Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm trying to get TightVNC to work but have to enable ssh logins. How do I do this? ssh came with my distro, but I don't know how to work it.
I have a feeling that my firewall is probably blocking the ssh port. It is the default firewall that came with Red Hat, and I don't know how to work that, either. (Even if the firewall isn't a part of this, I'd still like to know how to use it.)
type 'lokkit' and there's an option to disable the firewall. Try that....
Also i believe u dont need to run TightVNC to enable ssh. ssh is like telnet except that it uses encryption. So, just use ssh as if it was telnet.
Next add the ssh clients adresses to the /etc/hosts.allow file:
sshd: xxx.xxx.xxx.xxx
Then check to see is ssh is up and listening:
netstat -la | grep ssh
You should see a line that says sshd is listening on port 22
Might need to do netstat -lna to see the port numbers
Now if you specifically told linux to enable incoming ssh connections during the initial installation process, sshd should be working. If you didn't, you will probably have to add a line to iptables to accept incoming ssh connections. Something like:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Might need to add:
iptables -A INPUT -p udp --dport 22 -j ACCEPT
Also do yourself a favor and disable root logins via ssh in its configuration file.
As for explaining how iptables works, it's kind of complex to explain the entire way it functions. But essentially your writing a bunch of rules that tell linux how to handle various incoming packets. The rules are organized logically into "chains" (hence the original name ipchains) where each chain describes a general category of connections (INPUT, OUTPUT, FORWARD, etc). As a packet arrives, iptables will go through each individual rule in the chain from the first rule in the chain on, to try and find a rule that matches the packet. If it finds a rule that matches, it will jump to the target (-j ACCEPT, DENY, REJECT, etc) and perform that action on the packet, ignoring the rest of the rules in the chain. If it doesn't match a rule, it will fall through the entire chain until it hits the default policy. There is also the added complexity that the chains are organized into mutliple tables that do various things such as network address translation (nat), packet filtering, etc.
Unfortunately that's a really oversimplified explanation and there is alot more to it than that, so checking out the howto's is definitely advisable: http://www.netfilter.org http://www.tldp.org/HOWTO/
There are alot of different flags and options that can be set and not all of them work with each other. To be honest, I think writing iptables is more like an art than a science and can be one of the harder things to do in linux.
Thanks. I got SSH working, but I've still got to figure out what's the matter with TightVNC. Capt. Caveman's how-to was much easier to understand that my Linux book. I still don't know what that guy was trying to get me to do.
Dear All:
SSH is using port 22. If both computer A & computer B has the port enabled, keys are generated and exchanged; initial authentication; login from A to B is successful. However, when trying the initial authentication; login from B to A, it says "Secure Connection Refused" after a few times "Connection to A timed out".
Checked all file permissions, OK.
$ ssh <B_hostname> date
$ May 31 2004
However,
& ssh <A_hostname> date
& Secure Connection Refused
Questions:
1) What seems to be blocking A from autheticating B ?
2) Reply receieved while " ssh <B_hostname> date " from A, does that mean that it passed through firewalls & both ports are opened on both A & B?
Below is the ipchains from A:
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
Should we add in:
-A output -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
Ummmm... Thanks for the help, but this thread is well over a year old and I think I solved this problem. It's been so long I can't remember, but I recall I did have TightTNC working for a while, so I guess I must have solved it.
Edit: Oh, I get it. Someone else asked a question. I see. I didn't read this thread very carefully, because I didn't care about it any more.
Output from ssh <host_B> date
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 0 geteuid 0 anon 1
debug1: Connecting to <host_B> [ip_address] port 22.
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: Connection established.
Output from ssh -v <host_A> date from hots_B:
same as above until this point,
debug1: Connecting to <host_A> [ip_address] port 22.
debug1: Connetion timed out
debug1: Secure connection refused by <host_A>
I could not get ipchains command to work - it returns "command not found"
Originally posted by Travis86 Ummmm... Thanks for the help, but this thread is well over a year old and I think I solved this problem. It's been so long I can't remember, but I recall I did have TightTNC working for a while, so I guess I must have solved it.
Output from ssh -v <host_A> date from hots_B:
same as above until this point,
debug1: Connecting to <host_A> [ip_address] port 22.
debug1: Connetion timed out
debug1: Secure connection refused by <host_A>
I could not get ipchains command to work - it returns "command not found"
Looks like the firewall or tcp_wrappers might be the problem.
For tcp_wrappers, check the hosts.allow file and make sure there is an entry for host B.
For the firewall, first make sure you are root and just try running "ipchains" or "/sbin/ipchains"(without quotes) to make sure that ipchains is even installed (ipchains has been deprecated in favor of the newer iptables). If you still get "command not found", try running "iptables" or "/sbin/iptables" instead. Once you get one of those working, then do ipchains -L or iptables -L.
Output from ssh -v <host_A> date from hots_B:
same as above until this point,
debug1: Connecting to <host_A> [ip_address] port 22.
debug1: Connetion timed out
debug1: Secure connection refused by <host_A>
1) Does the "Connection timed out" come from SSH or Firewall?
2) Based on the out put of /sbin/iptables, doesn't it mean that port 22 is allowed?
1) Does the "Connection timed out" come from SSH or Firewall?
2) Based on the out put of /sbin/iptables, doesn't it mean that port 22 is allowed?
The iptables output of host A shows that it is completely open and all incoming connections should be allowed through. Given the host A can ssh into host B, I doesn't appear that either firewall has anything to do with the problem.
I can only think of one other thing that may be causing the problem. It appears that you are using key-based authentication rather than password-based. You might have generated an incompatible key or something. It would really help if you gave the out put of ssh -vvv host A (note that there are 3 v's in that command for increased verbosity in the output, rather than using -v which gives you minimal debugging messages). You might also have some luck looking at your system logs on host A to see if you can spot any error messages related to ssh. If that still isn't turing up much, try manually starting the ssh daemon (sshd) in debugging mode. The command will probably look something like /usr/sbin/sshd -ddd (again notice the 3 d's here for increased verbosity of debugging).
For some reasons, these 2 servers only allow 1 verbose flag.
Odd. What version of linux are you running?
Perhaps I should try the /usr/sbin/sshd -ddd, what shold I be looking for?
Basically anything regarding ssh, but I would specifically look for problem regarding the key authentication or ssh protocl miss-match/incompatibility.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.