ssh setting up port 22 conection refused

TheBrick · 02-15-2007, 12:15 PM

Hello, I have been searching and tweaking for an hour with not much luck. Sorry I don't know enough about neworking to make progress.

I am on a gentoo laptop 2.6.16, OpenSSH_4.2p1, OpenSSL 0.9.7j 04 May 2006.
I am trying to allow ssh from the local netwok onto my computer, this is my network settings (as I understand it), with xs in place of number clearly.

Code:

$ more /etc/conf.d/net
# This blank configuration will automatically use DHCP for any net.*
# scripts in /etc/init.d.  To create a more complete configuration,
# please review /etc/conf.d/net.example and save your configuration
# in /etc/conf.d/net (this file :]!).
#config_eth1=("dhcp")
#dhcp_eth1="nodns nontp nonis"
#config_eth0=("dhcp")
#dhcp_eth0="nodns nontp nonis"
modules=( "ifconfig")
config_eth0=( "192.xxx.x.xx broadcast 192.168.1.255 netmask 255.255.255.0")
routes_eth0=( "default gw 192.xxx.x.x")

I can ssh from my computer to others on the network but not from other computers to my computer. When I try and ssh into my machine I get

Code:

ssh: connect to host 192.xxx.x.x port 22: Connection refused

I can ping the machine ok.

I have allowed rsa authetification as I understand. I have tried uncomenting the line Port 22 but it made no difference. Do I have to restart something? This is my sshd config file.

Code:

#       $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem       sftp    /usr/lib/misc/sftp-server

I am sure this is something very easy but I don't understand it. Could you please help me out I have tried to include the info that I think you may need. Thanks for any help.

jxi · 02-15-2007, 01:23 PM

2 things - daemon & firewall
post the output of
`iptables -L -v -n`

is the sshd daemon running on the laptop?
at the very least check this with

`nmap -sS -O -p- -PI -PT localhost`

(substitute the laptop ip for localhost if done from another box)
(ok so this is scanning every port not just 22 but what the heck)

HTH

TheBrick · 02-22-2007, 04:43 AM

Sorry for the late reply was away from internet conection for a while and then very bussy.

O.K lets begin.

2 things - daemon & firewall
post the output of
`iptables -L -v -n`

# iptables -L -v -n
bash: iptables: command not found

So i clearly do not have the firewall installed (I only conect to the inernet from this nework which is behind it's own firewall).

is the sshd daemon running on the laptop?
at the very least check this with

`nmap -sS -O -p- -PI -PT localhost`

nmap isnot installed either so I emerged nmap. After emerging nmap I get

# nmap -sS -O -p- -PI -PT localhost

Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2007-02-22 10:42 GMT
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
All 65535 scanned ports on localhost (127.0.0.1) are: closed
Too many fingerprints match this host to give specific OS details

Nmap finished: 1 IP address (1 host up) scanned in 6.926 seconds

So I guess that means I need to open port 22. So I guess my next question would be how do I open this port?

Many Thanks

Tommy

jxi · 02-22-2007, 08:57 AM

"opening the port" is essentially starting the program/daemon associated with that port. I don't know the init style in gentoo so here are the two styles
slackware (bsd-like)

Code:

/etc/rc.d/sshd start

(make sure the execute bit(s) are set on first)

centos (redhat = sys5)

Code:

/etc/init.d/sshd start

(although this is usually accessed from a symlink like /etc/rc5.d/S55sshd, and long term - to work on reboots for example - you would control it from there.)