Jza Posted September 14, 2006 Report Share Posted September 14, 2006 I am not sure if its because of security levels but my IP is invisible which means that I can't ping to it nor can I ssh. I thought this was provided by shorewall but I shutdown shorewall and I can't still ssh to the box. I went to the sshd_config and saw that Port 22 was comented, I comented out but that didn't seem to work (yes I restarted the server). Any other idea? Quote Link to comment Share on other sites More sharing options...
pmpatrick Posted September 14, 2006 Report Share Posted September 14, 2006 Usually, you have to edit /etc/ssh/ssh_config not sshd_config. Post ssh_config. By the way, my sshd_config has Port 22 commented as well and works fine. Quote Link to comment Share on other sites More sharing options...
aioshin Posted September 15, 2006 Report Share Posted September 15, 2006 or try to check the log files for clues :P Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted September 15, 2006 Report Share Posted September 15, 2006 A nice easy thing is to do: netstat -tan and see if it's listening on port 22 for requests. The fact you can't ping sounds like you have something running that is blocking it, like shorewall/iptables. Quote Link to comment Share on other sites More sharing options...
uralmasha Posted September 15, 2006 Report Share Posted September 15, 2006 I experienced that in "higher" security mode I cannot SSH into the system. Have you checked /etc/hosts.deny file? The "higher" security level modifies it. Quote Link to comment Share on other sites More sharing options...
Gowator Posted September 15, 2006 Report Share Posted September 15, 2006 First off see if you can ping it from the PC you are trying to ssh into. Try ping locahost if it works then ping <IP> if these work then try ssh localhost and ssh <IP> check the hosts.deny My /etc/ssh/sshd_config root@linuxmigrations:/etc/ssh# grep -v '#' sshd_config Port 22 Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key UsePrivilegeSeparation yes KeyRegenerationInterval 3600 ServerKeyBits 768 SyslogFacility AUTH LogLevel INFO LoginGraceTime 600 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes IgnoreRhosts yes RhostsRSAAuthentication no HostbasedAuthentication no PermitEmptyPasswords no PasswordAuthentication yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes KeepAlive yes Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes IgnoreUserKnownHosts no DenyUsers backup bin bind daemon distccd distmp3 dnsmasq games gnats irc list lp majordom man messagebus msql operator partimag postfix postgres proxy root saned smmsp smmta statd sync sys telnetd uucp www-data AllowUsers #################### Note, this only allows a single user with a 20 alphanumeric username .... this is deliberate! I still allow password auth (its a 20 alphanumeric password too) but you can deny this too for security Quote Link to comment Share on other sites More sharing options...
Jza Posted September 15, 2006 Author Report Share Posted September 15, 2006 So I checked the sshd_config I didnt see anything abnormal I did comment the Port 22 back again. Host.deny didn't have anyone, ssh_config (client) just have 4 parameters which they all look permisive, even root login was on allow. sshd_config I notice it was NOT using PAM, nor any other authentication Method. Quote Link to comment Share on other sites More sharing options...
pmpatrick Posted September 15, 2006 Report Share Posted September 15, 2006 Here's a good article on setting up ssh_config and sshd_config files: http://howtos.linux.com/guides/solrhe/Secu...p15sec121.shtml To get more verbose output on your failed ssh login attempts add the "v" switch or, for even more, the "vv" switch, eg: $ ssh -lvv <username> <ip address> With this output you can usually get a fairly good idea of what's going wrong. Quote Link to comment Share on other sites More sharing options...
Jza Posted September 15, 2006 Author Report Share Posted September 15, 2006 I think this has nothing to do with ssh since also I can't ping the machine which is pretty odd. I already stop shorewall and most of the logs did record the pinging. But even wtih shorewall off I can't still ping. I also compared both sshd ssh_config between my linux boxes and they all look pretty standard. Quote Link to comment Share on other sites More sharing options...
pmpatrick Posted September 15, 2006 Report Share Posted September 15, 2006 Check the output of: # ifconfig Make sure your nic drivers are loaded as well. Looks like your network is just misconfigured; the ifconfig output will tell you more. Quote Link to comment Share on other sites More sharing options...
Gowator Posted September 15, 2006 Report Share Posted September 15, 2006 I think this has nothing to do with ssh since also I can't ping the machine which is pretty odd. I already stop shorewall and most of the logs did record the pinging. But even wtih shorewall off I can't still ping. I also compared both sshd ssh_config between my linux boxes and they all look pretty standard. Perhaps but check it locally first.... ie. ssh localhost If you can ssh in locally and by local IP then you know the problem is elsewhere.... otherwise you might spend ages looking ... Quote Link to comment Share on other sites More sharing options...
Jza Posted September 16, 2006 Author Report Share Posted September 16, 2006 Perhaps but check it locally first.... ie. ssh localhost If you can ssh in locally and by local IP then you know the problem is elsewhere.... otherwise you might spend ages looking ... yes that work with no problems. ssh to localhost even ssh to the network ip work ok. Quote Link to comment Share on other sites More sharing options...
Gowator Posted September 16, 2006 Report Share Posted September 16, 2006 yes that work with no problems. ssh to localhost even ssh to the network ip work ok. Ok so try on the other PC as well.... just to check the client. If this is the case then you know its in the network somewhere.... Which means its time to work out how the machines get their IP address and what it is and if they are going through a router or switch etc. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.