Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-04-2007, 10:19 AM
|
#1
|
Member
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508
Rep:
|
SSH: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Hi guys,
I have a server which has 2 IP addresses (2 NIC)
1 public
1 private
Anyway, I have always SSH in to this server, via the private ip from another server. In fact, I can ssh into this server via another server even if I use the public IP.
Problem is, now I can't access the server via the public ip directly (over internet etc)
in /var/logs/secure, I am getting...
Quote:
error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
|
I've tried ssh localhost from the same machine and it works.
I even try uncommenting the line that specify it to search for IPv6 in sshd_config and still it doesn't work.
Have restarted service etc.. nope
Now left to reset the machine, which I will be doing tommorrow morning when lesser people are using it... but any idea?
thanks!
|
|
|
05-04-2007, 10:30 AM
|
#2
|
Senior Member
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243
Rep:
|
Post the output of
and
Code:
lsof -p `ps -ef | grep [/]sshd | awk '{print $2}'`
and we'll be able to see what's going on!
cheers
Jamie
|
|
|
05-04-2007, 02:54 PM
|
#3
|
Member
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508
Original Poster
Rep:
|
netstat output (removed public ips)
In between got a space because there's more similiar entrees but I thought I cut short. Also *** is to mask the ip address.
Quote:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 192.168.10.60:53 0.0.0.0:* LISTEN
tcp 0 0 ***.***.***.***:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 192.168.10.60:3306 192.168.10.206:54792 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.60:32797 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.60:32798 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54805 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.60:32790 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.60:32786 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.208:35422 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.208:35415 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.208:35407 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54623 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54627 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.208:55677 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.208:55676 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54633 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54632 ESTABLISHED
tcp 0 0 192.168.10.60:32790 192.168.10.60:3306 ESTABLISHED
tcp 0 0 192.168.10.60:32786 192.168.10.60:3306 ESTABLISHED
tcp 0 0 192.168.10.60:32798 192.168.10.60:3306 ESTABLISHED
tcp 0 0 192.168.10.60:32797 192.168.10.60:3306 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54636 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54897 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54640 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54899 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54898 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.208:35436 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54901 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54647 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.208:35433 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54651 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54650 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:42947 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54725 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54729 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54732 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54735 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:42959 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54741 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54744 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54752 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54754 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54760 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:42998 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.206:54776 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.207:50688 ESTABLISHED
tcp 0 0 192.168.10.60:22 192.168.10.105:48497 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.205:41007 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.207:50511 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.207:50516 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.207:50524 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.207:50525 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.207:50531 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.207:50540 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.207:50545 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.207:50549 ESTABLISHED
tcp 0 0 192.168.10.60:3306 192.168.10.205:40925 ESTABLISHED
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 ::1:953 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
udp 0 0 0.0.0.0:32768 0.0.0.0:*
udp 0 0 0.0.0.0:32770 0.0.0.0:*
udp 0 0 0.0.0.0:678 0.0.0.0:*
udp 0 0 192.168.10.60:53 0.0.0.0:*
udp 0 0 ***.***.***.***:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
udp 0 0 :::32769 :::*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 6367 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 6174 /var/lib/mysql/mysql.sock
unix 2 [ ] DGRAM 6476 @/var/run/hal/hotplug_socket
unix 2 [ ACC ] STREAM LISTENING 6301 /dev/gpmctl
unix 13 [ ] DGRAM 5022 /dev/log
unix 2 [ ] DGRAM 3190 @udevd
unix 2 [ ACC ] STREAM LISTENING 5537 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 6426 /var/run/dbus/system_bus_socket
unix 2 [ ] DGRAM 8211
unix 3 [ ] STREAM CONNECTED 8134
unix 3 [ ] STREAM CONNECTED 8133
unix 3 [ ] STREAM CONNECTED 6474 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6473
unix 2 [ ] DGRAM 6444
unix 3 [ ] STREAM CONNECTED 6429
unix 3 [ ] STREAM CONNECTED 6428
unix 2 [ ] DGRAM 6383
unix 2 [ ] DGRAM 6369
unix 2 [ ] DGRAM 6325
unix 2 [ ] DGRAM 6295
unix 2 [ ] DGRAM 5940
unix 2 [ ] DGRAM 5913
unix 2 [ ] DGRAM 5836
unix 3 [ ] STREAM CONNECTED 5397
unix 3 [ ] STREAM CONNECTED 5396
unix 2 [ ] DGRAM 5288
unix 2 [ ] DGRAM 5138
unix 2 [ ] DGRAM 5116
|
lsof - what is this command for?
Quote:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 2370 root cwd DIR 8,9 4096 2 /
sshd 2370 root rtd DIR 8,9 4096 2 /
sshd 2370 root txt REG 8,9 340040 488677 /usr/sbin/sshd
sshd 2370 root mem REG 8,9 105120 507386 /lib64/ld-2.3.4.so
sshd 2370 root mem REG 8,9 35176 488770 /usr/lib64/libwrap.so.0.7.6
sshd 2370 root mem REG 8,9 35024 507604 /lib64/libpam.so.0.77
sshd 2370 root mem REG 8,9 17959 507596 /lib64/libdl-2.3.4.so
sshd 2370 root mem REG 8,9 1225336 507389 /lib64/libcrypto.so.0.9.7a
sshd 2370 root mem REG 8,9 17375 507324 /lib64/libutil-2.3.4.so
sshd 2370 root mem REG 8,9 79336 484026 /usr/lib64/libz.so.1.2.1.2
sshd 2370 root mem REG 8,9 107367 507600 /lib64/libnsl-2.3.4.so
sshd 2370 root mem REG 8,9 30078 507606 /lib64/libcrypt-2.3.4.so
sshd 2370 root mem REG 8,9 91436 507327 /lib64/libresolv-2.3.4.so
sshd 2370 root mem REG 8,9 62504 507603 /lib64/libselinux.so.1
sshd 2370 root mem REG 8,9 93832 488123 /usr/lib64/libgssapi_krb5.so.2.2
sshd 2370 root mem REG 8,9 464040 487083 /usr/lib64/libkrb5.so.3.2
sshd 2370 root mem REG 8,9 145424 486809 /usr/lib64/libk5crypto.so.3.0
sshd 2370 root mem REG 8,9 10384 511243 /lib64/libcom_err.so.2.1
sshd 2370 root mem REG 8,9 1490956 507593 /lib64/tls/libc-2.3.4.so
sshd 2370 root mem REG 8,9 56807 507365 /lib64/libnss_files-2.3.4.so
sshd 2370 root 0u CHR 1,3 1650 /dev/null
sshd 2370 root 1u CHR 1,3 1650 /dev/null
sshd 2370 root 2u CHR 1,3 1650 /dev/null
sshd 2370 root 3u IPv4 5811 TCP *:ssh (LISTEN)
|
btw, i am having problem ftp-ing in too
|
|
|
05-06-2007, 02:32 AM
|
#4
|
Member
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508
Original Poster
Rep:
|
hi guys anyone?
|
|
|
05-06-2007, 02:44 AM
|
#5
|
Senior Member
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243
Rep:
|
Quote:
Originally Posted by Swakoo
lsof - what is this command for?
|
lsof lists open files, including network sockets that are in use. It was really just so I could see what port sshd was listenening on.
Quote:
Originally Posted by Swakoo
btw, i am having problem ftp-ing in too
|
Uhm... I can't see anything wrong in these. You got a firewall setup with iptables? If so are you sure that's not the cause of your problems?
HTH
Jamie
|
|
|
05-06-2007, 09:06 PM
|
#6
|
Member
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508
Original Poster
Rep:
|
I'll be damm... I'm sure even with iptables OFF it wasn't working before... (SSH and FTP).. but i did a reset a couple of days back, but didn't thought of trying to turn off the iptables... now it works...
I'll be damm.
Nonetheless, thanks for your help!
since we are on the topic, can I ask 2 things?
1) lsof list open files you were saying. we use that to check for connections becase sockets are basically file descriptors?
2) i always find iptables configuration a big mystery, you reckon any good tutorials i can base on to configure my own?
Is it ok i configure iptables config file directly?
|
|
|
05-08-2007, 04:24 AM
|
#7
|
Member
Registered: Dec 2004
Location: India
Distribution: Mandrake, Mandriva, PclinuxOS
Posts: 114
Rep:
|
Quote:
Originally Posted by Swakoo
2) i always find iptables configuration a big mystery, you reckon any good tutorials i can base on to configure my own?
Is it ok i configure iptables config file directly?
|
This one's really good. From the makers of iptables...fresh and crispy.........
http://www.netfilter.org/documentati...entation-howto
If you find the above also difficult, try using some gui frontends such as firestarter,etc. Or may be other commnad line utilities(firewalls) to configure a proper firewall may be something like shorewall??
|
|
|
All times are GMT -5. The time now is 09:13 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|