ssh in network

Lisa Kachold lisakachold at obnosis.com
Sun Apr 1 19:28:06 MST 2012 

Okay ....

Are you colorblind?
Knowing one's limitations is good.  Now you can watch to make sure you
follow each email thread and address each item; I have noticed you miss
things frequently.  Linux troubleshooting is very specific; be careful to
read the full thread, and respond inline.

Let's address each item until we resolve things:

On Sun, Apr 1, 2012 at 5:49 PM, Michael Havens <bmike1 at gmail.com> wrote:

> >A route add command is not persistent past a reboot or network restart.
>
> It seems to have been. I rebooted and still can't ssh from the laptop to
> the ubuntu.


But you couldn't also ssh **BEFORE you did the route add so these are two
different things.

>
>
>> Mike, ONE of your systems is on your Wireless and the other is on the
>>> wired?  Sometimes wireless to wired connections take longer than the
>>> timeout values for ssh or scp.  Try putting them both on either wireless or
>>> wired and see if that's more successful?
>>>
>>
> okay.... I just connected the laptop to the router via a wire but it still
> times out
>
>
>> Timeouts could be why you get a no route to host.
>>>
>>> Verify that both boxes have a default route:
>>>
>>> # sudo netstat -rn
>>>
>>
> Kernel IP routing table <print server>
> Destination     Gateway         Genmask         Flags   MSS Window  irtt
> Iface
> 0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0
> eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
> eth0
> 192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0
> eth0
>

Good you have a default route via eth0.

>
> Kernel IP routing table <laptop>
> Destination     Gateway         Genmask         Flags   MSS Window  irtt
> Iface
> 0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0
> eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
> wlan0
> 192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0
> eth0
> 192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0
> wlan0
>
> You have a default route to the 192.168.0.1 network, but you also have 2
routes to both eth0 and wlan0 (wireless and wired):

Take down your wlan (are you using wicd?)
Try first to use your Gnome or KDE to take down the wireless.

There are some known issues with wlan0 wireless slowness under Ubuntu:
http://www.hitxp.com/articles/software/ubuntu-fix-slow-wireless-internet-connection-speed-upgrading-11-04-natty-narwhal/

Essentially power management turns it down by default, so we just enter:

*# sudo iwconfig wlan0 power off*

So, let's concentrate on wired for now:

Leave it down for now, and just use your wired connection:

So after you turn off the Wireless using your Network settings by right
clicking the network wireless, enter at a terminal:

# sudo /etc/init.d/networking restart


>
>>> Verify that both boxes have a listening ssh daemon:
>>>
>>> # sudo netstat -antp | grep 22
>>>
>> tcp        0      0 0.0.0.0:22              0.0.0.0:*
> LISTEN      433/sshd
> <ubuntu>
> tcp        0      0 0.0.0.0:139             0.0.0.0:*
> LISTEN      12243/smbd
> tcp        0      0 0.0.0.0:445             0.0.0.0:*
> LISTEN      12243/smbd
> <laptop>
>
Good you have sshd listening on port 22 on ubuntu.
You do NOT have sshd (daemon) listening on your laptop.

Be sure you have started it if you want to ssh to the laptop from ubuntu:

# sudo /etc/init.d/ssh start

In order to make sure ssh starts at boot in Ubuntu:

# sudo update-rc.d ssh defaults

Reference:  https://help.ubuntu.com/community/UbuntuBootupHowto

>
>>> Make sure you haven't installed DenyHosts or iptables that limits your
>>> connections:
>>>
>>> # locate Deny |more
>>> # sudo iptables-save |more
>>>
>>> sudo locate Deny|more <------------------no respose
> sudo locate iptables-save|more
>   /sbin/iptables-save
>   /usr/share/man/man8/iptables-save.8.gz
>
enter
# sudo iptables-save
You are looking to see if your iptables is up and configured to firewall
ssh.  Dump the response in here.

>
>
>> What - are you running ddclient for?
>>>  If you can't properly resolve DNS, you will not be able to ssh:
>>>
>>> I don't even know what ddclient is.
> It must have been started automatically by something.
>
ddclient is giving that error.

>
>
>> Please see this link regarding your ddclient errors:
>>>
>>> http://www.linuxquestions.org/questions/linux-wireless-networking-41/wifi-connects-but-no-network-access-but-wired-works-880213/
>>>
>> Oops, sorry wrong link! ddclient is for opendns dynamic dns entries, that
logs into your provider and resets a public ip when needed.  Turn it down
for now:

*# sudo /etc/init.d/ddclient stop*

Here's how to set it up (once you get ssh setup); it requires an opendns
account.
http://ubuntuforums.org/showthread.php?t=1264710

>
> I went to the link and found nothing regarding the ddclient warning. It
> was only mentioned in the output of a  poster tail command.
>
>
>>>>
>>>>>  Add this to /etc/hosts.allow:
>>>>>>>
>>>>>>>   /etc/hosts.allow looks:
>>>>>>>
>>>>>>> ALL : 127.0.0.1
>>>>>>> sshd : 192.168.0.0/24, 78.207.132.32
>>>>>>>
>>>>>>> This example shows an external address you might want to use to
>>>>>>> connect from outside your internal network (once you open or port forward
>>>>>>> port 22).
>>>>>>>
>>>>>>> This is the hosts.allow file that I added. Does this look right?
>>>>
>>>
>>>> ALL : 127.0.0.1
>>>> sshd : 192.168.0.0/24, 192.168.0.1/24, 192.168.0.2/24, 192.168.0.3/24,
>>>> 192.168.$ <this goes on to x.y.z.10/24>
>>>> #shows address to use from outside of network#, 78.207.132.32
>>>>
>>>
>>> No, you need that 78.207.132.32 on the SAME line with either ALL or
>>> sshd: or commented out.
>>>
>>> And 192.168.$ might cause problems.  Change it to a safe entry:
>>> <-------that wa snly mores output to say there was more to it. it goes on
>>> to x.y.z.10/24>.... oh. now I see the error of my ways. 192.168 is in the
>>> /16 network. silly me!
>>>
>>> ############cut here############
>>> ALL : 127.0.0.1
>>> sshd : 192.168.0.0/16, 78.207.132.32 <http://192.168.0.0/24>
>>> ###########end ###############
>>>
>>
> What is that 78.207.132.32 anyways? I know you say it is to connect to my
> network from elsewhere but how would I do that? would it be ssh
> 78.207.132.32:<user>@<computer>?
>
Remove the 78.207-blah address


>
>>> make is already its current version
>>>
>>> # sudo apt-get update <-------------it still says it is the newest
>>> version
>>>
>> # sudo apt-get update
Says your system is updated, if it runs?  Correct?

>
>>>
>>> Also setup your /etc/hosts file on both servers following these
>>> suggestions:
>>> http://linux.about.com/od/commands/l/blcmdl5_hosts.htm
>>>
>>> Should look like this (except with all your hostnames on your network -
>>> be sure to put the same one on all your linux boxes):
>>>
>>>  127.0.0.1       localhost
>>>  192.168.1.10    foo.mydomain.org       foo
>>>  192.168.1.13    bar.mydomain.org       bar
>>>
>>> already done (file existed with the proper information.
>
> Each ipaddress should match the hostname and ip of the addresses on the
network that need to ssh to and from each other.

Check your /etc/nsswitch.conf file to be sure it has

"hosts:      dns files"

Reference:  http://www.faqs.org/docs/securing/chap6sec71.html

Then ping each server before trying to reconnect with ssh.

I am pretty sure that this will work now that you have them both on
the same network.

Be sure you don't have any iptables running denying your port 22 on
both servers!


-- 
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20120401/a9ab53d2/attachment.html>

More information about the PLUG-discuss mailing list