Jump to content
Jza

Can't ssh to MDK2007

Recommended Posts

I am not sure if its because of security levels but my IP is invisible which means that I can't ping to it nor can I ssh. I thought this was provided by shorewall but I shutdown shorewall and I can't still ssh to the box.

 

I went to the sshd_config and saw that Port 22 was comented, I comented out but that didn't seem to work (yes I restarted the server).

 

Any other idea?

Share this post


Link to post
Share on other sites

A nice easy thing is to do:

 

netstat -tan

 

and see if it's listening on port 22 for requests. The fact you can't ping sounds like you have something running that is blocking it, like shorewall/iptables.

Share this post


Link to post
Share on other sites

First off see if you can ping it from the PC you are trying to ssh into.

 

Try

ping locahost

if it works then

ping <IP>

 

if these work then try

ssh localhost

and

ssh <IP>

 

check the hosts.deny

 

My /etc/ssh/sshd_config

root@linuxmigrations:/etc/ssh# grep -v '#' sshd_config

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes

KeyRegenerationInterval 3600
ServerKeyBits 768

SyslogFacility AUTH
LogLevel INFO

LoginGraceTime 600
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no

PermitEmptyPasswords no
PasswordAuthentication yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes

Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
IgnoreUserKnownHosts no

DenyUsers backup bin bind daemon distccd distmp3 dnsmasq games gnats irc list lp majordom man messagebus msql operator partimag postfix postgres proxy root saned smmsp smmta statd sync sys telnetd uucp www-data
AllowUsers ####################

 

Note, this only allows a single user with a 20 alphanumeric username .... this is deliberate!

I still allow password auth (its a 20 alphanumeric password too) but you can deny this too for security

Share this post


Link to post
Share on other sites

So I checked the sshd_config I didnt see anything abnormal I did comment the Port 22 back again.

 

Host.deny didn't have anyone,

 

ssh_config (client) just have 4 parameters which they all look permisive, even root login was on allow.

 

sshd_config I notice it was NOT using PAM, nor any other authentication Method.

Share this post


Link to post
Share on other sites

Here's a good article on setting up ssh_config and sshd_config files:

 

http://howtos.linux.com/guides/solrhe/Secu...p15sec121.shtml

 

To get more verbose output on your failed ssh login attempts add the "v" switch or, for even more, the "vv" switch, eg:

 

$ ssh -lvv <username> <ip address>

 

With this output you can usually get a fairly good idea of what's going wrong.

Share this post


Link to post
Share on other sites

I think this has nothing to do with ssh since also I can't ping the machine which is pretty odd. I already stop shorewall and most of the logs did record the pinging. But even wtih shorewall off I can't still ping.

 

I also compared both sshd ssh_config between my linux boxes and they all look pretty standard.

Share this post


Link to post
Share on other sites

Check the output of:

 

# ifconfig

 

Make sure your nic drivers are loaded as well. Looks like your network is just misconfigured; the ifconfig output will tell you more.

Share this post


Link to post
Share on other sites
I think this has nothing to do with ssh since also I can't ping the machine which is pretty odd. I already stop shorewall and most of the logs did record the pinging. But even wtih shorewall off I can't still ping.

 

I also compared both sshd ssh_config between my linux boxes and they all look pretty standard.

Perhaps but check it locally first....

 

ie. ssh localhost

 

If you can ssh in locally and by local IP then you know the problem is elsewhere.... otherwise you might spend ages looking ...

Share this post


Link to post
Share on other sites
Perhaps but check it locally first....

 

ie. ssh localhost

 

If you can ssh in locally and by local IP then you know the problem is elsewhere.... otherwise you might spend ages looking ...

 

yes that work with no problems. ssh to localhost even ssh to the network ip work ok.

Share this post


Link to post
Share on other sites
yes that work with no problems. ssh to localhost even ssh to the network ip work ok.

Ok so try on the other PC as well.... just to check the client.

 

If this is the case then you know its in the network somewhere....

Which means its time to work out how the machines get their IP address and what it is and if they are going through a router or switch etc.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...