LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   ssh login (https://www.linuxquestions.org/questions/linux-security-4/ssh-login-540397/)

kenji 03-25-2007 03:53 AM

ssh login
 
hi i have 3 computers at home lets name it pc1, pc2 and pc3
in pc1 im using win2k in pc2 and pc3 are both rh9. i can
access pc2 via ssh and telnet but i cant access pc3 via
ssh and telnet i already setup the firewall to accept
ssh and telnet like i did in pc2 but still i cant access it
im just wondering if im missing some points thank you for
your help.

IBall 03-25-2007 05:40 AM

Is the SSH server running on PC3?

Make sure you install it.

On a side note, is there any particular reason for using RH9? This is a very old version of Linux, having been released in 2003. It is no longer supported, and does not get any security updates. The successor to Redhat Community is Fedora, which is currently at release 6. Alternatively, try Centos (Free RHEL) or Ubuntu.

Also, Telnet is extremely insecure - everything including passwords are transmitted in plain text. SSH encrypts everything. Don't use Telnet unless you really must.

--Ian

slzckboy 03-25-2007 05:48 AM

also is basic network connectivity ok on pc3?

kenji 03-25-2007 12:18 PM

yes i know redhat is very old maybe ill use fedora or rh enterprise
someday but for now ill use my rh box. i also know that telnet is
insecure i just want to learn thats all that is the reason i want
to run telnet thanks for the concern iball. slzckboy what do you
mean basic network connectivity? if you are asking about the
physical connections there are no problems i can ping pc1 pc2 and
pc3. i tried accessing pc2 using pc3 via ssh and i successfully
accessed it i also tried to logon pc3 using ssh in itself i also
never encountered a problem.thanks for the help guys maybe ill
update you for more information. everytime i access pc3 using pc2
via ssh it gives me an error message that the host refused to
connect i also ran tcpdump and it gave me this message

using putty
04:54:22.045192 192.0.0.1.3826 > 192.0.0.3.ssh: S [tcp sum ok] 3399189136:3399189136(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 11751, len 48)
04:54:25.000684 192.0.0.1.3826 > 192.0.0.3.ssh: S [tcp sum ok] 3399189136:3399189136(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 11752, len 48)

IBall 03-26-2007 07:20 AM

Network Connectivity - can you browse the internet from pc3?

Can you post the output of the following commands (run them as root on pc3):
Code:

ps -ef | grep ssh
lsof -i :22

On PC3, can you ssh to itself - "ssh localhost" and enter your current users password?

Really though, don't use telnet - what are you trying to learn. Also, you will learn better with a recent distro

--Ian

kenji 03-27-2007 08:58 AM

#ps -ef | grep ssh
root 743 1 0 20:34 ? 00:00:00 /usr/sbin/sshd
joe 1182 1136 0 21:06 tty2 00:00:00 ssh 192.0.0.2
root 1191 1013 0 21:10 tty1 00:00:00 grep ssh

#lsof -i :22
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 743 root 3u IPv4 1495 TCP *:ssh (LISTEN)
ssh 1182 joe 3u IPv4 2240 TCP 192.0.0.3:1026->192.0.0.2:ssh (ESTABLISHED)

Quote:

i also tried to logon pc3 using ssh in itself i also
never encountered a problem
yes it can ssh to itself

kenji 03-27-2007 10:02 AM

and this is the list of my iptables. hope this will help

#iptables -nvL

Chain INPUT (policy ACCEPT 216 packets, 22933 bytes)
pkts bytes target prot opt in out source destination
333 34270 RH-Lokkit-0-50-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ssh * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ssh * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Lokkit-0-50-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.0.0.0/24 tcp dpt:22
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.0.0.0/24 tcp dpt:22

Chain OUTPUT (policy ACCEPT 367 packets, 38127 bytes)
pkts bytes target prot opt in out source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 192.0.0.1 0.0.0.0/0 udp spt:53 dpts:1025:65535
36 2578 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
21 1044 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023 flags:0x16/0x02 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 flags:0x16/0x02 reject-with icmp-port-unreachable
60 7715 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023 reject-with icmp-port-unreachable
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6000:6009 flags:0x16/0x02 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7100 flags:0x16/0x02 reject-with icmp-port-unreachable


All times are GMT -5. The time now is 05:58 AM.