Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-13-2007, 08:41 AM
|
#1
|
Member
Registered: Oct 2007
Distribution: Fedora, openSUSE
Posts: 252
Rep:
|
ssh connection refused - trying to set up ssh server at home
Hi,
I'd like to be able to use ssh to connect to my home computer remotely. I've been trying things out and tweaking config files but I've not got very far. I can't tell exactly what the problem is at this stage, but I'll tell you what I've done and hopefully somebody can tell me how to diagnose it properly.
I'm running Fedora 7 on my home PC, and for testing purposes I'm running Knoppix from a Live CD on another machine (although I eventually hope to connect using Putty on Windows). I believe this line confirms the ssh daemon is running on Fedora:
Code:
> ps -ef | grep sshd
root 2038 1 0 11:37 ? 00:00:00 /usr/sbin/sshd
The file /etc/ssh/sshd_config includes the following lines:
Code:
PasswordAuthentication yes
ChallengeResponseAuthentication yes
Although as I understand it I should only really need one or the other, and once I've got everything working and I understand it properly, I'll be able to disable both and use only key authentication.
Both computers are connected to a router which is connected directly to the internet; the router is configured to forward a port to my Fedora box which matches the port specified in /etc/ssh/sshd_config. On the Knoppix box, I type
Code:
ssh -p <port> guest@<IP>
where < IP> is the external IP address of the router (i.e. the one that whatismyip.com tells me). ssh returns immediately with "connection refused", it seems as though it doesn't even have time to try to connect, but maybe the router doesn't need to forward to the DNS for its own address? Or maybe these things are just faster than I think.
Can anyone tell me what I should try next? Is there a way to tell if the connection is actually being refused by my Fedora PC, or by the router, or elsewhere?
|
|
|
10-13-2007, 10:22 AM
|
#2
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
Do you have the Fedora default firewall up. If so is post 22 for sshd open?
Brian
|
|
|
10-13-2007, 10:25 AM
|
#3
|
Member
Registered: Aug 2005
Location: New Brunswick
Distribution: Trisquel
Posts: 70
Rep:
|
it sounds like it could be a tcpwrapper problem you should check your /ets/hosts.allow and be sure connections to sshd are allowed correctly or especially if your /etc/hosts.deny is set to something like ALL: ALL
Hope this helps
Freemor
|
|
|
10-13-2007, 12:53 PM
|
#4
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
One thought. If you have a firewall on the machine and port 22 is open then this may be your issue. If you are on a lan machine trying to connect to the sshd machine using the external IP then it will more than likely work. Reason is many of these store bought routers lack the support to DNAT back onto itself that way. You need to goto a remote location and try to connect and see what happens.
Other thoguht is maybe the ISP is blocking common server ports.
Goto here and run the advance portscan to see if it is open an up.
http://www.hackerwatch.org/probe/
Brian
|
|
|
10-14-2007, 07:05 AM
|
#5
|
Member
Registered: Oct 2007
Distribution: Fedora, openSUSE
Posts: 252
Original Poster
Rep:
|
Freemor: /etc/hosts.allow and /etc/hosts.deny are empty. I was hoping this wouldn't matter so long as password authentication and challenge-response authentication were enabled? My understanding is those files are used for host-based authentication, but any one type of authentication is acceptable. In any case, the man page for hosts_access says that if both files are empty, all hosts will be allowed.
Brian1: I do have the Fedora default firewall up, it's a little hard to be sure how it's configured though. I don't know if you're familiar with it, its config window has a list of trusted services (ssh is trusted; no others), and a list of "other ports". I think maybe it's simply identifying the various services (FTP, SMTP, HTTP, HTTPS etc) with different ports - I tried adding port 443 earlier, and when I looked at the firewall config again, the port wasn't listed but HTTPS was checked as a trusted source. Adding port 22 and then going back into the config tool, it looks like nothing has changed. At least, that's how it was yesterday - now I can't add port 443 or any other port, I think the config tool isn't working properly. Do you know what config files it might be using, or where I could find out?
I tried the hackerwatch.org portscan, it seemed to ignore port 22 though. It said port 21 was closed but insecure (despite the firewall), port 23 was secure (invisible to outside world), and gave similar reports for 7 other ports.
Quote:
Originally Posted by Brian1
If you are on a lan machine trying to connect to the sshd machine using the external IP then it will more than likely work.
|
Should this have read "more than likely not work"? If not, I'm not sure what you mean - that is what I'm doing, and it isn't working! If you meant to say "not", could you say why the router couldn't pass the request on to my ISP server which would then send it straight back here? I'll try it from a remote location when I get the chance, but I'm not very confident about getting it to work when I can't get it to work from home.
Last edited by openSauce; 10-14-2007 at 07:07 AM.
|
|
|
10-14-2007, 09:33 AM
|
#6
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
OK from the other lan machine can you login into the sshd machine using the lan IP of the sshd machine?
If not then the port is close os sshd is not up, or sshd is not configured correctly.
Since you have a live version cd on the other machine see if it has nmap or front-end gui interfaces for namp and scan the sshd machine.
For the remote portscan you have to tell it to search for port 22. port 22 is not in the default search.
Now if you were using the external IP when trying to connect to the sshd machine from another lan machine meaning you are acting like you were on the outside. Then it will more than likely not work. It is the basic store bought routers just lack the ability to redirect onto itself.
Brian
|
|
|
10-15-2007, 03:42 PM
|
#7
|
Member
Registered: Oct 2007
Distribution: Fedora, openSUSE
Posts: 252
Original Poster
Rep:
|
Quote:
OK from the other lan machine can you login into the sshd machine using the lan IP of the sshd machine?
|
Oops! Yes I can :"). Sorry, I was certain I'd already tried that, it's such an obvious thing to do. Feel like a right idiot now. Oh well, thanks for your help!
|
|
|
10-15-2007, 04:32 PM
|
#8
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
So you have it working?
If so glad to see you have it going.
Brian
|
|
|
10-15-2007, 06:09 PM
|
#9
|
LQ Newbie
Registered: Oct 2007
Posts: 1
Rep:
|
How to test for an open port
telnet ip ####
#### = port #.
Doesn't matter what network service is involved, you should get a CONNECTED response like this:
> telnet xxx.xxx.xxx.xxx 43
Trying...
Connected to iap0ito0.
Or, if a firewall or closed port issue exists then you'll get a REFUSED response like this:
> telnet xxx.xxx.xxx.xxx 43
Trying...
telnet: Unable to connect to remote host: Connection refused
|
|
|
10-16-2007, 10:59 AM
|
#10
|
Member
Registered: Oct 2007
Distribution: Fedora, openSUSE
Posts: 252
Original Poster
Rep:
|
Yeah it's working on the LAN now, thanks. Haven't tried it externally yet, but I guess it should be fine so long as port forwarding's working ok on the router.
|
|
|
10-18-2007, 04:38 PM
|
#11
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
Glad to see you have it working.
Brian
|
|
|
All times are GMT -5. The time now is 02:07 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|