SUSE / openSUSEThis Forum is for the discussion of Suse Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I know for sure that SSH deamon is running. I tried flushing the iptables rules, but it didn't help. How can I turn the firewall off, so I can ssh to the box?
make sure you have a entry like this in your /etc/hosts.allow file
sshd : $DESTINATION
and you do not have the same in /etc/hosts.deny
where $DESTINATION is the ip you want to ssh from, $SOURCE is the ip of the machine your are trying to ssh and $SSH_PORT is the port number of SSH in the source which by default is 22 but can be set to anyother value.
a) I added "sshd : 192.168.2.8" to /etc/hosts.allow
b) I commented "http-rman : ALL EXCEPT LOCAL" in /etc/hosts.deny
c) I executed the rule you suggested (only with /usr/sbin/iptables)
192.168.2.8 is my laptop, 182.168.2.6 is the SuSE box and 182.168.2.1 is my belkin router.
The situation is still the same, Putty just returns an error: Network error - connection timed out. :\
I know for sure that SSH deamon is running. I tried flushing the iptables rules, but it didn't help. How can I turn the firewall off, so I can ssh to the box?
I'm surely missing something here, so don't pay too much attention.
Click on the firewall icon of Yast, set ssh as allowed service. Could be too simple, dunno. That's what I do and it works. SuSE 9.3 and 10.0.
I found the "Firewall configuration: Allowed services" section.. but I am not able to choose SSH... I can only select Internal, External and Demilitarized zone (what's the difference?)
I don't know which key to press to be able to select a service under Internal Zone (this sounds so lame :\)
I found the "Firewall configuration: Allowed services" section.. but I am not able to choose SSH... I can only select Internal, External and Demilitarized zone (what's the difference?)
I don't know which key to press to be able to select a service under Internal Zone (this sounds so lame :\)
External Zone should be already selected for you. Press tab until you get to Service To Allow and then press the down arrow key. A list of services will be show and you can press enter to choose the one you wish.
In the text version of Yast you can select item by hitting the ALT key and the yellow highlighted letter. So you hit ALT-S to get the selction list to find SSH and get it turned off.
The internal, external and DMZ are the zones that you may associate a particular zone with. You then need to indicate which services are allowed for which zone. If your computer is between two firewalls, running a public service like http, then you might want to use DMZ. If you are behind a NAT router and not having anything forwarded to your box, you might use "internal". By default, internal isn't protected by the firewall. Otherwise, you want to choose external. A computer that is hooked up directly to a modem and provided internet access for other computers on the lan has 2 interfaces. One is external and the other is internel.
SSH uses port 22 by default. Some people change the default port because it is a well known target. If you are the only person to use SSH, then uncomment the "AllowUsers" line and add your user name to it. This will disable connection attempts using system usernames. Script kiddies have scripts that will try a number of passwords attacking the usernames of common system users, such as mail, video, mysql and root.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.