LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 12-29-2010, 11:18 PM   #1
Choragos
LQ Newbie
 
Registered: Dec 2010
Posts: 4

Rep: Reputation: 0
SSH on multiple computers in the same network


Hello all. I am 100% sure that this question has been asked before, but I'll be damned if I can find it.

I am setting up my home network. Currently, I have one computer (Munchen) which I have set in my router to receive SSH requests. This works just fine; I can SSH into that box from anywhere. I just put together a new computer, which I want to be a file repository, my ftp server, my http server, etc. What I would like is to be able to SSH into that machine from anywhere, then SSH into the other computers on that network from there.

Here is where I really don't understand the concept of what is going on. I can SSH past the router into one computer just fine either from anywhere (that makes sense to me). I can SSH from my new computer (Chemnitz) into Munchen (which is where the router points to and is running sshd) by using its local IP address, but I can't go from Munchen to Chemnitz (even though the server is running and the firewall should be allowing the connection). What am I missing? Is there a tutorial that covers all of this nonsense? In his first post, this guy has done what I want to do:

http://www.linuxquestions.org/questi...rewall-474754/

I would appreciate any help. Details of the system setup are below.

Munchen (receives all port 22 requests now)
Ubuntu 10.04

Chemnitz (I want to receive all port 22 requests and SSH into other computers on the network from it. Ultimately it will be a file sharing box, hosting a webpage, running an ftp server, etc.)
Fedora 14
 
Old 12-29-2010, 11:29 PM   #2
Choragos
LQ Newbie
 
Registered: Dec 2010
Posts: 4

Original Poster
Rep: Reputation: 0
I guess I should clarify:

if Munchen is 192.168.0.10, and Chemnitz is 192.168.0.15 then I can do the following:

Quote:
ssh 192.168.0.10
just fine from Chemnitz, but can't do the opposite:

Quote:
ssh 192.168.0.15
Is this because I misunderstand how the router works or is it a software setting in my new Fedora setup?

Thanks.
 
Old 12-30-2010, 04:57 AM   #3
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,338

Rep: Reputation: 259Reputation: 259Reputation: 259
What do you mean by "but I can't do" - you get an error, the system freezes, the system hangs. When you add -vvv to ssh, do you get any hint?
 
Old 12-30-2010, 05:24 AM   #4
ubyt3m3
Member
 
Registered: Apr 2008
Distribution: Slackware64 13.37, Solaris 10, RHEL5/6
Posts: 92

Rep: Reputation: 19
You are not logging into your Fedora 14 box as root, are you? root log in from ssh is disabled by default.

If that's not the case, you can try disabling firewall and ssh into Chemnitz. If this works, your firewall setting has a problem. Please post the output from "iptables -L".

If disabling firewall still doesn't allow you to log in, the problem lies somewhere else...

-gibb
 
Old 12-30-2010, 10:37 AM   #5
Choragos
LQ Newbie
 
Registered: Dec 2010
Posts: 4

Original Poster
Rep: Reputation: 0
My apologies-- I get a 'no route to host, port 22' error. Also -vvv didn't add any information.

In short, this SHOULD be working in principle? It's likely a setting error on Chemnitz?

Thanks for the help!

Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251         state NEW udp dpt:mdns 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
 
Old 12-30-2010, 10:44 AM   #6
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,338

Rep: Reputation: 259Reputation: 259Reputation: 259
What's the output of the route command? Can Munich SSH its own address?
 
Old 12-30-2010, 11:37 AM   #7
ubyt3m3
Member
 
Registered: Apr 2008
Distribution: Slackware64 13.37, Solaris 10, RHEL5/6
Posts: 92

Rep: Reputation: 19
Try opening port 22 in your iptables before the REJECT entry.
Something like this:
Code:
iptables -I INPUT 3 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
See if that helps.

Oh don't forget to save the change before you reboot your system.
Code:
service iptables save
-gibb

Last edited by ubyt3m3; 12-30-2010 at 11:38 AM.
 
1 members found this post helpful.
Old 12-30-2010, 11:48 AM   #8
Choragos
LQ Newbie
 
Registered: Dec 2010
Posts: 4

Original Poster
Rep: Reputation: 0
Solved!

ubyt3m3:
That got it. Thanks. I used the gui to allow the ssh port through the firewall. I guess it just reinforces: learn your command line.

Reuti, just for completeness should someone else have the same problem:
Yes, Munchen can SSH into itself.
Route output from Chemnitz:
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     *               255.255.255.0   U     1      0        0 eth0
default         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
I appreciate your help, thank you very much.
 
Old 12-30-2010, 11:52 AM   #9
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,191
Blog Entries: 21

Rep: Reputation: 151Reputation: 151
It sounds like Munchen is failing to use a source address that Chemnitz can route back with, or that Munchen will use the correct interface with (if there is more than one).

Does Munchen have two interfaces or just one? Is there a separate LAN segment between the router and Munchen that Chemnitz is not on (for example, for security purpose)?

Knowing ALL the IP addresses (of all interfaces) and ALL the route table data (by IP address) could be helpful. A physical topology map at the level that includes hubs/switches could also help clear of what can reach what by MAC address.

If Munchen and Chemnitz are IPv6 ready, they should each have a "Scope:link" IPv6 address that begins with "fe80::" and ends with "/64", as shown in the output of "ifconfig" for that interface. If both machines have these, then you can try to see if Munchen can ping Chemnitz by Chemnitz's scope:link IPv6 address, using the ping6 command, with the string "%eth0" (or use whatever the correct interface name is) appended to the address.

Example of me pinging one of my servers from my desktop:
Code:
lorentz/phil /home/phil 267> ping6 -c 3 fe80::225:90ff:fe11:6774%eth0
PING fe80::225:90ff:fe11:6774%eth0(fe80::225:90ff:fe11:6774) 56 data bytes
64 bytes from fe80::225:90ff:fe11:6774: icmp_seq=1 ttl=64 time=0.228 ms
64 bytes from fe80::225:90ff:fe11:6774: icmp_seq=2 ttl=64 time=0.145 ms
64 bytes from fe80::225:90ff:fe11:6774: icmp_seq=3 ttl=64 time=0.203 ms

--- fe80::225:90ff:fe11:6774%eth0 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.145/0.192/0.228/0.034 ms
lorentz/phil /home/phil 268>
The advantage of this test is it does not use the route table.

If ping6 works in both directions, then ssh should work, too, when using IPv6 addresses. If IPv6 works, then it's most likely an IPv4 routing issue. Seeing the output of "route -n" from both Munchen and Chemnitz, as well as "ifconfig" output for all interfaces, may help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Shutdown multiple computers via ssh, try different passwords genderbender Programming 10 10-01-2010 03:59 PM
ANNOYING FREEZES: Happens on multiple distributions on multiple computers. keithieopia Linux - Software 26 02-23-2009 03:36 PM
SSH to multiple computers behind firewall hazmatt20 Linux - Networking 13 08-17-2006 02:32 PM
Using GPG Keys on Multiple Computers General_Tso Linux - Security 5 10-06-2004 11:37 AM
compiling on multiple computers Peluso Linux - Software 3 08-30-2004 01:26 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration