
By kn2user in forum General Support
Replies: 0
Last Post: 12-06-2004, 06:43 PM
-
By ngtisu in forum Hardware & Booting
Replies: 4
Last Post: 09-27-2004, 03:13 PM
-
By KeTZer in forum Hardware & Booting
Replies: 0
Last Post: 05-13-2004, 01:47 PM
-
By oscar in forum Networking
Replies: 8
Last Post: 05-07-2003, 03:12 AM
-
By halvorj in forum Hardware & Booting
Replies: 5
Last Post: 04-11-2003, 04:16 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Fanxiang SSD 512GB 1TB 2TB 4TB 2.5''SATA III Internal Solid State Hard Drive LOT
$188.99
Netac 1TB 2TB 512GB Internal SSD 2.5'' SATA III 6Gb/s Solid State Drive lot
$109.99
Fanxiang SSD 4TB 2TB 1TB PS5 SSD M.2 NVME SSD 7300MBS PCIe 4.0 Solid State Drive
$237.49
SAMSUNG SSD 870 EVO 1TB 500GB 250GB 2.5 inch SATA III 3 Solid State Drive US
$92.14
Patriot P210 128GB 256GB 512GB 1TB 2TB 2.5" SATA 3 6GB/s Internal SSD PC/MAC Lot
$13.99
Crucial MX500 CT250MX500SSD1 250 GB SATA III 2.5 in Solid State Drive
$14.99
SSDSC2BB600G4 INTEL DC S3500 Series 600GB 6G SATA 2.5" SSD
$25.00
Fanxiang SSD 512GB 1TB 2TB 4TB 2.5'' SSD SATA III Internal Solid State Drive lot
$13.99
4 TB SSD SATA III Drive 2.5" Solid State Drive SATAIII 6Gb/s UP to 540MB/s
$149.00
Netac 2TB 1TB 512GB 240GB Internal SSD 2.5'' SATAIII 6Gb/s Solid State Drive lot
$108.99