ssh server setup
this post is in a suggested new title as a followup from
http://www.linuxquestions.org/questi...=410755&page=3 post 38 still cannot connect via ssh on port 22 via remote can login from local host although looks a bit odd: Linux xyz.net 2.4.21 #1 Sun Aug 3 20:15:59 PDT 2003 i686 unknown unknown GNU/Linux Libranet GNU/Linux Last login: Fri Feb 24 15:34:52 2006 x11@4xyz:~$ THEN from my own box in a terminal root@xyz:/home/x11# netstat -a | grep ssh tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost:33050 localhost:ssh TIME_WAIT unix 2 [ ACC ] STREAM LISTENING 1355 /tmp/ssh-XXX5FD3A/agent.606 any suggestions why I cannot contact my own box via a remote please read thread above for what might be a better understanding xx11:study: :study: |
What do your hosts.allow and hosts.deny look like?
|
Are you receiving an error message at the connecting client end? "Connection Refused"? "Timeout"? etc. Can you ssh into the server FROM the server (i.e., "ssh localhost")? Have you twiddled with the default settings in /etc/ssh/sshd_config and accidently mucked them up? (config file location may be different on different distros) Is your firewall getting in the way? Have you double checked your router's port forwarding setup? Is your ssh server box set up as DHCP and might have aquired a different IP address than the one your router is port-forwarding to? (you should use static rather then dynamic IPs for servers) Are tcpwrapper host.deny/allow rules getting in the way? What does /var/log/auth.log tell you on the sshd server end?
You might describe things using "sshd server box" and "ssh client box" to be more clear. "my own box" and "local host" don't really tell us where you're logged into. Running netstat and looking for LISTENER's on "my own box" would be futile if "my own box" equates to "ssh client box" (and that appears to be what you're doing, as best I can tell). You need to look on the server end for LISTENER's. Lots of things to look at. "Still cannot connect..." does not give us enough detail to work with. |
ssh setup
thankyou for your posts
Connected throgh router via DHCP to a static ip address(public ip) 22 is port fowarded no firewall only in the router. no tcpwrapper. here is what /etc/ssh/sshd_config looks like how to change this so that port 22 is listening on 0.0.0.0:22 and not localhost:22. xx11:) :) ----------------------------------------------------------- # Package generated configuration file # See the sshd(8) manpage for defails # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 600 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # rhosts authentication should not be used RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Uncomment to disable s/key passwords #ChallengeResponseAuthentication no # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes # Use PAM authentication via keyboard-interactive so PAM modules can # properly interface with the user PAMAuthenticationViaKbdInt yes # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes X11Forwarding no X11DisplayOffset 10 PrintMotd no #PrintLastLog no KeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net #ReverseMappingCheck yes Subsystem sftp /usr/lib/sftp-server #UsePrivilegeSeparation yes -------------------------------------------------------------------- regarding /var/log/auth.log I have posted the 24/02/06 ----------------------------------------------------------------- ed signal 15; terminating. Feb 24 08:57:41 4096 su[357]: + console root-news Feb 24 08:57:41 4096 su(pam_unix)[357]: session opened for user news by (uid=0) Feb 24 08:57:50 4096 sshd[519]: Server listening on 0.0.0.0 port 22. Feb 24 08:57:56 4096 webmin(pam_unix)[530]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 24 08:57:56 4096 usermin(pam_unix)[527]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 24 08:57:59 4096 webmin[530]: Webmin starting Feb 24 08:57:59 4096 usermin[527]: Usermin starting Feb 24 08:58:27 4096 gdm(pam_unix)[564]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=bliss Feb 24 08:58:32 4096 gdm[564]: Couldn't authenticate user Feb 24 08:58:39 4096 pam_limits[564]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Feb 24 08:58:39 4096 gdm(pam_unix)[564]: session opened for user bliss by (uid=0) Feb 24 09:00:01 4ser root Feb 24 09:22:15 4096 gdm(pam_unix)[564]: session closed for user bliss Feb 24 09:26:20 4096 su[383]: + console root-news Feb 24 09:26:20 4096 su(pam_unix)[383]: session opened for user news by (uid=0) Feb 24 09:26:29 4096 sshd[546]: Server listening on 0.0.0.0 port 22. Feb 24 09:26:35 4096 usermin(pam_unix)[554]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 24 09:26:35 4096 webmin(pam_unix)[559]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 24 09:26:38 4096 webmin[559]: Webmin starting Feb 24 09:26:39 4096 usermin[554]: Usermin starting Feb 24 09:27:05 4096 pam_limits[591]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Feb 24 09:27:05 4096 gdm(pam_unix)[591]: session opened for user bliss by (uid=0)er root Feb 24 10:08:34 4096 ssh(pam_unix)[1968]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=localhost user=bliss Feb 24 10:08:35 4096 sshd[1968]: Failed password for bliss from 127.0.0.1 port 32894 ssh2 Feb 24 10:08:47 4096 sshd[1968]: Failed password for bliss from 127.0.0.1 port 32894 ssh2 Feb 24 10:08:55 4096 sshd[1968]: Accepted password for bliss from 127.0.0.1 port 32894 ssh2 Feb 24 10:08:55 4096 ssh(pam_unix)[1970]: session opened for user bliss by (uid=1000) Feb 24 10:08:55 4096 pam_limits[1970]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=1000 euid=1000 Feb 24 10:08:55 4096 pam_limits[1970]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=1000 euid=1000 Feb 24 10:09:07 4096 su[1976]: + ttyp2 bliss-root Feb 24 10:09:07 4096 su(pam_unix)[1976]: session opened for user root by bliss(uid=1000) Feb 24 10:10:01 4096 cron(pam_unix)[1982]: session opened for user news by (uid=0) Feb 24 10:10:01 4096 cron(pam_unix)[1983]: session opened for user root by (uid=0) Feb 24 10:10:01 4096 cron(pam_unix)[1984]: session opened for user er root Feb 24 11:07:01 4096 gdm(pam_unix)[591]: session closed for user bliss Feb 24 11:07:03 4096 su[3027]: + console root-news Feb 24 11:07:03 4096 su(pam_unix)[3027]: session opened for user news by (uid=0) Feb 24 11:07:04 4096 sshd[2194]: Received signal 15; terminating. Feb 24 11:09:01 4096 su[358]: + console root-news Feb 24 11:09:01 4096 su(pam_unix)[358]: session opened for user news by (uid=0) Feb 24 11:09:10 4096 sshd[516]: Server listening on 0.0.0.0 port 22. Feb 24 11:09:15 4096 webmin(pam_unix)[530]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 24 11:09:15 4096 usermin(pam_unix)[525]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 24 11:09:18 4096 usermin[525]: Usermin starting Feb 24 11:09:18 4096 webmin[530]: Webmin starting Feb 24 11:09:48 4096 pam_limits[567]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Feb 24 11:09:48 4096 gdm(pam_unix)[567]: session opened for user bliss by (uid=0)r root Feb 24 11:34:11 4096 gdm(pam_unix)[567]: session closed for user bliss Feb 24 11:34:14 4096 su[1328]: + console root-news Feb 24 11:34:14 4096 su(pam_unix)[1328]: session opened for user news by (uid=0) Feb 24 11:34:14 4096 sshd[516]: Received signal 15; terminating. Feb 24 12:41:50 4096 su[353]: + console root-news Feb 24 12:41:50 4096 su(pam_unix)[353]: session opened for user news by (uid=0) Feb 24 12:41:58 4096 sshd[510]: Server listening on 0.0.0.0 port 22. Feb 24 12:42:05 4096 usermin(pam_unix)[517]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 24 12:42:05 4096 webmin(pam_unix)[522]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 24 12:42:07 4096 usermin[517]: Usermin starting Feb 24 12:42:07 4096 webmin[522]: Webmin starting Feb 24 12:42:36 4096 pam_limits[560]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Feb 24 12:42:36 4096 gdm(pam_unix)[560]: session opened for user bliss by (uid=0)r root Feb 24 13:01:39 4096 gdm(pam_unix)[560]: session closed for user bliss Feb 24 14:38:57 4096 su[377]: + console root-news Feb 24 14:38:57 4096 su(pam_unix)[377]: session opened for user news by (uid=0) Feb 24 14:39:06 4096 sshd[543]: Server listening on 0.0.0.0 port 22. Feb 24 14:39:12 4096 webmin(pam_unix)[556]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 24 14:39:12 4096 usermin(pam_unix)[551]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 24 14:39:14 4096 usermin[551]: Usermin starting Feb 24 14:39:15 4096 webmin[556]: Webmin starting Feb 24 14:39:41 4096 pam_limits[585]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Feb 24 14:39:41 4096 gdm(pam_unix)[585]: session opened for user bliss by (uid=0) Feb 24 14:40:02 4096 cron(pam_unix)[820]: session opened for user root by (uid=0) Feb 24 14:40:02 4096 cron(pam_unix)[821]: session opened for user root by (uid=0) Feb 24 14:40:03 4096 cron(pam_unix)[820]: session closed for user root Feb 24 14:40:05 4096 cron(pam_unix)[821]: session closed for user root Feb 24 14:44:09 4096 gdm(pam_unix)[585]: session closed for user bliss Feb 24 15:34:06 4096 su[377]: + console root-news Feb 24 15:34:07 4096 su(pam_unix)[377]: session opened for user news by (uid=0) Feb 24 15:34:16 4096 sshd[537]: Server listening on 0.0.0.0 port 22. Feb 24 15:34:21 4096 webmin(pam_unix)[550]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 24 15:34:22 4096 usermin(pam_unix)[545]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 24 15:34:23 4096 webmin[550]: Webmin starting Feb 24 15:34:24 4096 usermin[545]: Usermin starting Feb 24 15:34:52 4096 pam_limits[585]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Feb 24 15:34:52 4096 gdm(pam_unix)[585]: session opened for user bliss by (uid=0) Feb 24 15:35:01 4096 cron(pam_unix)[667]: session opened for user root by (uid=0) Feb 24 15:35:01 4096 cron(pam_unix)[667]: session closed for user root Feb 24 15:40:01 4096 cron(pam_unix)[1002]: session opened for user root by (uid=0) Feb 24 15:40:01 4096 cron(pam_unix)[1003]: session opened for user root by (uid=0) Feb 24 15:40:01 4096 cron(pam_unix)[1002]: session closed for user root Feb 24 15:40:02 4096 cron(pam_unix)[1003]: session closed for user root Feb 24 15:43:25 4096 su[1015]: + ttyp0 bliss-root Feb 24 15:43:25 4096 su(pam_unix)[1015]: session opened for user root by (uid=1000) Feb 24 15:45:01 4096 cron(pam_unix)[1038]: session opened for user root by (uid=0) Feb 24 15:45:01 4096 cron(pam_unix)[1038]: session closed for user root Feb 24 15:50:01 4096 cron(pam_unix)[1237]: session opened for user root by (uid=0) Feb 24 15:50:01 4096 cron(pam_unix)[1237]: session closed for user root Feb 24 15:50:01 4096 cron(pam_unix)[1238]: session opened for user root by (uid=0) Feb 24 15:50:02 4096 cron(pam_unix)[1238]: session closed for user root Feb 24 15:55:01 4096 cron(pam_unix)[1251]: session opened for user root by (uid=0) Feb 24 15:55:01 4096 cron(pam_unix)[1251]: session closed for user root Feb 24 15:57:58 4096 sshd[1396]: Accepted password for bliss from 127.0.0.1 port 33050 ssh2 Feb 24 15:57:58 4096 ssh(pam_unix)[1398]: session opened for user bliss by (uid=1000) Feb 24 15:57:58 4096 pam_limits[1398]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=1000 euid=1000 Feb 24 15:57:58 4096 pam_limits[1398]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=1000 euid=1000 Feb 24 16:00:01 4096 cron(pam_unix)[1429]: session opened for user root by (uid=0) Feb 24 16:00:01 4096 cron(pam_unix)[1430]: session opened for user root by (uid=0) Feb 24 16:00:01 4096 cron(pam_unix)[1432]: session opened for user root by (uid=0) Feb 24 16:00:01 4096 cron(pam_unix)[1431]: session opened for user root by (uid=0) Feb 24 16:00:01 4096 cron(pam_unix)[1430]: session closed for user root Feb 24 16:00:01 4096 cron(pam_unix)[1431]: session closed for user root Feb 24 16:00:02 4096 cron(pam_unix)[1432]: session closed for user root Feb 24 16:00:07 4096 cron(pam_unix)[1429]: session closed for user root Feb 24 16:04:46 4096 ssh(pam_unix)[1398]: session closed for user bliss Feb 24 16:05:01 4096 cron(pam_unix)[2355]: session opened for user root by (uid=0) Feb 24 16:05:01 4096 cron(pam_unix)[2355]: session closed for user root Feb 24 16:10:01 4096 cron(pam_unix)[2498]: session opened for user news by (uid=0) Feb 24 16:10:01 4096 cron(pam_unix)[2499]: session opened for user root by (uid=0) Feb 24 16:10:01 4096 cron(pam_unix)[2500]: session opened for user root by (uid=0) Feb 24 16:10:01 4096 cron(pam_unix)[2499]: session closed for user root Feb 24 16:10:01 4096 cron(pam_unix)[2498]: session closed for user news Feb 24 16:10:02 4096 cron(pam_unix)[2500]: session closed for user root Feb 24 16:14:40 4096 gdm(pam_unix)[585]: session closed for user bliss Feb 24 16:14:43 4096 su[2564]: + console root-news Feb 24 16:14:43 4096 su(pam_unix)[2564]: session opened for user news by (uid=0) Feb 24 16:14:43 4096 sshd[537]: Received signal 15; terminating. Feb 24 21:15:38 4096 su[357]: + console root-news Feb 24 21:15:38 4096 su(pam_unix)[357]: session opened for user news by (uid=0) Feb 24 21:15:47 4096 sshd[515]: Server listening on 0.0.0.0 port 22. Feb 24 21:15:53 4096 usermin(pam_unix)[523]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 24 21:15:53 4096 webmin(pam_unix)[528]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 24 21:15:55 4096 webmin[528]: Webmin starting Feb 24 21:15:55 4096 usermin[523]: Usermin starting Feb 24 21:18:09 4096 pam_limits[566]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Feb 24 21:18:09 4096 gdm(pam_unix)[566]: session opened for user bliss by (uid=0)user root by (uid=1000) ------------------------------------------------------------------------ this is the hosts allow doc ---------------------------------------------------------------- # /etc/hosts.allow: list of hosts that are allowed to access the system. # See the manual pages hosts_access(5), hosts_options(5) # and /usr/doc/netbase/portmapper.txt.gz # # Example: ALL: LOCAL @some_netgroup # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu # # If you're going to protect the portmapper use the name "portmap" for the # daemon name. Remember that you can only use the keyword "ALL" and IP # addresses (NOT host or domain names) for the portmapper. See portmap(8) # and /usr/doc/portmap/portmapper.txt.gz for further information. # --------------------------------------------------------------------- this hosts deny doc ----------------------------------------------------------------------- # /etc/hosts.deny: list of hosts that are _not_ allowed to access the system. # See the manual pages hosts_access(5), hosts_options(5) # and /usr/doc/netbase/portmapper.txt.gz # # Example: ALL: some.host.name, .some.domain # ALL EXCEPT in.fingerd: other.host.name, .other.domain # # If you're going to protect the portmapper use the name "portmap" for the # daemon name. Remember that you can only use the keyword "ALL" and IP # addresses (NOT host or domain names) for the portmapper. See portmap(8) # and /usr/doc/portmap/portmapper.txt.gz for further information. # # The PARANOID wildcard matches any host whose name does not match its # address. You may wish to enable this to ensure any programs that don't # validate looked up hostnames still leave understandable logs. In past # versions of Debian this has been the default. # ALL: PARANOID ------------------------------------------------------- |
Quote:
Code:
root@xyz:/home/x11# netstat -a | grep ssh Code:
sshd[519]: Server listening on 0.0.0.0 port 22. This kind of stuff in auth.log: Code:
Feb 24 15:57:58 4096 sshd[1396]: Accepted password for bliss from 127.0.0.1 port 33050 ssh2 |
ssh setup
here is the log.auth from today and below to results of a few
who tried to connect. I also forwared port 64 ssh to see if it may make a difference ---------------------------------------------------------------- Feb 25 16:04:06 4096 su[363]: + console root-news Feb 25 16:04:06 4096 su(pam_unix)[363]: session opened for user news by (uid=0) Feb 25 16:04:16 4096 sshd[530]: Server listening on 0.0.0.0 port 22. Feb 25 16:04:21 4096 webmin(pam_unix)[541]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 25 16:04:21 4096 usermin(pam_unix)[538]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Feb 25 16:04:24 4096 usermin[538]: Usermin starting Feb 25 16:04:24 4096 webmin[541]: Webmin starting Feb 25 16:04:51 4096 pam_limits[570]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Feb 25 16:04:51 4096 gdm(pam_unix)[570]: session opened for user bliss by (uid=0) Feb 25 16:05:01 4096 cron(pam_unix)[652]: session opened for user root by (uid=0) Feb 25 16:05:01 4096 cron(pam_unix)[652]: session closed for user root Feb 25 16:10:01 4096 cron(pam_unix)[943]: session opened for user news by (uid=0) Feb 25 16:10:01 4096 cron(pam_unix)[944]: session opened for user root by (uid=0) Feb 25 16:10:01 4096 cron(pam_unix)[945]: session opened for user root by (uid=0) Feb 25 16:10:01 4096 cron(pam_unix)[944]: session closed for user root Feb 25 16:10:02 4096 cron(pam_unix)[943]: session closed for user news Feb 25 16:10:02 4096 cron(pam_unix)[945]: session closed for user root Feb 25 16:15:01 4096 cron(pam_unix)[951]: session opened for user root by (uid=0) Feb 25 16:15:01 4096 cron(pam_unix)[951]: session closed for user root Feb 25 16:20:01 4096 cron(pam_unix)[1138]: session opened for user root by (uid=0) Feb 25 16:20:01 4096 cron(pam_unix)[1139]: session opened for user root by (uid=0) Feb 25 16:20:01 4096 cron(pam_unix)[1138]: session closed for user root Feb 25 16:20:01 4096 cron(pam_unix)[1139]: session closed for user root Feb 25 16:25:01 4096 cron(pam_unix)[1143]: session opened for user root by (uid=0) Feb 25 16:25:01 4096 cron(pam_unix)[1143]: session closed for user root Feb 25 16:30:01 4096 cron(pam_unix)[1306]: session opened for user root by (uid=0) Feb 25 16:30:01 4096 cron(pam_unix)[1307]: session opened for user root by (uid=0) Feb 25 16:30:01 4096 cron(pam_unix)[1306]: session closed for user root Feb 25 16:30:02 4096 cron(pam_unix)[1307]: session closed for user root Feb 25 16:35:01 4096 cron(pam_unix)[1313]: session opened for user root by (uid=0) Feb 25 16:35:01 4096 cron(pam_unix)[1313]: session closed for user root Feb 25 16:40:01 4096 cron(pam_unix)[1474]: session opened for user root by (uid=0) Feb 25 16:40:01 4096 cron(pam_unix)[1475]: session opened for user root by (uid=0) Feb 25 16:40:01 4096 cron(pam_unix)[1474]: session closed for user root Feb 25 16:40:01 4096 cron(pam_unix)[1475]: session closed for user root Feb 25 16:40:30 4096 su[1486]: + ttyp0 bliss-root Feb 25 16:40:30 4096 su(pam_unix)[1486]: session opened for user root by (uid=1000) 2006-02-25T17:09:30+00:00 TCP: From: 59.42.10.181:6000 To: 192.168.1.64:6588 2006-02-25T17:14:01+00:00 TCP: From: 222.188.63.25:6000 To: 192.168.1.64:3128 tried to ssh on port 22 but just hung ALSO 2006-02-25T17:14:15+00:00 TCP: From: 72.142.40.112:51189 To: 192.168.1.64:1 2006-02-25T17:14:18+00:00 TCP: From: 72.142.40.112:51189 To: 192.168.1.64:1 2006-02-25T17:14:24+00:00 TCP: From: 72.142.40.112:51189 To: 192.168.1.64:1 2006-02-25T17:14:36+00:00 TCP: From: 72.142.40.112:51189 To: 192.168.1.64:1 2006-02-25T17:15:00+00:00 TCP: From: 72.142.40.112:51189 To: 192.168.1.64:1 here is someone who tied fout times on port 22 and it just hangs and once on port 64 it finally timed out the above logs are from my router xx11:) :) |
Quote:
Quote:
What kind of ssh client are these people using? They should be incoming on port 22, but they appear to be incoming on random ports. What you're showing here makes no sense to me. |
try this guide
|
ssh setup
thanks for all your posts on this matter
I think it may be wise to put this subjest to rest for a while as it seems I cannot come up with any new suggestions I plan a REinstall of pure sage later this week as oppose to a libranet 2.8.1 update I asked a friend to do a scan and there was no responce I did one also and got 1024 ports scanned filtered. there are two sections in my router for port forwarding one for single port forwarding ie internal port 22 external poer 22 ip addess enable the other from port to port ip address enable I an useing he single port method. just a added something here is what boot up loks like. Feb 26 09:18:43 4096 syslogd 1.4.1#17: restart. Feb 26 09:18:43 4096 kernel: klogd 1.4.1#17, log source = /proc/kmsg started. Feb 26 09:18:44 4096 kernel: Inspecting /boot/System.map-2.4.21 Feb 26 09:18:45 4096 kernel: Loaded 18286 symbols from /boot/System.map-2.4.21. Feb 26 09:18:45 4096 kernel: Symbols match kernel version 2.4.21. Feb 26 09:18:45 4096 kernel: Loaded 155 symbols from 11 modules. Feb 26 09:18:45 4096 kernel: Linux version 2.4.21 (root@galaxy) (gcc version 3.2.3 20030316 (Debian prerelease)) #1 Sun Aug 3 20:15:59 PDT 2003 Feb 26 09:18:45 4096 kernel: BIOS-provided physical RAM map: Feb 26 09:18:45 4096 kernel: BIOS-e820: 0000000000000000 - 000000000009f800 (usable) Feb 26 09:18:45 4096 kernel: BIOS-e820: 000000000009f800 - 00000000000a0000 (reserved) Feb 26 09:18:45 4096 kernel: BIOS-e820: 00000000000d0000 - 00000000000d8000 (reserved) Feb 26 09:18:45 4096 kernel: BIOS-e820: 00000000000e4000 - 0000000000100000 (reserved) Feb 26 09:18:45 4096 kernel: BIOS-e820: 0000000000100000 - 000000002bf70000 (usable) Feb 26 09:18:45 4096 kernel: BIOS-e820: 000000002bf70000 - 000000002bf7b000 (ACPI data) Feb 26 09:18:45 4096 kernel: BIOS-e820: 000000002bf7b000 - 000000002bf80000 (ACPI NVS) Feb 26 09:18:45 4096 kernel: BIOS-e820: 000000002bf80000 - 000000002c000000 (reserved) Feb 26 09:18:45 4096 kernel: BIOS-e820: 000000003bf80000 - 000000003c000000 (reserved) Feb 26 09:18:45 4096 kernel: BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved) Feb 26 09:18:45 4096 kernel: BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved) Feb 26 09:18:45 4096 kernel: BIOS-e820: 00000000fff80000 - 0000000100000000 (reserved) Feb 26 09:18:45 4096 kernel: 703MB LOWMEM available. Feb 26 09:18:45 4096 kernel: On node 0 totalpages: 180080 Feb 26 09:18:45 4096 kernel: zone(0): 4096 pages. Feb 26 09:18:45 4096 kernel: zone(1): 175984 pages. Feb 26 09:18:45 4096 kernel: zone(2): 0 pages. Feb 26 09:18:45 4096 kernel: Kernel command line: root=/dev/hda3 ro hdc=scsi Feb 26 09:18:45 4096 kernel: ide_setup: hdc=scsi Feb 26 09:18:45 4096 kernel: Initializing CPU#0 Feb 26 09:18:45 4096 kernel: Detected 2667.222 MHz processor. Feb 26 09:18:45 4096 kernel: Console: colour VGA+ 80x25 Feb 26 09:18:45 4096 kernel: Calibrating delay loop... 5321.52 BogoMIPS Feb 26 09:18:45 4096 kernel: Memory: 709784k/720320k available (1467k kernel code, 10148k reserved, 516k data, 96k init, 0k highmem) Feb 26 09:18:45 4096 kernel: Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes) Feb 26 09:18:45 4096 kernel: Inode cache hash table entries: 65536 (order: 7, 524288 bytes) Feb 26 09:18:45 4096 kernel: Mount cache hash table entries: 512 (order: 0, 4096 bytes) Feb 26 09:18:45 4096 kernel: Buffer-cache hash table entries: 65536 (order: 6, 262144 bytes) Feb 26 09:18:45 4096 kernel: Page-cache hash table entries: 262144 (order: 8, 1048576 bytes) Feb 26 09:18:45 4096 kernel: CPU: Trace cache: 12K uops<6>CPU: L2 cache: 256K Feb 26 09:18:45 4096 kernel: Intel machine check architecture supported. Feb 26 09:18:45 4096 kernel: Intel machine check reporting enabled on CPU#0. Feb 26 09:18:45 4096 kernel: CPU: Intel(R) Celeron(R) CPU 2.66GHz stepping 01 Feb 26 09:18:45 4096 kernel: Enabling fast FPU save and restore... done. Feb 26 09:18:45 4096 kernel: Enabling unmasked SIMD FPU exception support... done. Feb 26 09:18:45 4096 kernel: Checking 'hlt' instruction... OK. Feb 26 09:18:45 4096 kernel: POSIX conformance testing by UNIFIX Feb 26 09:18:45 4096 kernel: mtrr: v1.40 (20010327) Richard Gooch (rgooch@atnf.csiro.au) Feb 26 09:18:45 4096 kernel: mtrr: detected mtrr type: Intel Feb 26 09:18:45 4096 kernel: PCI: PCI BIOS revision 2.10 entry at 0xfd768, last bus=2 Feb 26 09:18:45 4096 kernel: PCI: Using configuration type 1 Feb 26 09:18:45 4096 kernel: PCI: Probing PCI hardware Feb 26 09:18:45 4096 kernel: PCI: Ignoring BAR0-3 of IDE controller 00:14.1 Feb 26 09:18:45 4096 kernel: Transparent bridge - PCI device 1002:4342 (ATI Technologies Inc) Feb 26 09:18:45 4096 kernel: PCI: Using IRQ router default [1002/434c] at 00:14.3 Feb 26 09:18:45 4096 kernel: Linux NET4.0 for Linux 2.4 Feb 26 09:18:45 4096 kernel: Based upon Swansea University Computer Society NET3.039 Feb 26 09:18:45 4096 kernel: Initializing RT netlink socket Feb 26 09:18:45 4096 kernel: Starting kswapd Feb 26 09:18:45 4096 kernel: Journalled Block Device driver loaded Feb 26 09:18:45 4096 kernel: pty: 256 Unix98 ptys configured Feb 26 09:18:45 4096 kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled Feb 26 09:18:45 4096 kernel: ttyS00 at 0x03f8 (irq = 4) is a 16550A Feb 26 09:18:45 4096 kernel: PCI: Guessed IRQ 11 for device 00:14.6 Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:14.5 Feb 26 09:18:45 4096 kernel: floppy0: no floppy controllers found Feb 26 09:18:45 4096 kernel: RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize Feb 26 09:18:45 4096 kernel: Uniform Multi-Platform E-IDE driver Revision: 7.00beta4-2.4 Feb 26 09:18:45 4096 kernel: ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx Feb 26 09:18:45 4096 kernel: hda: HTS424040M9AT00, ATA DISK drive Feb 26 09:18:45 4096 kernel: hdc: Slimtype DVDRW SOSW-852S, ATAPI CD/DVD-ROM drive Feb 26 09:18:45 4096 kernel: ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 Feb 26 09:18:45 4096 kernel: ide1 at 0x170-0x177,0x376 on irq 15 Feb 26 09:18:45 4096 kernel: hda: attached ide-disk driver. Feb 26 09:18:45 4096 kernel: hda: host protected area => 1 Feb 26 09:18:45 4096 kernel: hda: 78140160 sectors (40008 MB) w/1739KiB Cache, CHS=4864/255/63 Feb 26 09:18:45 4096 kernel: Partition check: Feb 26 09:18:45 4096 kernel: hda: hda1 hda2 hda3 hda4 < hda5 > Feb 26 09:18:45 4096 kernel: Highpoint HPT370 Softwareraid driver for linux version 0.01-ww1 Feb 26 09:18:45 4096 kernel: No raid array found Feb 26 09:18:45 4096 last message repeated 2 times Feb 26 09:18:45 4096 kernel: Guestimating sector 78123839 for superblock Feb 26 09:18:45 4096 kernel: usb.c: registered new driver usbdevfs Feb 26 09:18:45 4096 kernel: usb.c: registered new driver hub Feb 26 09:18:45 4096 kernel: PCI: Guessed IRQ 11 for device 00:13.2 Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.0 Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.1 Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 02:03.0 Feb 26 09:18:45 4096 kernel: ehci-hcd 00:13.2: PCI device 1002:4345 (ATI Technologies Inc) Feb 26 09:18:45 4096 kernel: ehci-hcd 00:13.2: irq 11, pci mem ec81a000 Feb 26 09:18:45 4096 kernel: usb.c: new USB bus registered, assigned bus number 1 Feb 26 09:18:45 4096 kernel: PCI: 00:13.2 PCI cache line size set incorrectly (32 bytes) by BIOS/FW. Feb 26 09:18:45 4096 kernel: PCI: 00:13.2 cache line size too large - expecting 16. Feb 26 09:18:45 4096 kernel: ehci-hcd 00:13.2: USB 2.0 enabled, EHCI 1.00, driver 2003-Jan-22 Feb 26 09:18:45 4096 kernel: hub.c: USB hub found Feb 26 09:18:45 4096 kernel: hub.c: 6 ports detected Feb 26 09:18:45 4096 kernel: host/usb-uhci.c: $Revision: 1.275 $ time 20:17:46 Aug 3 2003 Feb 26 09:18:45 4096 kernel: host/usb-uhci.c: High bandwidth mode enabled Feb 26 09:18:45 4096 kernel: host/usb-uhci.c: v1.275:USB Universal Host Controller Interface driver Feb 26 09:18:45 4096 kernel: PCI: Guessed IRQ 11 for device 00:13.0 Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.1 Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.2 Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 02:03.0 Feb 26 09:18:45 4096 kernel: host/usb-ohci.c: USB OHCI at membase 0xec81c000, IRQ 11 Feb 26 09:18:45 4096 kernel: host/usb-ohci.c: usb-00:13.0, PCI device 1002:4347 (ATI Technologies Inc) Feb 26 09:18:45 4096 kernel: usb.c: new USB bus registered, assigned bus number 2 Feb 26 09:18:45 4096 kernel: hub.c: USB hub found Feb 26 09:18:45 4096 kernel: hub.c: 3 ports detected Feb 26 09:18:45 4096 kernel: PCI: Guessed IRQ 11 for device 00:13.1 Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.0 Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.2 Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 02:03.0 Feb 26 09:18:45 4096 kernel: host/usb-ohci.c: USB OHCI at membase 0xec81e000, IRQ 11 Feb 26 09:18:45 4096 kernel: host/usb-ohci.c: usb-00:13.1, PCI device 1002:4348 (ATI Technologies Inc) Feb 26 09:18:45 4096 kernel: usb.c: new USB bus registered, assigned bus number 3 Feb 26 09:18:45 4096 kernel: hub.c: USB hub found Feb 26 09:18:45 4096 kernel: hub.c: 3 ports detected Feb 26 09:18:45 4096 kernel: usb.c: registered new driver hid Feb 26 09:18:45 4096 kernel: hid-core.c: v1.8.1 Andreas Gal, Vojtech Pavlik <vojtech@suse.cz> Feb 26 09:18:45 4096 kernel: hid-core.c: USB HID support drivers Feb 26 09:18:45 4096 kernel: mice: PS/2 mouse device common for all mice Feb 26 09:18:45 4096 kernel: Initializing Cryptographic API Feb 26 09:18:45 4096 kernel: NET4: Linux TCP/IP 1.0 for NET4.0 Feb 26 09:18:45 4096 kernel: IP: routing cache hash table of 8192 buckets, 64Kbytes Feb 26 09:18:45 4096 kernel: TCP: Hash tables configured (established 262144 bind 65536) Feb 26 09:18:45 4096 kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. Feb 26 09:18:45 4096 kernel: FAT: bogus logical sector size 0 Feb 26 09:18:45 4096 kernel: FAT: bogus logical sector size 0 Feb 26 09:18:45 4096 kernel: reiserfs: checking transaction log (device 03:03) ... Feb 26 09:18:45 4096 kernel: Using r5 hash to sort names Feb 26 09:18:45 4096 kernel: ReiserFS version 3.6.25 Feb 26 09:18:45 4096 kernel: VFS: Mounted root (reiserfs filesystem) readonly. Feb 26 09:18:45 4096 kernel: Freeing unused kernel memory: 96k freed Feb 26 09:18:45 4096 kernel: Adding Swap: 706824k swap-space (priority -1) Feb 26 09:18:45 4096 kernel: Real Time Clock Driver v1.10e Feb 26 09:18:45 4096 kernel: SCSI subsystem driver Revision: 1.00 Feb 26 09:18:45 4096 kernel: ide-floppy driver 0.99.newide Feb 26 09:18:45 4096 kernel: ide-cd: ignoring drive hdc Feb 26 09:18:45 4096 kernel: hdc: attached ide-scsi driver. Feb 26 09:18:45 4096 kernel: scsi0 : SCSI host adapter emulation for IDE ATAPI devices Feb 26 09:18:45 4096 kernel: Vendor: Slimtype Model: DVDRW SOSW-852S Rev: PCS3 Feb 26 09:18:45 4096 kernel: Type: CD-ROM ANSI SCSI revision: 02 Feb 26 09:18:45 4096 kernel: Attached scsi CD-ROM sr0 at scsi0, channel 0, id 0, lun 0 Feb 26 09:18:45 4096 kernel: sr0: scsi3-mmc drive: 24x/24x writer cd/rw xa/form2 cdda tray Feb 26 09:18:45 4096 kernel: Uniform CD-ROM driver Revision: 3.12 Feb 26 09:18:45 4096 kernel: 8139too Fast Ethernet driver 0.9.26 Feb 26 09:18:45 4096 kernel: PCI: Guessed IRQ 11 for device 02:03.0 Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.0 Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.1 Feb 26 09:18:45 4096 kernel: PCI: Sharing IRQ 11 with 00:13.2 Feb 26 09:18:45 4096 kernel: eth0: RealTek RTL8139 Fast Ethernet at 0xec960c00, 00:0f:b0:5c:af:1f, IRQ 11 Feb 26 09:18:45 4096 kernel: usbdevfs: remount parameter error Feb 26 09:18:45 4096 kernel: eth0: Setting 100mbps full-duplex based on auto-negotiated partner ability 45e1. Feb 26 09:18:45 4096 kernel: ttyS1: LSR safety check engaged! Feb 26 09:18:45 4096 kernel: ttyS1: LSR safety check engaged! Feb 26 09:18:55 4096 smartd: smartd started Feb 26 09:18:55 4096 smartd: Device: /dev/hda, Found and is SMART capable Feb 26 09:19:07 4096 kernel: apm: BIOS not found. Feb 26 09:19:38 4096 gconfd (bliss-632): starting (version 2.8.1), pid 632 user 'bliss' Feb 26 09:19:38 4096 gconfd (bliss-632): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0 Feb 26 09:19:38 4096 gconfd (bliss-632): Resolved address "xml:readwrite:/home/bliss/.gconf" to a writable configuration source at position 1 Feb 26 09:19:38 4096 gconfd (bliss-632): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2 Feb 26 09:20:05 4096 gconfd (bliss-632): Resolved address "xml:readwrite:/home/bliss/.gconf" to a writable configuration source at position 0 Feb 26 09:20:36 4096 gconfd (root-912): starting (version 2.8.1), pid 912 user 'root' Feb 26 09:20:36 4096 gconfd (root-912): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0 Feb 26 09:20:36 4096 gconfd (root-912): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 1 Feb 26 09:20:36 4096 gconfd (root-912): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2 Feb 26 09:29:06 4096 gconfd (root-912): SIGHUP received, reloading all databases Feb 26 09:29:06 4096 gconfd (root-912): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0 Feb 26 09:29:06 4096 gconfd (root-912): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 1 Feb 26 09:29:06 4096 gconfd (root-912): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2 Feb 26 09:29:19 4096 gconfd (bliss-632): Exiting Feb 26 09:29:20 4096 gconfd (bliss-1185): starting (version 2.8.1), pid 1185 user 'bliss' Feb 26 09:29:20 4096 gconfd (bliss-1185): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0 Feb 26 09:29:20 4096 gconfd (bliss-1185): Resolved address "xml:readwrite:/home/bliss/.gconf" to a writable configuration source at position 1 Feb 26 09:29:20 4096 gconfd (bliss-1185): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2 Feb 26 09:29:24 4096 kernel: Kernel logging (proc) stopped. Feb 26 09:29:24 4096 kernel: Kernel log daemon terminating. Feb 26 09:29:24 4096 exiting on signal 15 Feb 26 09:31:19 4096 syslogd 1.4.1#17: restart. Feb 26 09:31:19 4096 kernel: klogd 1.4.1#17, log source = /proc/kmsg started. |
ssh set up
seems this person tells me he got in on port 22?
for auth file Mar 1 07:54:13 4096 sshd[7196]: Invalid user dberner from 216.254.127.242 Mar 1 07:54:14 4096 sshd[7196]: Failed none for invalid user dberner from 216.254.127.242 port 59911 ssh2 Mar 1 07:54:34 4096 sshd[7202]: Did not receive identification string from 202.173.178.172 xx11 |
All times are GMT -5. The time now is 08:44 PM. |