LinuxQuestions.org - Run ssh server on my notebook through wireless conection

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - Run ssh server on my notebook through wireless conection (https://www.linuxquestions.org/questions/linux-server-73/run-ssh-server-on-my-notebook-through-wireless-conection-4175550991/)

Run ssh server on my notebook through wireless conection

How to setup an ssh conection via wireless(to my notebok) which can be acessed from outside my internal coneciton? I have a d-link router and my isp don't blocks ssh. Could you plz tell me a step by step way to do it without having to pay?

The wireless doesn't matter. A network connection is a network connection.

When you say "accessed from outside my internal connection," I assume you mean "can be accessed from the internet." If my assumption is correct, here's one way that's not at all complicated:

Get some sort of DNS service (I used to use noip.com and was quite satisfied with them) to ensure that your network is discoverable from the internet.

Give the netbook a static ip address.

Open the incoming ssh port in your router, then set up port forwarding in the router to forward external calls to port 22 to the netbook's ip address.

When this is done, ssh calls coming to your router will be forwarded to the netbook.

If you are going to make ssh accessible from the big wide world, you should look into using a non-standard ssh port. This link is about CentOS, but it's a good primer: http://wiki.centos.org/HowTos/Networ...ebce74da40d8ec

OK I did it and I can't even acess my notebook internaly using the 192.168.0.102 ip. Look at the configuration file on my note:

Code:

 Package generated configuration file

# See the sshd_config(5) manpage for details



# What ports, IPs and protocols we listen for

Port 22



# Use these options to restrict which interfaces/protocols sshd will bind to

#ListenAddress ::

#ListenAddress 0.0.0.0

Protocol 2

# HostKeys for protocol version 2

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

HostKey /etc/ssh/ssh_host_ecdsa_key

HostKey /etc/ssh/ssh_host_ed25519_key

#Privilege Separation is turned on for security

UsePrivilegeSeparation yes



# Lifetime and size of ephemeral version 1 server key

KeyRegenerationInterval 3600

ServerKeyBits 1024



# Logging

SyslogFacility 

AUTH

LogLevel INFO



# Authentication:

LoginGraceTime 120

PermitRootLogin without-password

StrictModes yes



RSAAuthentication yes

PubkeyAuthentication yes

#AuthorizedKeysFile    h/.ssh/authorized_keys



# Don't read the user's ~/.rhosts and ~/.shosts files

IgnoreRhosts yes

# For this to work you will also need host keys in /etc/ssh_known_hosts

RhostsRSAAuthentication no

# similar for protocol version 2

HostbasedAuthentication no

# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

#IgnoreUserKnownHosts yes



# To enable empty passwords, change to yes (NOT RECOMMENDED)

PermitEmptyPasswords no



# Change to yes to enable challenge-response passwords (beware issues with

# some PAM modules and threads)

ChallengeResponseAuthentication no



# Change to no to disable tunnelled clear text passwords

#PasswordAuthentication yes



# Kerberos options

#KerberosAuthentication no

#KerberosGetAFSToken no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes



# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes



X11Forwarding yes

X11DisplayOffset 10

PrintMotd no

PrintLastLog yes

TCPKeepAlive yes

#UseLogin no



#MaxStartups 10:30:60

#Banner /etc/issue.net



# Allow client to pass locale environment variables

AcceptEnv LANG LC_*



Subsystem sftp /usr/lib/openssh/sftp-server



# Set this to 'yes' to enable PAM authentication, account processing,

# and session processing. If this is enabled, PAM authentication will

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication.  Depending on your PAM configuration,

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

UsePAM yes

AllowUsers sshclient

Now here's how my d-link modem is configure. It's on portuguese but i think you will get it.

This is how i've atributed the por fowarding:
http://upimage.us/server/php/files/imagem6.png

Provided that the output of ifconfig wlan0 on my notebook is:

Code:



# ifconfig wlan0



wlan0    Link encap:Ethernet  Endereo de HW 80:86:f2:f7:ff:08  

          inet end.: 192.168.0.102  Bcast:192.168.0.255  Masc:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Mtrica:1

          pacotes RX:32696 erros:0 descartados:0 excesso:0 quadro:0

          Pacotes TX:32757 erros:0 descartados:0 excesso:0 portadora:0

          colises:0 txqueuelen:1000 

          RX bytes:28906538 (28.9 MB) TX bytes:6123307 (6.1 MB)

And the first colum of the image stands for initial port and the second the final port.

And this is how I did setup my static ip to the router:

http://upimage.us/server/php/files/imagem72028129.png

No look at that:

Code:





root@ubuntu-pos-ag31ap:/# ssh sshclient@192.168.0.1

ssh: connect to host 192.168.0.1 port 22: Connection refused

This is from a lan connected computer in the same router. When I do from a wifi conected device:

Code:



ssh -l sshclient 192.168.0.102

ssh: connect to host 192.168.0.102 port 22. No route to host

And I try what I really want:

Code:

ssh sshclient@***********



ssh: conection timed out

Where ********** is the ip that I've got from ipchicken.

Another thing is that I'm able to ping my Lan connected desktop, but no able to ping my wlan notebook.It gives me "host unreachable" That might be a problem.

If is needed me to translate something for you, don't be afraid to ask me, I really need your help! Is the first time I'm doing this so every kind of help is welcome. Things are bad here.

Thanks!

edit: One more thing if it helps:

Code:

nmap -A -T4 -Pn ********



Starting Nmap 6.47 ( http://nmap.org ) at 2015-08-18 11:28 BRT

Nmap scan report for **************.xd-dynamic.ctbcnetsuper.com.br (*************)

Host is up.

All 1000 scanned ports on *************************.xd-dynamic.ctbcnetsuper.com.br (**************) are filtered



Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 101.55 seconds

What distribution / version is running on the laptop?
Is the ssh server actually running? (one way to check is ps ax | grep sshd)
Can you login using ssh on the laptop itself? (ssh sshclient@localhost)
If a firewall is running does it allow ssh traffic?

If all that works then it should be possible to login via another computer on your LAN. I expect ssh sshclient@192.168.0.1 to fail since I assume that 192.168.0.1 is your router's IP address. Once you can login on your LAN the we can try through the router.

Using ubuntu 15.04, ssh is running I guess, at least the client is working.

Code:



# ps ax | grep sshd

25788 pts/3    S+    0:00 grep --color=auto sshd

I did

Code:

sudo ufw allow ssh

And it updated the rules.

192.168.0.1 is the ip of my router, And I can't login into my own laptop using itself. here's what happens:

Code:

# ssh sshclient@192.168.0.102

ssh: connect to host 192.168.0.102 port 22: Connection refused

I must be really lost

ssh is not running. What happens when you run the command
sudo systemctl start ssh

The first time I runned the comand as root, i didn't returned nothing. The second time I just get:

Code:

# systemctl start ssh

Job for ssh.service failed. See "systemctl status ssh.service" and "journalctl -xe" for details.

Here are the systemctl and journalctl -xe:

Code:



# systemctl status ssh.service

 ssh.service - OpenBSD Secure Shell server

  Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)

  Active: failed (Result: start-limit) since Ter 2015-08-18 14:16:08 BRT; 8s ago

  Process: 28790 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255)

 Main PID: 28790 (code=exited, status=255)



Ago 18 14:16:07 matt-Vostro-5470 systemd[1]: Unit ssh.service entered failed state.

Ago 18 14:16:07 matt-Vostro-5470 systemd[1]: ssh.service failed.

Ago 18 14:16:08 matt-Vostro-5470 systemd[1]: ssh.service holdoff time over, scheduling restart.

Ago 18 14:16:08 matt-Vostro-5470 systemd[1]: start request repeated too quickly for ssh.service

Ago 18 14:16:08 matt-Vostro-5470 systemd[1]: Failed to start OpenBSD Secure Shell server.

Ago 18 14:16:08 matt-Vostro-5470 systemd[1]: Unit ssh.service entered failed state.

Ago 18 14:16:08 matt-Vostro-5470 systemd[1]: ssh.service failed.

Ago 18 14:16:08 matt-Vostro-5470 systemd[1]: start request repeated too quickly for ssh.service

Ago 18 14:16:08 matt-Vostro-5470 systemd[1]: Failed to start OpenBSD Secure Shell server.

Ago 18 14:16:08 matt-Vostro-5470 systemd[1]: ssh.service failed.

And the firsts line:

Code:

# journalctl -xe          

Ago 18 14:18:23 matt-Vostro-5470 polkitd(authority=local)[1052]: Registered Authentication Agent for unix-proc

Ago 18 14:18:23 matt-Vostro-5470 systemd[1]: start request repeated too quickly for ssh.service

Ago 18 14:18:23 matt-Vostro-5470 systemd[1]: Failed to start OpenBSD Secure Shell server.

-- Subject: A unidade ssh.service falhou

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- 

-- A unidade ssh.service falhou.

-- 

-- O resultado  failed.

Ago 18 14:18:23 matt-Vostro-5470 systemd[1]: ssh.service failed.

Ago 18 14:18:23 matt-Vostro-5470 sudo[28981]: pam_unix(sudo:session): session closed for user root

Ago 18 14:18:23 matt-Vostro-5470 polkitd(authority=local)[1052]: Unregistered Authentication Agent for unix-pr

Ago 18 14:18:43 matt-Vostro-5470 sudo[29000]: matheus : TTY=pts/1 ; PWD=/home/matheus ; USER=root ; COMMAND=/b

Ago 18 14:18:43 matt-Vostro-5470 sudo[29000]: pam_unix(sudo:session): session opened for user root by matheus(

Ago 18 14:18:43 matt-Vostro-5470 su[29001]: Successful su for root by root

Ago 18 14:18:43 matt-Vostro-5470 su[29001]: + /dev/pts/1 root:root

Ago 18 14:18:43 matt-Vostro-5470 su[29001]: pam_unix(su:session): session opened for user root by matheus(uid=

But I don't no how can it be since I can ensure you that the ssh client of the same notebook works perfectlly.

Many commands do not return any status if completed successfully. The error appears to be caused by trying to start ssh again. Try starting it again only once then check its status.

Ok! I'll post here a sequence of terminal commands to answer everything you asked michaelk. All was done in the sequence that is putted:

Code:

root@matt-Vostro-5470:/home/matheus# ps ax | grep sshd

30501 pts/1    S+    0:00 grep --color=auto sshd

root@matt-Vostro-5470:/home/matheus# sudo systemctl start ssh

root@matt-Vostro-5470:/home/matheus# ps ax | grep sshd

30548 pts/1    S+    0:00 grep --color=auto sshd

root@matt-Vostro-5470:/home/matheus# sudo systemctl start ssh

root@matt-Vostro-5470:/home/matheus# ps ax | grep sshd

30573 pts/1    S+    0:00 grep --color=auto sshd

root@matt-Vostro-5470:/home/matheus# sudo systemctl start ssh

Job for ssh.service failed. See "systemctl status ssh.service" and "journalctl -xe" for details.

root@matt-Vostro-5470:/home/matheus# ps ax | grep sshd

30587 pts/1    S+    0:00 grep --color=auto sshd

root@matt-Vostro-5470:/home/matheus# sudo systemctl start ssh

root@matt-Vostro-5470:/home/matheus# ps ax | grep sshd

30608 pts/1    S+    0:00 grep --color=auto sshd

root@matt-Vostro-5470:/home/matheus# sudo systemctl start ssh

Job for ssh.service failed. See "systemctl status ssh.service" and "journalctl -xe" for details.

Just for grins lets try to start sshd from the command line i.e.
/usr/sbin/sshd -D

Post any error messages. The terminal will sort of look like it has hanged and you should not see a new command line prompt. In an new terminal window try logging in as
ssh sshclient@localhost

To stop ssh press ctrl-c (the terminal window that ssh is running should be selected first)

here it is:

Code:



# /usr/sbin/sshd -D

/etc/ssh/sshd_config line 24: unsupported log facility ''

Nothing more happened

Your sshd_config file appears to have a syntax problem. Make sure it looks like the following.

Code:

# Logging

SyslogFacility AUTH

LogLevel INFO

That worked man! Now "sudo systemctl start ssh" doesn't reply any error. I think we have it now:

Code:

# ps ax | grep sshd

  430 ?        Ss    0:00 /usr/sbin/sshd -D

  498 pts/1    S+    0:00 grep --color=auto sshd

Here's my config file now:

Code:

# cat /etc/ssh/sshd_config 

# Package generated configuration file

# See the sshd_config(5) manpage for details



# What ports, IPs and protocols we listen for

Port 22



# Use these options to restrict which interfaces/protocols sshd will bind to

#ListenAddress ::

#ListenAddress 0.0.0.0

Protocol 2

# HostKeys for protocol version 2

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

HostKey /etc/ssh/ssh_host_ecdsa_key

HostKey /etc/ssh/ssh_host_ed25519_key

#Privilege Separation is turned on for security

UsePrivilegeSeparation yes



# Lifetime and size of ephemeral version 1 server key

KeyRegenerationInterval 3600

ServerKeyBits 1024



# Logging

SyslogFacility AUTH

LogLevel INFO



# Authentication:

LoginGraceTime 120

PermitRootLogin without-password

StrictModes yes



RSAAuthentication yes

PubkeyAuthentication yes

#AuthorizedKeysFile    h/.ssh/authorized_keys



# Don't read the user's ~/.rhosts and ~/.shosts files

IgnoreRhosts yes

# For this to work you will also need host keys in /etc/ssh_known_hosts

RhostsRSAAuthentication no

# similar for protocol version 2

HostbasedAuthentication no

# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

#IgnoreUserKnownHosts yes



# To enable empty passwords, change to yes (NOT RECOMMENDED)

PermitEmptyPasswords no



# Change to yes to enable challenge-response passwords (beware issues with

# some PAM modules and threads)

ChallengeResponseAuthentication no



# Change to no to disable tunnelled clear text passwords

#PasswordAuthentication yes



# Kerberos options

#KerberosAuthentication no

#KerberosGetAFSToken no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes



# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes



X11Forwarding yes

X11DisplayOffset 10

PrintMotd no

PrintLastLog yes

TCPKeepAlive yes

#UseLogin no



#MaxStartups 10:30:60

#Banner /etc/issue.net



# Allow client to pass locale environment variables

AcceptEnv LANG LC_*



Subsystem sftp /usr/lib/openssh/sftp-server



# Set this to 'yes' to enable PAM authentication, account processing,

# and session processing. If this is enabled, PAM authentication will

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication.  Depending on your PAM configuration,

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

UsePAM yes

AllowUsers sshclient

But I still can't connect from my own laptop even if I restart ssh:

Code:

# ssh sshclient@192.168.0.1

ssh: connect to host 192.168.0.1 port 22: Connection refused

192.168.0.1 is the IP address or your router.

Use ssh sshclient@192.168.0.102 or ssh sshclient@localhost

Quote:

Originally Posted by michaelk (Post 5407519)

192.168.0.1 is the IP address or your router.

Use ssh sshclient@192.168.0.102 or ssh sshclient@localhost

LOL. That was really lack of attetion. Thanks for being patient. Now I guess that I'm with the right port configuration on my router, but i still can't stablish a external conection. When I try "ssh sshclient@my.external.ip.atthemoment", after a long time waiting I get "conection timed out". I already look up to my isp and i can esure you that it allows ssh. My router configuration reallly seens to take as initial port 22 and redirect to 22 for the 192.168.0.102 ip. You can check it on the reply that i did gave above.

I don't want to try dns server now since I want to do it setp by step, so how to check what is going wrong now?