Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
first, SSH to your comp from the same comp, and see what happens.
second, I can see that only SYN is allowed to the SSH port, doesn't ACK need to be allowed as well ? or if you don't want to be so granular, just open the port without checking TCP flags.
Location: Austin,TX most of the year...in Euless,TX the rest of it
Distribution: RH 9.0
Posts: 154
Original Poster
Rep:
I tried connecting to my comp. earlier...that was the error I put up....everything works on LAN i have here....just not working through the external IP....I took off the tcp flags as you said, but still a no-go when I tried connecting.
About the flags, I understand that the TCP packet can contain SYN packets, ACK packets, A FIN packets, and RST packets...client sends SYN packet....my comp is supposed to send an ACK packet for acknowledgement...and then A FIN packets are sent from both sides(or maybe just one?) to finalize communication...and the RST packet is sent from mine to the client if they are rejected...Am I understanding this correct? Please correct me if I'm out there on this. Thanks.
Location: Austin,TX most of the year...in Euless,TX the rest of it
Distribution: RH 9.0
Posts: 154
Original Poster
Rep:
I'm assuming you mean try to connect on my local network....everything locally works....Any comp on the LAN can ssh to my comp.....its just trying to get it to work with the external ip. Gives some sort of a timed out error I think......Anything else that could be causing this? Thanks again.
You can find others out there too, but here are a few suggestion I'd try as well.
*** before modifying any of the following files, make sure you create a backup of it. I'd also log your steps to ensure that you can backtrack.
I'd try the following:
Since you're using RH-Lokkit I'm assuming your firewall is the RedHat firewall: "System Settings"-->"Security Level" and make sure that the SSH option is available. You could also reduce the firewall setting temporarily to see if it works ( assuming that it's prudent for the data on your system ).
Use the -v option for verbose mode to help debug the problem ( e.g. ssh -v hostname )
Verify that your /etc/hosts.allow and /etc/hosts.deny are not causing the problem.
If you're using keys, revert to using a good ole login/password until you get the problem resolved.
It's never a bad idea to ensure that it isn't a DNS issue by placing an entry for the client system in the host's /etc/hosts file.
Location: Austin,TX most of the year...in Euless,TX the rest of it
Distribution: RH 9.0
Posts: 154
Original Poster
Rep:
Thanks a bunch pjcp64....did a -v ....it connected but then dropped the connection after checking some identity files...so i checked the hosts.deny file and that was the problem. It works fine now!
I was wondering what commands I could use to drop all of the users connected....or manage them somehow....
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.