ssh problems
Lisa Kachold
lisakachold at obnosis.com
Mon Nov 17 20:26:02 MST 2008
1) Check your Local Router port forwarding/triggering.
2) Verify that port 22 is open:
http://www.auditmypc.com/firewall-test.asp
3) Verify that /etc/ssh/sshd_conf has:
a) Protocol 2
b) Root access disabled
PermitRootLogin no
c) Listen on 0.0.0.0
d) Keys setup.
http://www.linuxsecure.de/index.php?action=33
4) If you are in fact opening up SSH to the internet, you should optimally setup:
a) IPTABLES SSH protection rule: (NOTE if you have Suse or RHEL your iptables are probably setup differently).
# /sbin/iptables-save >/root/iptables.last
# vi /root/iptables.last
Verify you have all the basics...and add at bottom:
-A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
-A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
then enter
# /sbin/iptables-restore </root/iptables.last
You can also just drop this into the command line:
# sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
# sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
Be sure to save this for persistence (next restart survival):
# /etc/init.d/iptables save
http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/
b) Sshutout or SSHIT wrapper for dictionary and brute force attacks:
http://www.techfinesse.com/sshutout/sshutout.html
5) Still not working?
a) Check SELINUX
b) Check the logs on the server.
c) Run a sniffer and watch while you try.
# tcpdump >file
# grep $login file
Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452
> From: phrkonaleash at gmail.com
> To: plug-discuss at lists.plug.phoenix.az.us
> Subject: Re: ssh problems
> Date: Mon, 17 Nov 2008 19:56:00 -0700
>
> On Mon November 17 2008 07:44:11 pm Mike Hoy wrote:
> > Hi,
> >
> > I just set up ssh server on this computer and was able to connect like
> > this:
> >
> > ssh localhost
> >
> > and from my laptop connected to the same router like this
> >
> > ssh username at 192.168.1.100
> >
> > Now I take it that I'm going to need my real ip address so I tried
> > that and I got
> >
> > ssh: connect to host IP_ADDRESS port 22: Connection refused
> >
> > I thought it may have something to do with my router so I forwarded
> > port 22 to this machine and same error. Any thoughts as to what's
> > going on? I need to be able to connect to this machine from work
> > tomorrow.
>
> Hi MIke,
>
> There are two problems most likely, imo... DHCP is giving you a new ip address
> (either on the router or your ISP) or that our ISP simply does not allow you
> to connect to port 22... This is common on port 80 but i am not so sure on
> 22.
>
> try doing a traceroute on it, and when the trace dies, do an nslookup on that
> site and see if that's one of your ISP's then call them up and bitch em out.
>
> if you think it may be a dhcp problem try a dynamic dns service like
> dyndns.org (I use it quite wonderfully, with a package called ddclient in
> debian apt) If you don't have a domain name on your system this will provide
> you with a free *.dyndns.org domain name, which again, quite nice
>
> If these don't work for you, someone else will help :)
>
> ~Ryan
>
>
> --
> Thanks and best regards,
> Ryan Rix
> TamsPalm - The PalmOS Blog
>
> I begin to wonder if randomized sigs really accomplish anything.
>
>
>
_________________________________________________________________
Stay up to date on your PC, the Web, and your mobile phone with Windows Live
http://clk.atdmt.com/MRT/go/119462413/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081118/1aaf5e2a/attachment.htm
More information about the PLUG-discuss
mailing list