sshd_config : ListenAddress not working

michalng · 04-06-2010, 07:00 AM

Install openssh so that I can access my desktop (192.168.1.100) from my laptop (192.168.1.200) using konqueror with "fish".

Googled and read that the sshd_config should be updated to enhance security.
Tried fiddling with sshd_config on the desktop and hit a brick wall.

Before setting ListenAddress 192.168.1.200 in sshd_config, the laptop can access the desktop with problem.
However, after setting it, the laptop is not able to access the desktop.

Did I understand the setting correctly or is there some bug?

EricTRA · 04-06-2010, 07:18 AM

Hello,

As I read through your post there's one thing I noticed that I'm not sure if it's a typo or did you really set it like that? The ListenAddress has to be the IP to which you are connecting, so if you want to connect FROM your laptop TO your desktop the ListenAddress has to show the IP of your desktop.

Also restart sshd after changing configuration.

Kind regards,

Eric

michalng · 04-06-2010, 07:49 AM

Hi Eric,

hope I can explain a little clearer here :

Desktop (the server) - 192.168.1.100
Laptop (the client) - 192.168.1.200

Connect from laptop to desktop successful.

Edit the file sshd_config of desktop adding:
ListenAddress 192.168.1.200

Restart sshd after changing configuration with /etc/init.d/ssh restart

Connect from laptop to desktop unsuccessful.

Edit the file sshd_config of desktop removing:
ListenAddress 192.168.1.200

Connect from laptop to desktop successful again.

Still trying but same problem

EricTRA · 04-06-2010, 11:00 AM

Hello,

As mentioned in my previous post, the computer TO which you connect needs its own IP as ListenAddress, so you should put

Code:

ListenAddress 192.168.1.100

in the sshd_config file of the desktop pc and restart ssh server. Then you will be able to connect FROM your laptop (192.168.1.200) to your ssh server on your desktop (192.168.1.100).

The logic behind this is to make the SSH server on the desktop pc listen on this IP (which has to be configured on the desktop) and accept connections on port 22 of that IP/computer.

I hope this makes it a bit clearer.

Kind regards,

Eric

michalng · 04-06-2010, 05:10 PM

Hi Eric,

thanks for the patience to explain so clearly.

garysteers · 04-06-2010, 06:00 PM

Hi Michalng

If you are still concernd about security then you can sure up your sshd config in may ways,

This article can help you do it via groups:
http://www.cyberciti.biz/tips/openss...nd-groups.html

Also, you can stop root being able to login under ssh (you can login as a normal user and either su or sudo to do root type stuff)

PermitRootLogin no

That's the code you would want for that

Hope this helps!