Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-24-2005, 05:57 PM
|
#1
|
Member
Registered: Jan 2003
Location: New York, NY, USA
Distribution: Mac OS X (10.4.6), Ubuntu 6.06
Posts: 183
Rep:
|
SSH Walkthrough?
Hey folks:
I setup a sshd server on my FC3 machine, and I had no problems. However, I disabled a few services relating to NFS, which I had been playing with, and now I keep getting the following error:
Quote:
ssh: connect to host 192.168.1.3 port 22: Operation timed out
|
Is there some walkthrough site for SSH including what services needed, open ports, and examples of appropriate hosts.allow and hosts.deny? I haven't had much luck, so I thought you folks might be able to push me in the right direction...
|
|
|
03-24-2005, 06:06 PM
|
#2
|
Member
Registered: Aug 2003
Location: Denver, CO
Distribution: CentOS, Debian
Posts: 825
Rep:
|
try using tcpdump to analyze the problem, ie watch the packets as you try to connect. as i recall you only need port 22 open. possibly port 53 for name resolution (i need this open to output for sendmail to work, iirc). and for services, all you need is sshd.
|
|
|
03-24-2005, 06:12 PM
|
#3
|
Member
Registered: Jan 2003
Location: New York, NY, USA
Distribution: Mac OS X (10.4.6), Ubuntu 6.06
Posts: 183
Original Poster
Rep:
|
Dumb question, but should I run tcpdump on the client or the server?
|
|
|
03-24-2005, 07:19 PM
|
#4
|
Member
Registered: Aug 2003
Location: Denver, CO
Distribution: CentOS, Debian
Posts: 825
Rep:
|
Quote:
Dumb question, but should I run tcpdump on the client or the server?
|
both? theoretically you should see the same thing on both, but i wouldn't take it for granted. also read man tcpdump just to get a feel for some of the options you can use. for instance
tcpdump -i eth1 -n
will listen on eth1 and provide ip addresses instead of domain names (iirc). i vaguely remember something about promiscuous mode, but i forget whether that's related to when you bring the interface up or when you run tcpdump.
|
|
|
03-24-2005, 07:21 PM
|
#5
|
Member
Registered: Aug 2003
Location: Denver, CO
Distribution: CentOS, Debian
Posts: 825
Rep:
|
oh, and either nmap or netstat (or both, hehe) can help you verify that you have a service (sshd) listening on a port (22). for instance, i think
netstat -anp
when run on the server, would show all the services. you want to look at the ones near the top, with LISTEN in the description.
|
|
|
03-24-2005, 07:26 PM
|
#6
|
Member
Registered: Jan 2003
Location: New York, NY, USA
Distribution: Mac OS X (10.4.6), Ubuntu 6.06
Posts: 183
Original Poster
Rep:
|
Quote:
unix 2 [ ACC ] STREAM LISTENING 9915 - /tmp/ssh-yEbVwu4734/agent.4734
|
Here's what I got.
ETA: One moment, didn't see your previous post. Let me get that output.
Last edited by General_Tso; 03-24-2005 at 07:33 PM.
|
|
|
03-24-2005, 07:37 PM
|
#7
|
Member
Registered: Jan 2003
Location: New York, NY, USA
Distribution: Mac OS X (10.4.6), Ubuntu 6.06
Posts: 183
Original Poster
Rep:
|
How much of the output (from tcpdump) is relevant? There doesn't seem to be an end to it...
Last edited by General_Tso; 03-24-2005 at 07:43 PM.
|
|
|
03-25-2005, 04:38 AM
|
#8
|
Member
Registered: Aug 2003
Location: Denver, CO
Distribution: CentOS, Debian
Posts: 825
Rep:
|
yeah, tcpdump will keep going until you tell it to stop. what you're looking for is connections accross the ip addresses you're interested in. you'll see every packet that gets transmitted on a given interface, so keep your eyes open for the ip addresses. if you have two terminals open, one running tcpdump -i eth0 -n, and the in the other you ping www.google.com, you'd first see a query go out on port 53 to resolve www.google.com into an ip address. you'd also see the response come back. there will probably be several packets that are just part of that transaction.
so anyway, watch which ports are used and make sure they're open in your firewall, and that you have the appropriate service listed by netstat. oh, and the UNIX ones at the bottom you can ignore, they're just on your local machine. it's the top ones, tcp and udp sockets, and even then only the ones that have LISTEN next to them. i've got a mail server, and the only services netstat lists are
sshd - tcp 22
smtp - tcp 25
sendmail accept - tcp 587
inetd - tcp 143
i don't know what 587 is for, but i have it closed off in my firewall, so it must not be necessary. 25 is for smtp and 143 is for imap (which is called by inetd). i don't need anything else open in order to ssh in. on my firewall i've got ports 22, 25, and 143 open to INPUT and 25 and 53 (for name resolution) open to OUTPUT. i also allow all packets with state RELATED or ESTABLISHED.
|
|
|
03-27-2005, 02:30 PM
|
#9
|
Member
Registered: Jan 2003
Location: New York, NY, USA
Distribution: Mac OS X (10.4.6), Ubuntu 6.06
Posts: 183
Original Poster
Rep:
|
Cool. Thanks for the explanation.
Here's the output from the server on my first attempt, running the command "ssh 192.168.1.3."
Quote:
/usr/sbin/tcpdump -i eth0 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:13:58.309949 arp who-has 192.168.1.3 tell 192.168.1.2
15:14:00.918733 arp who-has 192.168.1.3 tell 192.168.1.2
15:14:03.919112 arp who-has 192.168.1.3 tell 192.168.1.2
15:14:06.919454 arp who-has 192.168.1.3 tell 192.168.1.2
15:14:09.919808 arp who-has 192.168.1.3 tell 192.168.1.2
15:14:39.687296 IP 192.168.1.2.bootpc > 192.168.1.1.bootps: BOOTP/DHCP, Request from 00:03:93:e9:76:72, length: 300
15:14:39.689743 arp who-has 192.168.1.2 tell 192.168.1.2
15:14:39.720828 arp who-has 192.168.1.1 tell 192.168.1.2
15:14:54.923468 arp who-has 192.168.1.3 tell 192.168.1.2
15:15:12.925562 arp who-has 192.168.1.3 tell 192.168.1.2
15:15:15.925109 arp who-has 192.168.1.3 tell 192.168.1.2
15:15:18.925322 arp who-has 192.168.1.3 tell 192.168.1.2
15:15:21.925634 arp who-has 192.168.1.3 tell 192.168.1.2
13 packets captured
13 packets received by filter
0 packets dropped by kernel
|
And here's the output from the client:
Quote:
tcpdump -i en1 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
15:13:53.456282 arp who-has 192.168.1.3 tell 192.168.1.2
15:13:56.065106 arp who-has 192.168.1.3 tell 192.168.1.2
15:13:59.065324 arp who-has 192.168.1.3 tell 192.168.1.2
15:14:02.065487 arp who-has 192.168.1.3 tell 192.168.1.2
15:14:05.065683 arp who-has 192.168.1.3 tell 192.168.1.2
15:14:34.831598 IP 192.168.1.2.68 > 192.168.1.1.67: BOOTP/DHCP, Request from 00:03:93:e9:76:72, length: 300
15:14:34.833157 IP 192.168.1.1.67 > 192.168.1.2.68: BOOTP/DHCP, Reply, length: 548
15:14:34.834055 arp who-has 192.168.1.2 tell 192.168.1.2
15:14:34.865108 arp who-has 192.168.1.1 tell 192.168.1.2
15:14:34.866124 arp reply 192.168.1.1 is-at 00:03:93:e2:d0:9c
15:14:34.866187 IP 192.168.1.2.55468 > 192.168.1.1.192: UDP, length: 4
15:14:34.867263 IP 192.168.1.1.192 > 192.168.1.2.55468: UDP, length: 97
15:14:34.867511 IP 192.168.1.2.55468 > 192.168.1.1.192: UDP, length: 4
15:14:34.868519 IP 192.168.1.1.192 > 192.168.1.2.55468: UDP, length: 97
15:14:34.869226 IP 192.168.1.2.55469 > 192.168.1.1.192: UDP, length: 4
15:14:34.870347 IP 192.168.1.1.192 > 192.168.1.2.55469: UDP, length: 97
15:14:50.066940 arp who-has 192.168.1.3 tell 192.168.1.2
15:15:08.067994 arp who-has 192.168.1.3 tell 192.168.1.2
15:15:11.067335 arp who-has 192.168.1.3 tell 192.168.1.2
15:15:14.067502 arp who-has 192.168.1.3 tell 192.168.1.2
15:15:17.067655 arp who-has 192.168.1.3 tell 192.168.1.2
^C
21 packets captured
21 packets received by filter
0 packets dropped by kernel
|
So there are some dropped packets obviously. I thought it'd be useful to run the same ssh command with verbose output.
Quote:
ssh -v 192.168.1.3
OpenSSH_3.6.1p1+CAN-2004-0175, SSH protocols 1.5/2.0, OpenSSL 0x0090702f
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to 192.168.1.3 [192.168.1.3] port 22.
debug1: connect to address 192.168.1.3 port 22: Operation timed out
debug1: Connecting to 192.168.1.3 [192.168.1.3] port 22.
debug1: connect to address 192.168.1.3 port 22: Operation timed out
ssh: connect to host 192.168.1.3 port 22: Operation timed out
|
Here's the server this time:
Quote:
/usr/sbin/tcpdump -i eth0 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:16:05.447936 arp who-has 192.168.1.3 tell 192.168.1.2
15:16:08.429127 arp who-has 192.168.1.3 tell 192.168.1.2
15:16:11.429429 arp who-has 192.168.1.3 tell 192.168.1.2
15:16:14.429763 arp who-has 192.168.1.3 tell 192.168.1.2
15:16:17.430106 arp who-has 192.168.1.3 tell 192.168.1.2
15:17:02.433543 arp who-has 192.168.1.3 tell 192.168.1.2
15:17:20.438799 arp who-has 192.168.1.3 tell 192.168.1.2
15:17:23.435132 arp who-has 192.168.1.3 tell 192.168.1.2
15:17:26.435470 arp who-has 192.168.1.3 tell 192.168.1.2
15:17:29.435809 arp who-has 192.168.1.3 tell 192.168.1.2
15:17:53.439007 arp who-has 192.168.1.3 tell 192.168.1.2
15:18:17.439719 arp who-has 192.168.1.3 tell 192.168.1.2
12 packets captured
12 packets received by filter
0 packets dropped by kernel
|
And here's the client this time:
Quote:
tcpdump -i en1 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
15:16:00.587461 arp who-has 192.168.1.3 tell 192.168.1.2
15:16:03.568607 arp who-has 192.168.1.3 tell 192.168.1.2
15:16:06.568801 arp who-has 192.168.1.3 tell 192.168.1.2
15:16:09.568983 arp who-has 192.168.1.3 tell 192.168.1.2
15:16:12.569160 arp who-has 192.168.1.3 tell 192.168.1.2
15:16:57.570190 arp who-has 192.168.1.3 tell 192.168.1.2
15:17:15.574478 arp who-has 192.168.1.3 tell 192.168.1.2
15:17:18.570647 arp who-has 192.168.1.3 tell 192.168.1.2
15:17:21.570824 arp who-has 192.168.1.3 tell 192.168.1.2
15:17:24.570995 arp who-has 192.168.1.3 tell 192.168.1.2
15:17:48.571854 arp who-has 192.168.1.3 tell 192.168.1.2
15:18:12.572324 arp who-has 192.168.1.3 tell 192.168.1.2
^C
12 packets captured
12 packets received by filter
0 packets dropped by kernel
|
I'm not sure what to make of this. Any thoughts anyone?
|
|
|
All times are GMT -5. The time now is 09:35 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|