ssh server setup
 

this post is in a suggested new title as a followup from

http://www.linuxquestions.org/questi...=410755&page=3
post 38

still cannot connect via ssh on port 22 via remote

can login from local host although looks a bit odd:

Linux xyz.net 2.4.21 #1 Sun Aug 3 20:15:59 PDT 2003 i686 unknown unknown GNU/Linux
Libranet GNU/Linux
Last login: Fri Feb 24 15:34:52 2006
x11@4xyz:~$

THEN from my own box in a terminal
root@xyz:/home/x11# netstat -a | grep ssh
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost:33050 localhost:ssh TIME_WAIT
unix 2 [ ACC ] STREAM LISTENING 1355 /tmp/ssh-XXX5FD3A/agent.606


any suggestions why I cannot contact my own box via a remote
please read thread above for what might be a better understanding


xx11:study: :study:

What do your hosts.allow and hosts.deny look like?

Are you receiving an error message at the connecting client end? "Connection Refused"? "Timeout"? etc. Can you ssh into the server FROM the server (i.e., "ssh localhost")? Have you twiddled with the default settings in /etc/ssh/sshd_config and accidently mucked them up? (config file location may be different on different distros) Is your firewall getting in the way? Have you double checked your router's port forwarding setup? Is your ssh server box set up as DHCP and might have aquired a different IP address than the one your router is port-forwarding to? (you should use static rather then dynamic IPs for servers) Are tcpwrapper host.deny/allow rules getting in the way? What does /var/log/auth.log tell you on the sshd server end?

You might describe things using "sshd server box" and "ssh client box" to be more clear. "my own box" and "local host" don't really tell us where you're logged into. Running netstat and looking for LISTENER's on "my own box" would be futile if "my own box" equates to "ssh client box" (and that appears to be what you're doing, as best I can tell). You need to look on the server end for LISTENER's.

Lots of things to look at. "Still cannot connect..." does not give us enough detail to work with.

ssh setup
 

thankyou for your posts

Connected throgh router via DHCP to a static ip address(public ip)
22 is port fowarded no firewall only in the router.
no tcpwrapper.

here is what /etc/ssh/sshd_config looks like
how to change this so that port 22 is listening on 0.0.0.0:22 and not localhost:22.


xx11:) :)
-----------------------------------------------------------

# Package generated configuration file
# See the sshd(8) manpage for defails

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 600
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Uncomment to disable s/key passwords
#ChallengeResponseAuthentication no

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes

# Use PAM authentication via keyboard-interactive so PAM modules can
# properly interface with the user
PAMAuthenticationViaKbdInt yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding no
X11DisplayOffset 10
PrintMotd no
#PrintLastLog no
KeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem sftp /usr/lib/sftp-server

#UsePrivilegeSeparation yes
--------------------------------------------------------------------

regarding /var/log/auth.log I have posted the 24/02/06

-----------------------------------------------------------------
ed signal 15; terminating.
Feb 24 08:57:41 4096 su[357]: + console root-news
Feb 24 08:57:41 4096 su(pam_unix)[357]: session opened for user news by (uid=0)
Feb 24 08:57:50 4096 sshd[519]: Server listening on 0.0.0.0 port 22.
Feb 24 08:57:56 4096 webmin(pam_unix)[530]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 24 08:57:56 4096 usermin(pam_unix)[527]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 24 08:57:59 4096 webmin[530]: Webmin starting
Feb 24 08:57:59 4096 usermin[527]: Usermin starting
Feb 24 08:58:27 4096 gdm(pam_unix)[564]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=bliss
Feb 24 08:58:32 4096 gdm[564]: Couldn't authenticate user
Feb 24 08:58:39 4096 pam_limits[564]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0
Feb 24 08:58:39 4096 gdm(pam_unix)[564]: session opened for user bliss by (uid=0)
Feb 24 09:00:01 4ser root
Feb 24 09:22:15 4096 gdm(pam_unix)[564]: session closed for user bliss
Feb 24 09:26:20 4096 su[383]: + console root-news
Feb 24 09:26:20 4096 su(pam_unix)[383]: session opened for user news by (uid=0)
Feb 24 09:26:29 4096 sshd[546]: Server listening on 0.0.0.0 port 22.
Feb 24 09:26:35 4096 usermin(pam_unix)[554]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 24 09:26:35 4096 webmin(pam_unix)[559]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 24 09:26:38 4096 webmin[559]: Webmin starting
Feb 24 09:26:39 4096 usermin[554]: Usermin starting
Feb 24 09:27:05 4096 pam_limits[591]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0
Feb 24 09:27:05 4096 gdm(pam_unix)[591]: session opened for user bliss by (uid=0)er root
Feb 24 10:08:34 4096 ssh(pam_unix)[1968]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=localhost user=bliss
Feb 24 10:08:35 4096 sshd[1968]: Failed password for bliss from 127.0.0.1 port 32894 ssh2
Feb 24 10:08:47 4096 sshd[1968]: Failed password for bliss from 127.0.0.1 port 32894 ssh2
Feb 24 10:08:55 4096 sshd[1968]: Accepted password for bliss from 127.0.0.1 port 32894 ssh2
Feb 24 10:08:55 4096 ssh(pam_unix)[1970]: session opened for user bliss by (uid=1000)
Feb 24 10:08:55 4096 pam_limits[1970]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=1000 euid=1000
Feb 24 10:08:55 4096 pam_limits[1970]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=1000 euid=1000
Feb 24 10:09:07 4096 su[1976]: + ttyp2 bliss-root
Feb 24 10:09:07 4096 su(pam_unix)[1976]: session opened for user root by bliss(uid=1000)
Feb 24 10:10:01 4096 cron(pam_unix)[1982]: session opened for user news by (uid=0)
Feb 24 10:10:01 4096 cron(pam_unix)[1983]: session opened for user root by (uid=0)
Feb 24 10:10:01 4096 cron(pam_unix)[1984]: session opened for user er root
Feb 24 11:07:01 4096 gdm(pam_unix)[591]: session closed for user bliss
Feb 24 11:07:03 4096 su[3027]: + console root-news
Feb 24 11:07:03 4096 su(pam_unix)[3027]: session opened for user news by (uid=0)
Feb 24 11:07:04 4096 sshd[2194]: Received signal 15; terminating.
Feb 24 11:09:01 4096 su[358]: + console root-news
Feb 24 11:09:01 4096 su(pam_unix)[358]: session opened for user news by (uid=0)
Feb 24 11:09:10 4096 sshd[516]: Server listening on 0.0.0.0 port 22.
Feb 24 11:09:15 4096 webmin(pam_unix)[530]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 24 11:09:15 4096 usermin(pam_unix)[525]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 24 11:09:18 4096 usermin[525]: Usermin starting
Feb 24 11:09:18 4096 webmin[530]: Webmin starting
Feb 24 11:09:48 4096 pam_limits[567]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0
Feb 24 11:09:48 4096 gdm(pam_unix)[567]: session opened for user bliss by (uid=0)r root
Feb 24 11:34:11 4096 gdm(pam_unix)[567]: session closed for user bliss
Feb 24 11:34:14 4096 su[1328]: + console root-news
Feb 24 11:34:14 4096 su(pam_unix)[1328]: session opened for user news by (uid=0)
Feb 24 11:34:14 4096 sshd[516]: Received signal 15; terminating.
Feb 24 12:41:50 4096 su[353]: + console root-news
Feb 24 12:41:50 4096 su(pam_unix)[353]: session opened for user news by (uid=0)
Feb 24 12:41:58 4096 sshd[510]: Server listening on 0.0.0.0 port 22.
Feb 24 12:42:05 4096 usermin(pam_unix)[517]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 24 12:42:05 4096 webmin(pam_unix)[522]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 24 12:42:07 4096 usermin[517]: Usermin starting
Feb 24 12:42:07 4096 webmin[522]: Webmin starting
Feb 24 12:42:36 4096 pam_limits[560]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0
Feb 24 12:42:36 4096 gdm(pam_unix)[560]: session opened for user bliss by (uid=0)r root
Feb 24 13:01:39 4096 gdm(pam_unix)[560]: session closed for user bliss
Feb 24 14:38:57 4096 su[377]: + console root-news
Feb 24 14:38:57 4096 su(pam_unix)[377]: session opened for user news by (uid=0)
Feb 24 14:39:06 4096 sshd[543]: Server listening on 0.0.0.0 port 22.
Feb 24 14:39:12 4096 webmin(pam_unix)[556]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 24 14:39:12 4096 usermin(pam_unix)[551]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 24 14:39:14 4096 usermin[551]: Usermin starting
Feb 24 14:39:15 4096 webmin[556]: Webmin starting
Feb 24 14:39:41 4096 pam_limits[585]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0
Feb 24 14:39:41 4096 gdm(pam_unix)[585]: session opened for user bliss by (uid=0)
Feb 24 14:40:02 4096 cron(pam_unix)[820]: session opened for user root by (uid=0)
Feb 24 14:40:02 4096 cron(pam_unix)[821]: session opened for user root by (uid=0)
Feb 24 14:40:03 4096 cron(pam_unix)[820]: session closed for user root
Feb 24 14:40:05 4096 cron(pam_unix)[821]: session closed for user root
Feb 24 14:44:09 4096 gdm(pam_unix)[585]: session closed for user bliss
Feb 24 15:34:06 4096 su[377]: + console root-news
Feb 24 15:34:07 4096 su(pam_unix)[377]: session opened for user news by (uid=0)
Feb 24 15:34:16 4096 sshd[537]: Server listening on 0.0.0.0 port 22.
Feb 24 15:34:21 4096 webmin(pam_unix)[550]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 24 15:34:22 4096 usermin(pam_unix)[545]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 24 15:34:23 4096 webmin[550]: Webmin starting
Feb 24 15:34:24 4096 usermin[545]: Usermin starting
Feb 24 15:34:52 4096 pam_limits[585]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0
Feb 24 15:34:52 4096 gdm(pam_unix)[585]: session opened for user bliss by (uid=0)
Feb 24 15:35:01 4096 cron(pam_unix)[667]: session opened for user root by (uid=0)
Feb 24 15:35:01 4096 cron(pam_unix)[667]: session closed for user root
Feb 24 15:40:01 4096 cron(pam_unix)[1002]: session opened for user root by (uid=0)
Feb 24 15:40:01 4096 cron(pam_unix)[1003]: session opened for user root by (uid=0)
Feb 24 15:40:01 4096 cron(pam_unix)[1002]: session closed for user root
Feb 24 15:40:02 4096 cron(pam_unix)[1003]: session closed for user root
Feb 24 15:43:25 4096 su[1015]: + ttyp0 bliss-root
Feb 24 15:43:25 4096 su(pam_unix)[1015]: session opened for user root by (uid=1000)
Feb 24 15:45:01 4096 cron(pam_unix)[1038]: session opened for user root by (uid=0)
Feb 24 15:45:01 4096 cron(pam_unix)[1038]: session closed for user root
Feb 24 15:50:01 4096 cron(pam_unix)[1237]: session opened for user root by (uid=0)
Feb 24 15:50:01 4096 cron(pam_unix)[1237]: session closed for user root
Feb 24 15:50:01 4096 cron(pam_unix)[1238]: session opened for user root by (uid=0)
Feb 24 15:50:02 4096 cron(pam_unix)[1238]: session closed for user root
Feb 24 15:55:01 4096 cron(pam_unix)[1251]: session opened for user root by (uid=0)
Feb 24 15:55:01 4096 cron(pam_unix)[1251]: session closed for user root
Feb 24 15:57:58 4096 sshd[1396]: Accepted password for bliss from 127.0.0.1 port 33050 ssh2
Feb 24 15:57:58 4096 ssh(pam_unix)[1398]: session opened for user bliss by (uid=1000)
Feb 24 15:57:58 4096 pam_limits[1398]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=1000 euid=1000
Feb 24 15:57:58 4096 pam_limits[1398]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=1000 euid=1000
Feb 24 16:00:01 4096 cron(pam_unix)[1429]: session opened for user root by (uid=0)
Feb 24 16:00:01 4096 cron(pam_unix)[1430]: session opened for user root by (uid=0)
Feb 24 16:00:01 4096 cron(pam_unix)[1432]: session opened for user root by (uid=0)
Feb 24 16:00:01 4096 cron(pam_unix)[1431]: session opened for user root by (uid=0)
Feb 24 16:00:01 4096 cron(pam_unix)[1430]: session closed for user root
Feb 24 16:00:01 4096 cron(pam_unix)[1431]: session closed for user root
Feb 24 16:00:02 4096 cron(pam_unix)[1432]: session closed for user root
Feb 24 16:00:07 4096 cron(pam_unix)[1429]: session closed for user root
Feb 24 16:04:46 4096 ssh(pam_unix)[1398]: session closed for user bliss
Feb 24 16:05:01 4096 cron(pam_unix)[2355]: session opened for user root by (uid=0)
Feb 24 16:05:01 4096 cron(pam_unix)[2355]: session closed for user root
Feb 24 16:10:01 4096 cron(pam_unix)[2498]: session opened for user news by (uid=0)
Feb 24 16:10:01 4096 cron(pam_unix)[2499]: session opened for user root by (uid=0)
Feb 24 16:10:01 4096 cron(pam_unix)[2500]: session opened for user root by (uid=0)
Feb 24 16:10:01 4096 cron(pam_unix)[2499]: session closed for user root
Feb 24 16:10:01 4096 cron(pam_unix)[2498]: session closed for user news
Feb 24 16:10:02 4096 cron(pam_unix)[2500]: session closed for user root
Feb 24 16:14:40 4096 gdm(pam_unix)[585]: session closed for user bliss
Feb 24 16:14:43 4096 su[2564]: + console root-news
Feb 24 16:14:43 4096 su(pam_unix)[2564]: session opened for user news by (uid=0)
Feb 24 16:14:43 4096 sshd[537]: Received signal 15; terminating.
Feb 24 21:15:38 4096 su[357]: + console root-news
Feb 24 21:15:38 4096 su(pam_unix)[357]: session opened for user news by (uid=0)
Feb 24 21:15:47 4096 sshd[515]: Server listening on 0.0.0.0 port 22.
Feb 24 21:15:53 4096 usermin(pam_unix)[523]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 24 21:15:53 4096 webmin(pam_unix)[528]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 24 21:15:55 4096 webmin[528]: Webmin starting
Feb 24 21:15:55 4096 usermin[523]: Usermin starting
Feb 24 21:18:09 4096 pam_limits[566]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0
Feb 24 21:18:09 4096 gdm(pam_unix)[566]: session opened for user bliss by (uid=0)user root by (uid=1000)

------------------------------------------------------------------------

this is the hosts allow doc

----------------------------------------------------------------

# /etc/hosts.allow: list of hosts that are allowed to access the system.
# See the manual pages hosts_access(5), hosts_options(5)
# and /usr/doc/netbase/portmapper.txt.gz
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper. See portmap(8)
# and /usr/doc/portmap/portmapper.txt.gz for further information.
#
---------------------------------------------------------------------

this hosts deny doc


-----------------------------------------------------------------------

# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
# See the manual pages hosts_access(5), hosts_options(5)
# and /usr/doc/netbase/portmapper.txt.gz
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper. See portmap(8)
# and /usr/doc/portmap/portmapper.txt.gz for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address. You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID



-------------------------------------------------------

What makes you think you are only listening on localhost? Previously you posted this netstat output:
which means you are listening on all interfaces. And the info from your auth.log:
tells me the same (the IP of 0.0.0.0 limits it to IPV4 traffic, which shouldn't be a problem).

This kind of stuff in auth.log:
tells me you were able to successfully ssh in from the sshd server itself (loopback interface). But I don't see anything in auth.log that indicates an incoming ssh attempt from a different machine. Maybe that's your problem. The connection never made it that far. That's assuming you tried an incoming ssh connection from a different machine during the timeframe that this logfile covers. What did the client side say when your connection attempt failed? Any error messages? Did it just hang and you had to kill it? What was the last thing it said (if anything) before it hung (if indeed this is what it did)?

ssh setup
 

here is the log.auth from today and below to results of a few
who tried to connect.
I also forwared port 64 ssh to see if it may make a difference

----------------------------------------------------------------
Feb 25 16:04:06 4096 su[363]: + console root-news
Feb 25 16:04:06 4096 su(pam_unix)[363]: session opened for user news by (uid=0)
Feb 25 16:04:16 4096 sshd[530]: Server listening on 0.0.0.0 port 22.
Feb 25 16:04:21 4096 webmin(pam_unix)[541]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 25 16:04:21 4096 usermin(pam_unix)[538]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Feb 25 16:04:24 4096 usermin[538]: Usermin starting
Feb 25 16:04:24 4096 webmin[541]: Webmin starting
Feb 25 16:04:51 4096 pam_limits[570]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0
Feb 25 16:04:51 4096 gdm(pam_unix)[570]: session opened for user bliss by (uid=0)
Feb 25 16:05:01 4096 cron(pam_unix)[652]: session opened for user root by (uid=0)
Feb 25 16:05:01 4096 cron(pam_unix)[652]: session closed for user root
Feb 25 16:10:01 4096 cron(pam_unix)[943]: session opened for user news by (uid=0)
Feb 25 16:10:01 4096 cron(pam_unix)[944]: session opened for user root by (uid=0)
Feb 25 16:10:01 4096 cron(pam_unix)[945]: session opened for user root by (uid=0)
Feb 25 16:10:01 4096 cron(pam_unix)[944]: session closed for user root
Feb 25 16:10:02 4096 cron(pam_unix)[943]: session closed for user news
Feb 25 16:10:02 4096 cron(pam_unix)[945]: session closed for user root
Feb 25 16:15:01 4096 cron(pam_unix)[951]: session opened for user root by (uid=0)
Feb 25 16:15:01 4096 cron(pam_unix)[951]: session closed for user root
Feb 25 16:20:01 4096 cron(pam_unix)[1138]: session opened for user root by (uid=0)
Feb 25 16:20:01 4096 cron(pam_unix)[1139]: session opened for user root by (uid=0)
Feb 25 16:20:01 4096 cron(pam_unix)[1138]: session closed for user root
Feb 25 16:20:01 4096 cron(pam_unix)[1139]: session closed for user root
Feb 25 16:25:01 4096 cron(pam_unix)[1143]: session opened for user root by (uid=0)
Feb 25 16:25:01 4096 cron(pam_unix)[1143]: session closed for user root
Feb 25 16:30:01 4096 cron(pam_unix)[1306]: session opened for user root by (uid=0)
Feb 25 16:30:01 4096 cron(pam_unix)[1307]: session opened for user root by (uid=0)
Feb 25 16:30:01 4096 cron(pam_unix)[1306]: session closed for user root
Feb 25 16:30:02 4096 cron(pam_unix)[1307]: session closed for user root
Feb 25 16:35:01 4096 cron(pam_unix)[1313]: session opened for user root by (uid=0)
Feb 25 16:35:01 4096 cron(pam_unix)[1313]: session closed for user root
Feb 25 16:40:01 4096 cron(pam_unix)[1474]: session opened for user root by (uid=0)
Feb 25 16:40:01 4096 cron(pam_unix)[1475]: session opened for user root by (uid=0)
Feb 25 16:40:01 4096 cron(pam_unix)[1474]: session closed for user root
Feb 25 16:40:01 4096 cron(pam_unix)[1475]: session closed for user root
Feb 25 16:40:30 4096 su[1486]: + ttyp0 bliss-root
Feb 25 16:40:30 4096 su(pam_unix)[1486]: session opened for user root by (uid=1000)





2006-02-25T17:09:30+00:00 TCP: From: 59.42.10.181:6000 To: 192.168.1.64:6588
2006-02-25T17:14:01+00:00 TCP: From: 222.188.63.25:6000 To: 192.168.1.64:3128


tried to ssh on port 22 but just hung


ALSO

2006-02-25T17:14:15+00:00 TCP: From: 72.142.40.112:51189 To: 192.168.1.64:1
2006-02-25T17:14:18+00:00 TCP: From: 72.142.40.112:51189 To: 192.168.1.64:1
2006-02-25T17:14:24+00:00 TCP: From: 72.142.40.112:51189 To: 192.168.1.64:1
2006-02-25T17:14:36+00:00 TCP: From: 72.142.40.112:51189 To: 192.168.1.64:1
2006-02-25T17:15:00+00:00 TCP: From: 72.142.40.112:51189 To: 192.168.1.64:1

here is someone who tied fout times on port 22 and it just hangs
and once on port 64 it finally timed out




the above logs are from my router


xx11:) :)

As I read the above two router log entries, it appears that you router took the first incoming connection and forwarded it to 192.168.1.64 port 6588 and the second entry was forwarded to port 3128. I don't see any mention of port 22 anywhere. Am I missing something?
Your router is forwarding this connection to port 1???

What kind of ssh client are these people using? They should be incoming on port 22, but they appear to be incoming on random ports. What you're showing here makes no sense to me.

try this guide
 

try this nice tutorials

SSH Server Configuration in debian with problem solving tips

ssh setup
 

thanks for all your posts on this matter
I think it may be wise to put this subjest to rest for a while
as it seems I cannot come up with any new suggestions
I plan a REinstall of pure sage later this week as oppose to a libranet 2.8.1 update

I asked a friend to do a scan and there was no responce
I did one also and got 1024 ports scanned filtered.

there are two sections in my router for port forwarding
one for single port forwarding
ie internal port 22
external poer 22
ip addess
enable

the other

from port
to port
ip address
enable

I an useing he single port method.

just a added something here is what boot up loks like.

Feb 26 09:18:43 4096 syslogd 1.4.1#17: restart.
Feb 26 09:18:43 4096 kernel: klogd 1.4.1#17, log source = /proc/kmsg started.
Feb 26 09:18:44 4096 kernel: Inspecting /boot/System.map-2.4.21
Feb 26 09:18:45 4096 kernel: Loaded 18286 symbols from /boot/System.map-2.4.21.
Feb 26 09:18:45 4096 kernel: Symbols match kernel version 2.4.21.
Feb 26 09:18:45 4096 kernel: Loaded 155 symbols from 11 modules.
Feb 26 09:18:45 4096 kernel: Linux version 2.4.21 (root@galaxy) (gcc version 3.2.3 20030316 (Debian prerelease)) #1 Sun Aug 3 20:15:59 PDT 2003
Feb 26 09:18:45 4096 kernel: BIOS-provided physical RAM map:
Feb 26 09:18:45 4096 kernel: BIOS-e820: 0000000000000000 - 000000000009f800 (usable)
Feb 26 09:18:45 4096 kernel: BIOS-e820: 000000000009f800 - 00000000000a0000 (reserved)
Feb 26 09:18:45 4096 kernel: BIOS-e820: 00000000000d0000 - 00000000000d8000 (reserved)
Feb 26 09:18:45 4096 kernel: BIOS-e820: 00000000000e4000 - 0000000000100000 (reserved)
Feb 26 09:18:45 4096 kernel: BIOS-e820: 0000000000100000 - 000000002bf70000 (usable)
Feb 26 09:18:45 4096 kernel: BIOS-e820: 000000002bf70000 - 000000002bf7b000 (ACPI data)
Feb 26 09:18:45 4096 kernel: BIOS-e820: 000000002bf7b000 - 000000002bf80000 (ACPI NVS)
Feb 26 09:18:45 4096 kernel: BIOS-e820: 000000002bf80000 - 000000002c000000 (reserved)
Feb 26 09:18:45 4096 kernel: BIOS-e820: 000000003bf80000 - 000000003c000000 (reserved)
Feb 26 09:18:45 4096 kernel: BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved)
Feb 26 09:18:45 4096 kernel: BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved)
Feb 26 09:18:45 4096 kernel: BIOS-e820: 00000000fff80000 - 0000000100000000 (reserved)
Feb 26 09:18:45 4096 kernel: 703MB LOWMEM available.
Feb 26 09:18:45 4096 kernel: On node 0 totalpages: 180080
Feb 26 09:18:45 4096 kernel: zone(0): 4096 pages.
Feb 26 09:18:45 4096 kernel: zone(1): 175984 pages.
Feb 26 09:18:45 4096 kernel: zone(2): 0 pages.
Feb 26 09:18:45 4096 kernel: Kernel command line: root=/dev/hda3 ro hdc=scsi
Feb 26 09:18:45 4096 kernel: ide_setup: hdc=scsi
Feb 26 09:18:45 4096 kernel: Initializing CPU#0
Feb 26 09:18:45 4096 kernel: Detected 2667.222 MHz processor.
Feb 26 09:18:45 4096 kernel: Console: colour VGA+ 80x25
Feb 26 09:18:45 4096 kernel: Calibrating delay loop... 5321.52 BogoMIPS
Feb 26 09:18:45 4096 kernel: Memory: 709784k/720320k available (1467k kernel code, 10148k reserved, 516k data, 96k init, 0k highmem)
Feb 26 09:18:45 4096 kernel: Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes)
Feb 26 09:18:45 4096 kernel: Inode cache hash table entries: 65536 (order: 7, 524288 bytes)
Feb 26 09:18:45 4096 kernel: Mount cache hash table entries: 512 (order: 0, 4096 bytes)
Feb 26 09:18:45 4096 kernel: Buffer-cache hash table entries: 65536 (order: 6, 262144 bytes)
Feb 26 09:18:45 4096 kernel: Page-cache hash table entries: 262144 (order: 8, 1048576 bytes)
Feb 26 09:18:45 4096 kernel: CPU: Trace cache: 12K uops<6>CPU: L2 cache: 256K
Feb 26 09:18:45 4096 kernel: Intel machine check architecture supported.
Feb 26 09:18:45 4096 kernel: Intel machine check reporting enabled on CPU#0.
Feb 26 09:18:45 4096 kernel: CPU: Intel(R) Celeron(R) CPU 2.66GHz stepping 01
Feb 26 09:18:45 4096 kernel: Enabling fast FPU save and restore... done.
Feb 26 09:18:45 4096 kernel: Enabling unmasked SIMD FPU exception support... done.
Feb 26 09:18:45 4096 kernel: Checking 'hlt' instruction... OK.
Feb 26 09:18:45 4096 kernel: POSIX conformance testing by UNIFIX
Feb 26 09:18:45 4096 kernel: mtrr: v1.40 (20010327) Richard Gooch (rgooch@atnf.csiro.au)
Feb 26 09:18:45 4096 kernel: mtrr: detected mtrr type: Intel
Feb 26 09:18:45 4096 kernel: PCI: PCI BIOS revision 2.10 entry at 0xfd768, last bus=2
Feb 26 09:18:45 4096 kernel: PCI: Using configuration type 1
Feb 26 09:18:45 4096 kernel: PCI: Probing PCI hardware
Feb 26 09:18:45 4096 kernel: PCI: Ignoring BAR0-3 of IDE controller 00:14.1
Feb 26 09:18:45 4096 kernel: Transparent bridge - PCI device 1002:4342 (ATI Technologies Inc)
Feb 26 09:18:45 4096 kernel: PCI: Using IRQ router default [1002/434c] at 00:14.3
Feb 26 09:18:45 4096 kernel: Linux NET4.0 for Linux 2.4
Feb 26 09:18:45 4096 kernel: Based upon Swansea University Computer Society NET3.039
Feb 26 09:18:45 4096 kernel: Initializing RT netlink socket
Feb 26 09:18:45 4096 kernel: Starting kswapd
Feb 26 09:18:45 4096 kernel: Journalled Block Device driver loaded
Feb 26 09:18:45 4096 kernel: pty: 256 Unix98 ptys configured
Feb 26 09:18:45 4096 kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
Feb 26 09:18:45 4096 kernel: ttyS00 at 0x03f8 (irq = 4) is a 16550A
Feb 26 09:18:45 4096 kernel: PCI: Guessed IRQ 11 for device 00:14.6
Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:14.5
Feb 26 09:18:45 4096 kernel: floppy0: no floppy controllers found
Feb 26 09:18:45 4096 kernel: RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize
Feb 26 09:18:45 4096 kernel: Uniform Multi-Platform E-IDE driver Revision: 7.00beta4-2.4
Feb 26 09:18:45 4096 kernel: ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
Feb 26 09:18:45 4096 kernel: hda: HTS424040M9AT00, ATA DISK drive
Feb 26 09:18:45 4096 kernel: hdc: Slimtype DVDRW SOSW-852S, ATAPI CD/DVD-ROM drive
Feb 26 09:18:45 4096 kernel: ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
Feb 26 09:18:45 4096 kernel: ide1 at 0x170-0x177,0x376 on irq 15
Feb 26 09:18:45 4096 kernel: hda: attached ide-disk driver.
Feb 26 09:18:45 4096 kernel: hda: host protected area => 1
Feb 26 09:18:45 4096 kernel: hda: 78140160 sectors (40008 MB) w/1739KiB Cache, CHS=4864/255/63
Feb 26 09:18:45 4096 kernel: Partition check:
Feb 26 09:18:45 4096 kernel: hda: hda1 hda2 hda3 hda4 < hda5 >
Feb 26 09:18:45 4096 kernel: Highpoint HPT370 Softwareraid driver for linux version 0.01-ww1
Feb 26 09:18:45 4096 kernel: No raid array found
Feb 26 09:18:45 4096 last message repeated 2 times
Feb 26 09:18:45 4096 kernel: Guestimating sector 78123839 for superblock
Feb 26 09:18:45 4096 kernel: usb.c: registered new driver usbdevfs
Feb 26 09:18:45 4096 kernel: usb.c: registered new driver hub
Feb 26 09:18:45 4096 kernel: PCI: Guessed IRQ 11 for device 00:13.2
Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.0
Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.1
Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 02:03.0
Feb 26 09:18:45 4096 kernel: ehci-hcd 00:13.2: PCI device 1002:4345 (ATI Technologies Inc)
Feb 26 09:18:45 4096 kernel: ehci-hcd 00:13.2: irq 11, pci mem ec81a000
Feb 26 09:18:45 4096 kernel: usb.c: new USB bus registered, assigned bus number 1
Feb 26 09:18:45 4096 kernel: PCI: 00:13.2 PCI cache line size set incorrectly (32 bytes) by BIOS/FW.
Feb 26 09:18:45 4096 kernel: PCI: 00:13.2 cache line size too large - expecting 16.
Feb 26 09:18:45 4096 kernel: ehci-hcd 00:13.2: USB 2.0 enabled, EHCI 1.00, driver 2003-Jan-22
Feb 26 09:18:45 4096 kernel: hub.c: USB hub found
Feb 26 09:18:45 4096 kernel: hub.c: 6 ports detected
Feb 26 09:18:45 4096 kernel: host/usb-uhci.c: $Revision: 1.275 $ time 20:17:46 Aug 3 2003
Feb 26 09:18:45 4096 kernel: host/usb-uhci.c: High bandwidth mode enabled
Feb 26 09:18:45 4096 kernel: host/usb-uhci.c: v1.275:USB Universal Host Controller Interface driver
Feb 26 09:18:45 4096 kernel: PCI: Guessed IRQ 11 for device 00:13.0
Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.1
Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.2
Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 02:03.0
Feb 26 09:18:45 4096 kernel: host/usb-ohci.c: USB OHCI at membase 0xec81c000, IRQ 11
Feb 26 09:18:45 4096 kernel: host/usb-ohci.c: usb-00:13.0, PCI device 1002:4347 (ATI Technologies Inc)
Feb 26 09:18:45 4096 kernel: usb.c: new USB bus registered, assigned bus number 2
Feb 26 09:18:45 4096 kernel: hub.c: USB hub found
Feb 26 09:18:45 4096 kernel: hub.c: 3 ports detected
Feb 26 09:18:45 4096 kernel: PCI: Guessed IRQ 11 for device 00:13.1
Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.0
Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.2
Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 02:03.0
Feb 26 09:18:45 4096 kernel: host/usb-ohci.c: USB OHCI at membase 0xec81e000, IRQ 11
Feb 26 09:18:45 4096 kernel: host/usb-ohci.c: usb-00:13.1, PCI device 1002:4348 (ATI Technologies Inc)
Feb 26 09:18:45 4096 kernel: usb.c: new USB bus registered, assigned bus number 3
Feb 26 09:18:45 4096 kernel: hub.c: USB hub found
Feb 26 09:18:45 4096 kernel: hub.c: 3 ports detected
Feb 26 09:18:45 4096 kernel: usb.c: registered new driver hid
Feb 26 09:18:45 4096 kernel: hid-core.c: v1.8.1 Andreas Gal, Vojtech Pavlik <vojtech@suse.cz>
Feb 26 09:18:45 4096 kernel: hid-core.c: USB HID support drivers
Feb 26 09:18:45 4096 kernel: mice: PS/2 mouse device common for all mice
Feb 26 09:18:45 4096 kernel: Initializing Cryptographic API
Feb 26 09:18:45 4096 kernel: NET4: Linux TCP/IP 1.0 for NET4.0
Feb 26 09:18:45 4096 kernel: IP: routing cache hash table of 8192 buckets, 64Kbytes
Feb 26 09:18:45 4096 kernel: TCP: Hash tables configured (established 262144 bind 65536)
Feb 26 09:18:45 4096 kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Feb 26 09:18:45 4096 kernel: FAT: bogus logical sector size 0
Feb 26 09:18:45 4096 kernel: FAT: bogus logical sector size 0
Feb 26 09:18:45 4096 kernel: reiserfs: checking transaction log (device 03:03) ...
Feb 26 09:18:45 4096 kernel: Using r5 hash to sort names
Feb 26 09:18:45 4096 kernel: ReiserFS version 3.6.25
Feb 26 09:18:45 4096 kernel: VFS: Mounted root (reiserfs filesystem) readonly.
Feb 26 09:18:45 4096 kernel: Freeing unused kernel memory: 96k freed
Feb 26 09:18:45 4096 kernel: Adding Swap: 706824k swap-space (priority -1)
Feb 26 09:18:45 4096 kernel: Real Time Clock Driver v1.10e
Feb 26 09:18:45 4096 kernel: SCSI subsystem driver Revision: 1.00
Feb 26 09:18:45 4096 kernel: ide-floppy driver 0.99.newide
Feb 26 09:18:45 4096 kernel: ide-cd: ignoring drive hdc
Feb 26 09:18:45 4096 kernel: hdc: attached ide-scsi driver.
Feb 26 09:18:45 4096 kernel: scsi0 : SCSI host adapter emulation for IDE ATAPI devices
Feb 26 09:18:45 4096 kernel: Vendor: Slimtype Model: DVDRW SOSW-852S Rev: PCS3
Feb 26 09:18:45 4096 kernel: Type: CD-ROM ANSI SCSI revision: 02
Feb 26 09:18:45 4096 kernel: Attached scsi CD-ROM sr0 at scsi0, channel 0, id 0, lun 0
Feb 26 09:18:45 4096 kernel: sr0: scsi3-mmc drive: 24x/24x writer cd/rw xa/form2 cdda tray
Feb 26 09:18:45 4096 kernel: Uniform CD-ROM driver Revision: 3.12
Feb 26 09:18:45 4096 kernel: 8139too Fast Ethernet driver 0.9.26
Feb 26 09:18:45 4096 kernel: PCI: Guessed IRQ 11 for device 02:03.0
Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.0
Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.1
Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.2
Feb 26 09:18:45 4096 kernel: eth0: RealTek RTL8139 Fast Ethernet at 0xec960c00, 00:0f:b0:5c:af:1f, IRQ 11
Feb 26 09:18:45 4096 kernel: usbdevfs: remount parameter error
Feb 26 09:18:45 4096 kernel: eth0: Setting 100mbps full-duplex based on auto-negotiated partner ability 45e1.
Feb 26 09:18:45 4096 kernel: ttyS1: LSR safety check engaged!
Feb 26 09:18:45 4096 kernel: ttyS1: LSR safety check engaged!
Feb 26 09:18:55 4096 smartd: smartd started
Feb 26 09:18:55 4096 smartd: Device: /dev/hda, Found and is SMART capable
Feb 26 09:19:07 4096 kernel: apm: BIOS not found.
Feb 26 09:19:38 4096 gconfd (bliss-632): starting (version 2.8.1), pid 632 user 'bliss'
Feb 26 09:19:38 4096 gconfd (bliss-632): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0
Feb 26 09:19:38 4096 gconfd (bliss-632): Resolved address "xml:readwrite:/home/bliss/.gconf" to a writable configuration source at position 1
Feb 26 09:19:38 4096 gconfd (bliss-632): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Feb 26 09:20:05 4096 gconfd (bliss-632): Resolved address "xml:readwrite:/home/bliss/.gconf" to a writable configuration source at position 0
Feb 26 09:20:36 4096 gconfd (root-912): starting (version 2.8.1), pid 912 user 'root'
Feb 26 09:20:36 4096 gconfd (root-912): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0
Feb 26 09:20:36 4096 gconfd (root-912): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 1
Feb 26 09:20:36 4096 gconfd (root-912): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Feb 26 09:29:06 4096 gconfd (root-912): SIGHUP received, reloading all databases
Feb 26 09:29:06 4096 gconfd (root-912): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0
Feb 26 09:29:06 4096 gconfd (root-912): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 1
Feb 26 09:29:06 4096 gconfd (root-912): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Feb 26 09:29:19 4096 gconfd (bliss-632): Exiting
Feb 26 09:29:20 4096 gconfd (bliss-1185): starting (version 2.8.1), pid 1185 user 'bliss'
Feb 26 09:29:20 4096 gconfd (bliss-1185): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0
Feb 26 09:29:20 4096 gconfd (bliss-1185): Resolved address "xml:readwrite:/home/bliss/.gconf" to a writable configuration source at position 1
Feb 26 09:29:20 4096 gconfd (bliss-1185): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Feb 26 09:29:24 4096 kernel: Kernel logging (proc) stopped.
Feb 26 09:29:24 4096 kernel: Kernel log daemon terminating.
Feb 26 09:29:24 4096 exiting on signal 15
Feb 26 09:31:19 4096 syslogd 1.4.1#17: restart.
Feb 26 09:31:19 4096 kernel: klogd 1.4.1#17, log source = /proc/kmsg started.

ssh set up
 

seems this person tells me he got in on port 22?

for auth file

Mar 1 07:54:13 4096 sshd[7196]: Invalid user dberner from 216.254.127.242
Mar 1 07:54:14 4096 sshd[7196]: Failed none for invalid user dberner from 216.254.127.242 port 59911 ssh2
Mar 1 07:54:34 4096 sshd[7202]: Did not receive identification string from 202.173.178.172


xx11