Results 1 to 7 of 7

Thread: I can't connect (by ssh) to my Knoppix 4.0 machine

  1. #1
    Junior Member registered user
    Join Date
    Sep 2005
    Posts
    11

    I can't connect (by ssh) to my Knoppix 4.0 machine

    Hi,
    I've just installed Knoppix 4.0.2 (CD version) on the HD of the PC in my office.
    Everything looks fine but the following problem.

    I've at my disposal a static IP address and I've not any problem to see the web starting from my PC.
    Nevertheless, I can't connect by ssh to my PC STARTING FROM THE EXTERNAL.
    The answer is always: "Connection refused".

    What I've to do in order to be able to connect from the external?

    Let me describe my further tries.
    I thought the problem was in the firewall settings.
    (BTW, am I right?).
    Thus, I run firewall command (it gives the same as it starts from the menu Knoppix -> services -> Knoppix firewall)
    and I tried to deactivate the firewall, but when I tried to save the configuration it answered to me:
    "You have to create a persistent knoppix image first",
    then I stopped because I thought the OS was still working as it was running from the CD.


    Thank you for your kind help,
    ciao,
    Ugo


    P.S. Since I've to install Linux also in a PC classroom (and I try to do it in a way the students can easily reconstruct at their home,
    then I use knoppix) I'm very happy with this setting that doesn't allow to connect from the external for general purposes, but
    not for the PC in my office that must be on all the time. With Knoppix 3.3 this problem didn't show up.

  2. #2
    Senior Member
    Join Date
    Nov 2003
    Posts
    1,323
    To see if ssh is listening: netstat -tupan
    To check firewall rules: iptables -nvL
    To add ssh rules (modify if different port or some such):
    /sbin/iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
    /sbin/iptables -A INPUT -i eth0 -p udp -m udp --dport 22 -j ACCEPT

  3. #3
    Junior Member registered user
    Join Date
    Sep 2005
    Posts
    11

    It seems to not work

    Dear Markus,
    your suggestions had a good sound. I'm not able to make the tries directly on the HD installation on the
    PC of my office (I'll not be there till monday or tuesday).
    Thus, I tried by running the 4.0.2 Cd version of Knoppix from the CD of my laptop.
    (BTW, tell me if this make a big difference in test, but I think that trying to connect by ssh
    to a Knoppix running machine in the "live" way is a problem interesting in itself).

    This is the result of my tries.

    root@0[knoppix]# netcardconfig
    Sending DHCP broadcast from device eth0 OK.

    root@0[knoppix]# netstat -tupan
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:68 0.0.0.0:* LISTEN 1984/pump
    tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 2607/XFree86

    root@0[knoppix]# iptables -nvL
    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination

    root@0[knoppix]# /sbin/iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT

    root@0[knoppix]# /sbin/iptables -A INPUT -i eth0 -p udp -m udp --dport 22 -j ACCEPT


    Then, I connected by ssh to another machine (say pippo its name) where I've an account:
    as usual, no problem.
    From that machine (pippo), I've written the command

    pippo-ugo:ssh -l knoppix XXX.YYY.WWW.ZZ
    ssh: connect to host XXX.YYY.WWW.ZZ port 22: Connection refused

    where obviously XXX.YYY.WWW.ZZ means the IP number given to my laptop by the DHCP server.

    Thus, it seems to not work.
    I've read a little the man page about iptables, but this overwhelm my little knowledge of Linux.
    Any other idea to go on?


    Thanks a lot for your effort,
    ciao,
    Ugo

  4. #4
    Senior Member
    Join Date
    Nov 2003
    Posts
    1,323
    From the netstat output it looks like sshd isn't running. Try "sudo /etc/init.d/ssh start" on the server, and do netstat again.
    The iptables commands seem unneeded since it has accept policy all over.

  5. #5
    Junior Member registered user
    Join Date
    Sep 2005
    Posts
    11
    Dear Markus,
    great! Running the command
    /etc/init.d/ssh start
    from a root terminal has been the main step to let me connect by ssh to my KNOPPIX 4.0.2 laptop (still
    running from the CD in "live" way). I had just to set a password for the knoppix user, because, otherwise,
    ssh don't le me to connect. I guess the behaviour of a machine after a HD install will be the same.

    I guess you're feeling happy because you are thinking to have finished your work with me.
    You're wrong! I've a couple of questions for you that may be are of interest for the community.

    I remember very well that at the end of the HD install of KNOPPIX 3.2 and 3.3 (I did it many times)
    I was asked to start the ssh server daemon (or something sounding like that); the same didn't occurr
    for HD install of KNOPPIX 3.7 and 4.0 (and I guess the same for the intermediate versions).
    Question (1):
    is this fact making the difference after the HD install about the ssh connection?
    I mean with the versions 3.2 and 3.3 you are allowed to connect by ssh from the external to the
    PC running from the HD install, on the other hand with versions 3.7 and 4.0 you're not allowed to do it.

    If the answer to question (1) is "Yes, this makes the difference", I think it is better to let the HD install in the
    present state about the (not) starting of the ssh daemon: it's much more safe, because KNOPPIX addresses
    also to newbies and middle experts.

    However,
    question (2) :
    isn't better to write down how to allow an ssh connection to a KNOPPIX machine in some howto?

    I think it could help people interested in HD install.
    BTW, I've read many times that KNOPPIX project is not taylored for the HD install, but mainly for
    the "live way" running. I see.
    However, for people (like me) interested in the teaching it is very important that KNOPPIX project
    succeeds in being stable both in HD and in the "live way" running. In fact, this allows the teacher
    to create an environment at the university (or eventually at college) such that the students can easily
    recreate it at home even without an HD install (many of them are very scared about the HD install, because
    they don't want risk to damage windows ....).
    Let me say that none of the projects taylored for scientific/educational purposes (like Quantian, Edubuntu, etc.)
    is as flexible as KNOPPIX in the "live way".


    Sorry for the length of my thoughts.
    God bless you!
    Ciao,
    Ugo

  6. #6
    Senior Member
    Join Date
    Nov 2003
    Posts
    1,323
    It's actually a long time since I've used knoppix. The last hd install with it was 3.3. I'm using kanotix and debian hd installs nowadays, and there isn't much kanotix specific left in the kanotix install either.
    I don't recall now how secure the sshd_config in knoppix is. It doesn't really have to be either since it's meant for livecd use. Things like that make it a not so perfect hd install. At a bare minimum disallow root login in it, and perhaps change the listening port. After do "/etc/init.d/ssh restart" for the settings to take effect.
    If you want a livecd that also makes a good hd install, try kanotix.
    There's one more thing to consider with daemons like ssh when using debian. When you install a daemon it gets added to the startup scripts in /etc/rc* and starts on bootup. The same thing happens when you upgrade a service like ssh. If you don't want to do "update-rc.d -f ssh remove" everytime you upgrade it, change the symlinks to K instead of S, namely kill instead of start.

    1) The reason for the change in the installer asking about ssh might well be that knoppix now uses the installer from kanotix.

    2) Now that you have experimented and managed it, feel free to add to the wiki http://www.knoppix.net/wiki/Ssh

  7. #7
    Junior Member
    Join Date
    Oct 2005
    Posts
    2
    hi,

    after you started sshd, try on the same host: ssh localhost -l some_user_name. That
    can tell you if sshd is running OK. this might not be your case but if you have AllowUsers
    set in /etc/ssh/sshd_config then you have to put autorized userid in it to enable login
    by that user. hope this helps

Similar Threads

  1. Knoppix on a virtual machine
    By tre in forum Laptops
    Replies: 0
    Last Post: 12-25-2008, 07:10 PM
  2. How to Connect to XP machine
    By warrenite in forum MS Windows & New to Linux
    Replies: 4
    Last Post: 08-02-2006, 07:25 PM
  3. Replies: 1
    Last Post: 04-15-2006, 06:34 PM
  4. Using knoppix with a virtual machine like dsl, possible?
    By B@se in forum Hdd Install / Debian / Apt
    Replies: 2
    Last Post: 07-25-2005, 07:23 PM
  5. Knoppix 3.7 on hde,not running as hda on another machine
    By honigbaer in forum Hdd Install / Debian / Apt
    Replies: 0
    Last Post: 01-22-2005, 06:48 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •