Lisa, Thanks for in depth response. I'm gonna stop on #2 because I went to that site and typed in port 22 and it replied with: "that We completed the audit and did not find any open ports. This is ideal for the average visitor." So apparently port 22 is not 'open'. Does that mean I need to configure my router or is it something on my computer? On Mon, Nov 17, 2008 at 8:26 PM, Lisa Kachold wrote: > 1) Check your Local Router port forwarding/triggering. > > 2) Verify that port 22 is open: > > http://www.auditmypc.com/firewall-test.asp > > 3) Verify that /etc/ssh/sshd_conf has: > > a) Protocol 2 > b) Root access disabled > > PermitRootLogin no > > c) Listen on 0.0.0.0 > d) Keys setup. > > http://www.linuxsecure.de/index.php?action=33 > > 4) If you are in fact opening up SSH to the internet, you should optimally > setup: > > a) IPTABLES SSH protection rule: (NOTE if you have Suse or RHEL your > iptables are probably setup differently). > > # /sbin/iptables-save >/root/iptables.last > # vi /root/iptables.last > > Verify you have all the basics...and add at bottom: > > -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set > --name SSH > -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update > --seconds 60 --hitcount 8 --rttl --name SSH -j DROP > > then enter > # /sbin/iptables-restore > You can also just drop this into the command line: > > # sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m > recent --set --name SSH > # sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m > recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP > > Be sure to save this for persistence (next restart survival): > > # /etc/init.d/iptables save > > http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/ > > > b) Sshutout or SSHIT wrapper for dictionary and brute force attacks: > > http://www.techfinesse.com/sshutout/sshutout.html > > > 5) Still not working? > > a) Check SELINUX > > b) Check the logs on the server. > > c) Run a sniffer and watch while you try. > > # tcpdump >file > # grep $login file > > Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis | > http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452 > ________________________________ >> From: phrkonaleash@gmail.com >> To: plug-discuss@lists.plug.phoenix.az.us >> Subject: Re: ssh problems >> Date: Mon, 17 Nov 2008 19:56:00 -0700 >> >> On Mon November 17 2008 07:44:11 pm Mike Hoy wrote: >> > Hi, >> > >> > I just set up ssh server on this computer and was able to connect like >> > this: >> > >> > ssh localhost >> > >> > and from my laptop connected to the same router like this >> > >> > ssh username@192.168.1.100 >> > >> > Now I take it that I'm going to need my real ip address so I tried >> > that and I got >> > >> > ssh: connect to host IP_ADDRESS port 22: Connection refused >> > >> > I thought it may have something to do with my router so I forwarded >> > port 22 to this machine and same error. Any thoughts as to what's >> > going on? I need to be able to connect to this machine from work >> > tomorrow. >> >> Hi MIke, >> >> There are two problems most likely, imo... DHCP is giving you a new ip >> address >> (either on the router or your ISP) or that our ISP simply does not allow >> you >> to connect to port 22... This is common on port 80 but i am not so sure on >> 22. >> >> try doing a traceroute on it, and when the trace dies, do an nslookup on >> that >> site and see if that's one of your ISP's then call them up and bitch em >> out. >> >> if you think it may be a dhcp problem try a dynamic dns service like >> dyndns.org (I use it quite wonderfully, with a package called ddclient in >> debian apt) If you don't have a domain name on your system this will >> provide >> you with a free *.dyndns.org domain name, which again, quite nice >> >> If these don't work for you, someone else will help :) >> >> ~Ryan >> >> >> -- >> Thanks and best regards, >> Ryan Rix >> TamsPalm - The PalmOS Blog >> >> I begin to wonder if randomized sigs really accomplish anything. >> >> >> > > ________________________________ > Stay up to date on your PC, the Web, and your mobile phone with Windows Live > Click here > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- Mike Hoy --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss