LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-12-2004, 04:36 PM   #1
Longinus
Member
 
Registered: Sep 2003
Distribution: Redhat 9.0 && Slackware 9.1
Posts: 420

Rep: Reputation: 30
friend cannot ssh into my box


hi

here is what i did to setup:

sshd -p 7000
then i forwarded port 7000 to my box

then i tried to ssh into my linux box from my other computer
(i used the actuall modem ip, not the private ip)

and it worked

but my friend cannot ssh into it though....

any suggestions on making it work?

thanks
 
Old 07-12-2004, 04:43 PM   #2
t3___
Member
 
Registered: Sep 2003
Posts: 240

Rep: Reputation: 30
can you elaborate on your friend?

where is he at? is he getting "host not found" or "connection refused" or authentication errors?

provide some additional info and wull try to help you out.
 
Old 07-12-2004, 04:44 PM   #3
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
I'd suggest re-examining your firewall rules ...

The IP stack on the firewall/router may well
be clever enough to discriminate between
a connection from outside the network and
inside despite the fact that you were using
the external IP to connect to it.


Cheers,
Tink
 
Old 07-12-2004, 04:51 PM   #4
Longinus
Member
 
Registered: Sep 2003
Distribution: Redhat 9.0 && Slackware 9.1
Posts: 420

Original Poster
Rep: Reputation: 30
he says it just fails to connect and it times out

tinkster, i will try that, but how do i examin my firewall rules? lol
 
Old 07-12-2004, 04:52 PM   #5
SheldonPlankton
Member
 
Registered: Jun 2004
Posts: 129

Rep: Reputation: 15
have your friend execute the ssh command with the -v option. Is your friend specifing port 7000? you know ssh -v -p7000 blah
 
Old 07-12-2004, 04:56 PM   #6
Longinus
Member
 
Registered: Sep 2003
Distribution: Redhat 9.0 && Slackware 9.1
Posts: 420

Original Poster
Rep: Reputation: 30
ya i told him what to type in

ssh myip -p 7000 -l user
 
Old 07-12-2004, 05:15 PM   #7
Chibo
LQ Newbie
 
Registered: May 2004
Posts: 14

Rep: Reputation: 0
I am his friend, he can ssh into my box perfectly fine... However, when I try to connect to his it simply times out. The port is forwarded to the right machine. Rather odd, IMO.

edit: No, the problem isn't on my end. His box is the only one that times out for me...
Code:
ethereal@akira:~$ ssh edit -l chibo -v
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to edit [edit] port 22.
debug1: Connection established.
debug1: identity file /home/ethereal/.ssh/identity type -1
debug1: identity file /home/ethereal/.ssh/id_rsa type -1
debug1: identity file /home/ethereal/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 FreeBSD-20020702
debug1: match: OpenSSH_3.4p1 FreeBSD-20020702 pat OpenSSH_3.2*,OpenSSH_3.3*,OpenSSH_3.4*,OpenSSH_3.5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'edit' is known and matches the DSA host key.
debug1: Found key in /home/ethereal/.ssh/known_hosts:2
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ethereal/.ssh/identity
debug1: Trying private key: /home/ethereal/.ssh/id_rsa
debug1: Trying private key: /home/ethereal/.ssh/id_dsa
debug1: Next authentication method: password
chibo@edit's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Mon Jul 12 17:32:07 2004
FreeBSD 4.6.2-RELEASE-p26 (MNET) #7: Sun Oct  5 00:39:40 EDT 2003

Last edited by Chibo; 07-12-2004 at 05:33 PM.
 
Old 07-12-2004, 06:51 PM   #8
SheldonPlankton
Member
 
Registered: Jun 2004
Posts: 129

Rep: Reputation: 15
It looks like you where able to login?
Code:
debug1: Next authentication method: password
chibo@edit's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Mon Jul 12 17:32:07 2004
FreeBSD 4.6.2-RELEASE-p26 (MNET) #7: Sun Oct  5 00:39:40 EDT 2003
Are you sure this is the right output? For one thing you connected on the default port of 22 when your friend said he is running sshd on port 7000? I don't see any "timeout" message in the output you posted.
 
Old 07-13-2004, 03:03 AM   #9
Chibo
LQ Newbie
 
Registered: May 2004
Posts: 14

Rep: Reputation: 0
That was an example showing that I can, indeed, login to other computers. Sorry for the misunderstanding.
 
Old 07-13-2004, 03:50 AM   #10
muxman
Member
 
Registered: Apr 2004
Distribution: Debian
Posts: 203

Rep: Reputation: 32
Just a couple things I didn't see mentioned I thought I'd chime in with.

Do you have a vaild user and password setup for this user?

When you login and succeed are you trying to use his username and password? Or yours?

Is your friend trying to connect with ssh1 protocol and your server only allows ssh2 protocol? Or vice versa?

Double check the firewall and make sure the ports are being forwarded correctly.
My router will not allow inside connections to use the external IP, they must specify an internal one.
(just an example on how my router works)

Make sure there isn't something else running on that port. Just in case.

Hope one of those will help.
-=MuX=-
 
Old 07-13-2004, 07:13 AM   #11
Kess78
Member
 
Registered: Jul 2004
Location: Switzerland
Distribution: Debi@n, SuSE
Posts: 36

Rep: Reputation: 15
First thing:
The ssh daemon default listening port is 22. If you forward your listening port 7000 to your ssh server it works only if your server is listening on port 7000 or only if you redirect port 7000 on your firewall to port 22 on your sshd.

Second Thing:
I think you have only one public IP address, and all the others are part of a private class (your ssh server real ip address is something like 192.168.x.y)...
To do what you're asking for you need to use NAT rules (Network Address Translation)!!! So learn how to use IPTABLES !!!

To help you maybe you can try to use a software called fwbuilder (http://www.fwbuilder.org). This software builds iptables command for you in a graphical frontend.

Bye kess....
 
Old 07-13-2004, 02:33 PM   #12
Longinus
Member
 
Registered: Sep 2003
Distribution: Redhat 9.0 && Slackware 9.1
Posts: 420

Original Poster
Rep: Reputation: 30
well sshd should be running on 7000 because i edited sshd_config

and i also killed sshd and restarted it using:

sshd -p 7000

so im sure it should be running on 7000

i checked my forwarded port and it is done correctly and is pointing to my computer
at 192.168.1.100

i have setup a user and password for chibo to use, and i have ssh'd into my computer from another computer and succesfully logged into the account i setup for him.

i do not know anything about the ssh1 or ssh2 protocols, everything should be default because i have never touched any ssh config files except for sshd_config where i only changed the port number.

could it be something wrong on chibo's side? lol

-also:
i have no iptable rules so i guess that means there shouldnt be a problem with that

Last edited by Longinus; 07-13-2004 at 04:13 PM.
 
Old 07-14-2004, 01:05 PM   #13
SheldonPlankton
Member
 
Registered: Jun 2004
Posts: 129

Rep: Reputation: 15
To verify that you are running sshd on port 7000, execute this command ...
Code:
$ telnet whatever 7000
... if you are indeed running sshd and it is accepting connections on port 7000 and the firewall is not blocking port 7000 then you should see output like this ....
Code:
bash-2.05b$ telnet whatever 7000
Trying 111.111.111.111...
Connected to whatever.
Escape character is '^]'.
SSH-X.XX-OpenSSH_X.XXpX
^]
 
telnet> quit
Connection closed.
bash-2.05b$
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Understanding SSH (Sun box to Linux box) oswald21 Linux - Newbie 2 07-08-2006 03:06 PM
SSH to a box behind NAT mattp Linux - Networking 4 10-04-2005 02:33 AM
can't ssh into my own slackware 9.1 box, please help plan9 Linux - Networking 2 05-31-2004 07:58 PM
ssh to my box spuppett Linux - Networking 23 05-18-2004 07:11 PM
can't ssh to the box but everyone else can wisdm Linux - Networking 1 01-17-2004 02:22 PM


All times are GMT -5. The time now is 05:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration