Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Dear Repo,
Below is the latest result. I have port forward 2222 on router but still I cannot log in but using local ip I can still go in after changing to port 2222.
Starting Nmap 4.75 ( http://nmap.org ) at 2012-01-03 19:10 Central Europe Standard Time
Interesting ports on 82.124.in-addr.arpa.tm.net.my (124.82.40.118):
PORT STATE SERVICE
2222/tcp filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 1.67 seconds
Are you sure, the ports are correctly forwarded, and the ssh daemon is listening on port 2222?
Do you have a firewall?
Did you restarted the ssh daemon after changing the port?
Can you connect to port 2222 from the server itself?
If all this is correct, I would suggest to contact your provider, to make sure the ports aren't blocked.
Dear Repo,
Yes I went into the sshd_config file first this line was commented #Post 22 then I uncommented it PORT 2222. Then on the firewall I add another other port 2222. Then I check the iptables is there ready. So then I restart both ssh and also iptables. Then I go to my router and port forward 2222. How to connect to port 2222 from the server itself?So any else I am missing? I might guess the router might be giving a problem here?
Dear Repo,
I tried this command and below is the results. Does it give any clue what is wrong?
[root@localhost ~]# ssh -p 2222 127.0.0.1
The authenticity of host '[127.0.0.1]:2222 ([127.0.0.1]:2222)' can't be established.
RSA key fingerprint is 19:31:a4:ea:1c:7d:10:6e:12:91:01:ba:15:15:ed:9a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[127.0.0.1]:2222' (RSA) to the list of known hosts.
# grep -i ssh /var/log/messages
Jan 1 08:00:33 localhost avahi-daemon[1381]: Loading service file /services/ssh.service.
Jan 1 08:00:33 localhost avahi-daemon[1381]: Service "linux" (/services/ssh.service) successfully established.
Jan 1 08:22:29 localhost avahi-daemon[1364]: Loading service file /services/ssh.service.
Jan 1 08:22:29 localhost avahi-daemon[1364]: Service "linux" (/services/ssh.service) successfully established.
Jan 1 09:43:09 localhost avahi-daemon[1355]: Loading service file /services/ssh.service.
Jan 1 09:43:09 localhost avahi-daemon[1355]: Service "linux" (/services/ssh.service) successfully established.
Jan 1 08:00:55 localhost avahi-daemon[1361]: Loading service file /services/ssh.service.
Jan 1 08:00:57 localhost avahi-daemon[1361]: Service "linux" (/services/ssh.service) successfully established.
Jan 1 09:18:06 localhost avahi-daemon[1384]: Loading service file /services/ssh.service.
Jan 1 09:18:06 localhost avahi-daemon[1384]: Service "linux" (/services/ssh.service) successfully established.
and then try to authenticate using ssh. It should give you some kind of error message. If that log was not helpful then you could list /var/log for the last written files.
Code:
ls -ltr /var/log
Investigate the log files from the bottom up.
Hopefully you find a solution in my suggestions, if not we'll work from there.
SAM
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 2222
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes
[root@localhost ~]# ssh -p 2222 127.0.0.1
The authenticity of host '[127.0.0.1]:2222 ([127.0.0.1]:2222)' can't be established.
RSA key fingerprint is 19:31:a4:ea:1c:7d:10:6e:12:91:01:ba:15:15:ed:9a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[127.0.0.1]:2222' (RSA) to the list of known hosts.
So sshd is working and accepting connections on port 2222
Quote:
Starting Nmap 4.75 ( http://nmap.org ) at 2012-01-03 19:10 Central Europe Standard Time
Interesting ports on 82.124.in-addr.arpa.tm.net.my (124.82.40.118):
PORT STATE SERVICE
2222/tcp filtered unknown
This means there is a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed.
Since you told us the router and the firewall are set to accept/forward port 2222 to port 2222 on the server, the problem is outside your network.
Did you contact your provider to ask if ports are blocked on your connection?
Not exactly relevant to the question at hand.
But in your sshd_config, you have PermitRootLogin enabled....
This is generally accepted as being bad practice, and it should be disabled..
Last edited by fukawi1; 01-04-2012 at 04:51 AM.
Reason: Repo beat me to it....
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.