LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   I need to allow ssh access (https://www.linuxquestions.org/questions/linux-newbie-8/i-need-to-allow-ssh-access-386526/)

Lsteele 11-25-2005 05:59 PM

I need to allow ssh access
 
I need to allow ssh access to my SuSE 9.1 system. It tells me "connection refused". Where do I allow the ssh connection? I am using putty from my Windows 2000 Pro system to connect to the SuSE 9.1 linux system.

btmiller 11-25-2005 08:37 PM

Check if your sshd is running -- to do so become root and type "service sshd status". If it's not running, type "service sshd start" to start it and then "chkconfig sshd on" to make sure it gets started on boot. If sshd is running and you still can't connect, then check your firewall settings to make sure port 22 is being allowed through (I think that the firewall can be controlled via YaST, but I'm not 100% sure).

Lsteele 11-25-2005 11:38 PM

I get "Command not Found". I guess I do not have "service". I did a find files for it and just found a folder.

danimalz 11-26-2005 12:22 AM

In order to successfully connect you need:

1) running sshd daemon

2) port 22 open

3) other various things, but 1 and 2 are the most impt.

The previous response was redhat specific. Try running the following command:

lsof -i | grep LI

this will show open files that are 'Listening' on ports. If you have a ssh daemon running you'll see it here.

If it is not running then you'll need to start the ssh service. This is done differently depending on your distribution. In debian for example, you'd type: /etc/init.d/ssh restart

Then, you can go to a site like scan.sygate.com and run a scan against your own computer. If traffic is being allowed inbound to port 22, then you'll see it there. If not, then you must open your firewall.

if you don't understand any of this, then you are a true newbie and should delve into tutorials and howtos for awhile. If you are on a network you'll need to understand port forwarding.\

I hope i've confused u... :)

Lsteele 11-26-2005 02:16 AM

Thanks, I did a /etc/init.d/ssh restart and it restarted the ssh daemon. lsof still did not show ssh or port 22. scan.sygate.com says that port 22 is closed. Do you have any idea how to open it on a SuSE 9.1 system?

Lsteele 11-26-2005 10:42 AM

Of course, I might be only testing the DSL Router? Is there a command to open port 22?

sundialsvcs 11-27-2005 12:58 PM

:tisk: Now that you have ssh open to the outside world, it will only be a matter of days, or even hours, before a script-kiddie probes your IP-address, finds a response from sshd, and starts to attack it. If you've got an "easy" password, or you've neglected some of the default user-ids like news, you're dead-meat.

I strongly advise that you study the part about "digital certificates" in the ssh documentation, and set up your system so that it only entertains logins from systems that possess a certificate issued by you, and will not "fall back" to userid/password authentication in any case.

If you do this .. and it's simple and easy to do .. then you can be assured that the only systems that your computer will even listen to are those to whom you have issued a valid certificate. "Please present your security badge for entry." The attacker's attempts will be rather-effortlessly foiled.

Lsteele 11-27-2005 01:17 PM

How do i know if it is open? Is there a command that I can run from the prompt to open or close port 22, eetc? Or can I control the port from YaST?

Brian1 11-27-2005 01:39 PM

Need to define some more info.
Are both the suse and windows 2000 behind the router?
If they are both inside your private network then the suse box may have a firewall running. Disable the firewall and see if you can make the connection. If that works you need to open port 22 on suse firewall configuration. Or you can leave it down since behind the router as long as the router does not have any ports being fowarded to and internal lan machine ip. The more layers you can put up the more secure you are.

Running nmap on the suse box will show open ports on the localhost address of 127.0.0.1. But if a firewall is up nmap will show the open ports but the firewall will be blocking on your suse lan machine ip. You can also install a portscanning tool on the windows box and scan your suse box to see if port 22 is open. This will be one quick question to answer to see if a service is running on port 22 and is open.

Do you plan on connections from outside on the internet to the suse box?
If not don't worry about the remote portscan. It will only be scanning your router.

Since you have a router then the router is secure if it did not show and open port of 22 from your remote portscan.

Hope this helps
Brian

Lsteele 11-27-2005 04:12 PM

I do not have nmap on my SuSE box. Is there another way?
Both the SuSE box and the Windows box are behnf the DSL Router and als another computer that the DSL plugs into.
Once I have my sustem allowing a ssh connection, then I need to use that knowledge and setup another remote system (a customer machine) to do the same so i can help him solve a problem.

btmiller 11-27-2005 05:03 PM

You can always do "telnet localhost 22" (no quotes). If you get a response like:

Code:

Connected to localhost.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.9p1

then sshd is running on your system. If you get connection timed out, it is not. If you still can't connect from the Win 2K system, go into YaST and go to the security menu and select the firewall configuration. Check and make sure that port 22 is allowed through.

Brian1 11-27-2005 05:25 PM

Download lanspy for the windows platform and use it to run a scan on the suse box. Since you are not sure you got to know if the port is open before going further.

Brian1

Lsteele 11-27-2005 05:50 PM

BTMiller, I ran telnet localhost 22, and got "connection refused". I used YaST to configure the firewall and checked ssh, but I still am getting connection refused.
There is a "internal connection that was (none), and I tried the drop down entry of eth-id-00:..., which still gives me connection refused. I went back to the firewall and under advanced, I allowed 22:23, but I still get connection refused??

Brian1 11-27-2005 05:55 PM

I may have misunderstood the last post on edit the firewall. Do you mean the firewall router here. If so I would do one thing at a time. Get the sshd server up and allow connection from the windows 2000 box before allowing any external traffic into your network.

Brian1

Lsteele 11-27-2005 06:16 PM

No, I meant the YaST firewall, under security and users.
Idownloaded Lanspy and the results on the SuSE box (192.168.0.59) are:
192.168.0.59 (linux.mshome.net)
Round Trip Time (RTT): <10 ms
Time To Live (TTL): 64
DNS name: linux.mshome.net
MAC: 00:11:95:1D:C6:4E
UDP ports
Nothing about ssh or port 22?

btmiller 11-27-2005 08:21 PM

Do you see the sshd process running when you do "ps aux | grep sshd | grep -v grep"? If not, you need to start it. You must start the sshd as root, so become root and do "/etc/rc.d/init.d/sshd start " and then try the ps command above again to verify it is running. If it is running, you should be able to connect to port 22 noiw (assuming you left the firewall stuff open). If not, you need to check your system log or look at any error messages printed on screen to see what is wrong.

danimalz 11-30-2005 12:10 AM

Seems you're still having troubles...:)

The first thing you need to check is your dsl router. In my previous post i warned you about something called 'port forwarding' - i hope you've read about it.

Anyway, most newer dsl routers have quite sophisticated management interfaces and make this easy. Find out the manufacturer and model. Go to their website and find out how to access and configure the router.

As an aside, there is an interesting dynamic being propagated by major dsl providors - they send you all the hardware via mail, then you just plug it in. This saves them tons of tech support costs, but puts you at risk, because most of the routers are set up very security-loose. I'll bet that 90% of the routers used in homes today still are set to the default administrative password for example.

If you are asking these types of questions, then i'd bet if you gave me your real IP address I could get in and configure it for you ... :)

Nontheless, back to your problem. You need to verify whether the router is allowing connections to port 22. If it is not, you'll need to open it up by forwarding port 22 connections to the machine you're running sshd on. This is normally done by accessing the router (usually at 192.168.1.1) with a web browser. You'll need to ensure you're useing a static IP address on the sshd machine. Even better, turn off dhcp at the router altogether if you don't have a large number of computers, or come-and-go wireless machines.

Once you are sure that the router is sending ssh requests to the proper IP address, then you can figure out the firewall and other issues on that machine.

Yeah, it's involved and complicated (not really). But, I've learned everything I know from mostly reading available resources on the net. Im encouraging you (again) to do this for yourself too. It shouldnt be taking you this long to figure out what the problem is here.

cheers, keep at it,
Danimal


All times are GMT -5. The time now is 03:45 AM.