LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-25-2005, 05:59 PM   #1
Lsteele
LQ Newbie
 
Registered: Oct 2005
Location: Oklahoma City
Distribution: SuSE 9.1
Posts: 17

Rep: Reputation: 0
I need to allow ssh access


I need to allow ssh access to my SuSE 9.1 system. It tells me "connection refused". Where do I allow the ssh connection? I am using putty from my Windows 2000 Pro system to connect to the SuSE 9.1 linux system.
 
Old 11-25-2005, 08:37 PM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,275

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
Check if your sshd is running -- to do so become root and type "service sshd status". If it's not running, type "service sshd start" to start it and then "chkconfig sshd on" to make sure it gets started on boot. If sshd is running and you still can't connect, then check your firewall settings to make sure port 22 is being allowed through (I think that the firewall can be controlled via YaST, but I'm not 100% sure).
 
Old 11-25-2005, 11:38 PM   #3
Lsteele
LQ Newbie
 
Registered: Oct 2005
Location: Oklahoma City
Distribution: SuSE 9.1
Posts: 17

Original Poster
Rep: Reputation: 0
I get "Command not Found". I guess I do not have "service". I did a find files for it and just found a folder.
 
Old 11-26-2005, 12:22 AM   #4
danimalz
Member
 
Registered: Jul 2005
Location: West Coast South, USA
Distribution: debian 3.1
Posts: 266

Rep: Reputation: 36
In order to successfully connect you need:

1) running sshd daemon

2) port 22 open

3) other various things, but 1 and 2 are the most impt.

The previous response was redhat specific. Try running the following command:

lsof -i | grep LI

this will show open files that are 'Listening' on ports. If you have a ssh daemon running you'll see it here.

If it is not running then you'll need to start the ssh service. This is done differently depending on your distribution. In debian for example, you'd type: /etc/init.d/ssh restart

Then, you can go to a site like scan.sygate.com and run a scan against your own computer. If traffic is being allowed inbound to port 22, then you'll see it there. If not, then you must open your firewall.

if you don't understand any of this, then you are a true newbie and should delve into tutorials and howtos for awhile. If you are on a network you'll need to understand port forwarding.\

I hope i've confused u...
 
Old 11-26-2005, 02:16 AM   #5
Lsteele
LQ Newbie
 
Registered: Oct 2005
Location: Oklahoma City
Distribution: SuSE 9.1
Posts: 17

Original Poster
Rep: Reputation: 0
Thanks, I did a /etc/init.d/ssh restart and it restarted the ssh daemon. lsof still did not show ssh or port 22. scan.sygate.com says that port 22 is closed. Do you have any idea how to open it on a SuSE 9.1 system?
 
Old 11-26-2005, 10:42 AM   #6
Lsteele
LQ Newbie
 
Registered: Oct 2005
Location: Oklahoma City
Distribution: SuSE 9.1
Posts: 17

Original Poster
Rep: Reputation: 0
Of course, I might be only testing the DSL Router? Is there a command to open port 22?
 
Old 11-27-2005, 12:58 PM   #7
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 7,177

Rep: Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210
Now that you have ssh open to the outside world, it will only be a matter of days, or even hours, before a script-kiddie probes your IP-address, finds a response from sshd, and starts to attack it. If you've got an "easy" password, or you've neglected some of the default user-ids like news, you're dead-meat.

I strongly advise that you study the part about "digital certificates" in the ssh documentation, and set up your system so that it only entertains logins from systems that possess a certificate issued by you, and will not "fall back" to userid/password authentication in any case.

If you do this .. and it's simple and easy to do .. then you can be assured that the only systems that your computer will even listen to are those to whom you have issued a valid certificate. "Please present your security badge for entry." The attacker's attempts will be rather-effortlessly foiled.
 
Old 11-27-2005, 01:17 PM   #8
Lsteele
LQ Newbie
 
Registered: Oct 2005
Location: Oklahoma City
Distribution: SuSE 9.1
Posts: 17

Original Poster
Rep: Reputation: 0
How do i know if it is open? Is there a command that I can run from the prompt to open or close port 22, eetc? Or can I control the port from YaST?
 
Old 11-27-2005, 01:39 PM   #9
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 62
Need to define some more info.
Are both the suse and windows 2000 behind the router?
If they are both inside your private network then the suse box may have a firewall running. Disable the firewall and see if you can make the connection. If that works you need to open port 22 on suse firewall configuration. Or you can leave it down since behind the router as long as the router does not have any ports being fowarded to and internal lan machine ip. The more layers you can put up the more secure you are.

Running nmap on the suse box will show open ports on the localhost address of 127.0.0.1. But if a firewall is up nmap will show the open ports but the firewall will be blocking on your suse lan machine ip. You can also install a portscanning tool on the windows box and scan your suse box to see if port 22 is open. This will be one quick question to answer to see if a service is running on port 22 and is open.

Do you plan on connections from outside on the internet to the suse box?
If not don't worry about the remote portscan. It will only be scanning your router.

Since you have a router then the router is secure if it did not show and open port of 22 from your remote portscan.

Hope this helps
Brian

Last edited by Brian1; 11-27-2005 at 01:43 PM.
 
Old 11-27-2005, 04:12 PM   #10
Lsteele
LQ Newbie
 
Registered: Oct 2005
Location: Oklahoma City
Distribution: SuSE 9.1
Posts: 17

Original Poster
Rep: Reputation: 0
I do not have nmap on my SuSE box. Is there another way?
Both the SuSE box and the Windows box are behnf the DSL Router and als another computer that the DSL plugs into.
Once I have my sustem allowing a ssh connection, then I need to use that knowledge and setup another remote system (a customer machine) to do the same so i can help him solve a problem.
 
Old 11-27-2005, 05:03 PM   #11
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,275

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
You can always do "telnet localhost 22" (no quotes). If you get a response like:

Code:
Connected to localhost.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.9p1
then sshd is running on your system. If you get connection timed out, it is not. If you still can't connect from the Win 2K system, go into YaST and go to the security menu and select the firewall configuration. Check and make sure that port 22 is allowed through.
 
Old 11-27-2005, 05:25 PM   #12
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 62
Download lanspy for the windows platform and use it to run a scan on the suse box. Since you are not sure you got to know if the port is open before going further.

Brian1
 
Old 11-27-2005, 05:50 PM   #13
Lsteele
LQ Newbie
 
Registered: Oct 2005
Location: Oklahoma City
Distribution: SuSE 9.1
Posts: 17

Original Poster
Rep: Reputation: 0
BTMiller, I ran telnet localhost 22, and got "connection refused". I used YaST to configure the firewall and checked ssh, but I still am getting connection refused.
There is a "internal connection that was (none), and I tried the drop down entry of eth-id-00:..., which still gives me connection refused. I went back to the firewall and under advanced, I allowed 22:23, but I still get connection refused??
 
Old 11-27-2005, 05:55 PM   #14
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 62
I may have misunderstood the last post on edit the firewall. Do you mean the firewall router here. If so I would do one thing at a time. Get the sshd server up and allow connection from the windows 2000 box before allowing any external traffic into your network.

Brian1
 
Old 11-27-2005, 06:16 PM   #15
Lsteele
LQ Newbie
 
Registered: Oct 2005
Location: Oklahoma City
Distribution: SuSE 9.1
Posts: 17

Original Poster
Rep: Reputation: 0
No, I meant the YaST firewall, under security and users.
Idownloaded Lanspy and the results on the SuSE box (192.168.0.59) are:
192.168.0.59 (linux.mshome.net)
Round Trip Time (RTT): <10 ms
Time To Live (TTL): 64
DNS name: linux.mshome.net
MAC: 00:11:95:1D:C6:4E
UDP ports
Nothing about ssh or port 22?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
allow access to ssh with dynamic ip lumbrjackedpcj Linux - Security 1 01-09-2005 03:08 PM
Denying access to SSH but allow access to FTP nemesisza Linux - Security 5 03-14-2004 11:25 PM
Restricting SSH Access ErocM Linux - Security 4 02-20-2004 11:52 AM
Is Restricted SSH Access Possible? retep Linux - Security 2 09-28-2003 12:35 AM
msec4 and no more SSH access bluediver Linux - Security 4 10-13-2002 01:54 PM


All times are GMT -5. The time now is 08:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration