ssh stuffs
 

hey guys,

i have setup a linux box far from a city, RH8. from the iptables point of view, i have opened up port 22 for ssh. now, i am living in other city, and would like to ssh this linux box from internet.
how am i going to do? i've tried to ssh the adsl ip which dedicated for the linux box, but fail. from outside, i've try to nmap the opening port, but also failed.
now, i want to do remote control from here, how?
pls, help... this is urgent! thanks for any helps and concerns.

1. Did you start up the ssh client or the ssh server (sshd) on the linux box? You'll need to have the daemon started if you want to ssh in.

2. Make sure the daemon is really on:
chkconfig --list | grep sshd
It should say "on" for run levels 3 and 5
Then do:
service sshd restart

3. Make sure it's listening properly:
netstat -lan
You should see something actively listening on port 22

4. Make sure your firewall isn't blocking port 22:
more /etc/sysconfig/iptables
Depending on how your firewall is configured, you may or may not see a specific rule allowing incoming packets on port 22. You can add a rule to allow ssh using the iptables command or if you're uncomfortable with the command line you can using the firewall GUI in Redhat. On 8.0 there is actually a little checkbox you can click to allow ssh.
HTH

so, does it secure if i do ssh to my linux bx? will there be any eavesdropping happens in this case? do i need to do some sort of security procedure to get rid of the incident to happen?
thanks

SSH is a pretty secure protocol. Anyone sniffing packets would just see un-readable encypted characters. If you want to know more about the SSH crypto usage, just look at the ssh man page.

One thing I would recommend would be to edit the /etc/ssh/sshd_config file and disable root logins (change PermitRootLogin yes) to "no". That makes it a bit harder to crack the root password. Then login as a normal user and use su - to become root.

Just a question for you, were you able to login by SSH before?

thanks for guidance capt_caveman. nope.... i am still NOT able to login. last time, when i was in the same LAN. i was able to login.
hmm.... how should i login then??? now, i want to login from internet...as ur information, my linux box is my main gateway, there are two NIC, one is for private (local network) and one is for public (internet). the linux box is connected to an adsl line....and that is 24 hrs online.....i never shut it down. so, i am ssh to the public NIC from internet. do i make a correct step? i tried both sshd and netstat are ok.....

try running (you must be root)

hping server_addr --traceroute -p 22 -S

This will perform a traceroute, except that it'll use TCP SYN packets with incremental ttl values (starting at 1). This will show you the path that your packets follow, and if your packets never reaches the server, you will simply stop seeing anything at some point. (Unless you get connection refused, in which case you will see RST packets, if you reach the host and it accepts your connections you will see SYN/ACK packets, "flags=SA").

If this succeeds, you need to configure sshd to actaully allow connections from anywhere (man sshd_config)