it is strange and I think related to the printing issue that when I try to ssh from the server to the laptop the connection is refused but when I try the other way the connection times out. Does that little piece of information help any? --more info-- ssh server to xp=timeout ssh laptopto XP= timeout ssh xp to laptop=connection refused (cygwin) ssh xp to server=connection timeout (cygwin) On Sun, Mar 18, 2012 at 4:21 PM, Michael Havens wrote: > > > On Sat, Mar 17, 2012 at 6:35 AM, Lisa Kachold wrote: > >> Good Job Michael! You have negotiated the ufw. Keep in mind that you >> would not want to open all this on a traveling laptop (since it would >> expose trusted services to all). Now just because you have opened the >> ports on one system, you can't be sure they are actually "seen" from the >> other system without a test? >> >> From the other system, now run: >> >> # nmap $thissystem >> >> Did you see 22 tcp open from the other system NOW? >> >> no. > > bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.4 (laptops ip) > > Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:11 MST > Nmap scan report for 192.168.0.4 > Host is up (0.000022s latency). > Not shown: 999 closed ports > PORT STATE SERVICE > 631/tcp open ipp > > Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds > > bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.3 (print servers ip) > > Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:12 MST > Nmap scan report for 192.168.0.3 > Host is up (0.0020s latency). > Not shown: 997 filtered ports > PORT STATE SERVICE > 139/tcp open netbios-ssn > 443/tcp open https > 445/tcp open microsoft-ds > MAC Address: 00:09:6B:78:AB:F0 (IBM) > > Nmap done: 1 IP address (1 host up) scanned in 12.29 seconds > bmike1@Michaels-Laptop ~ $ > > Make sure it's enabled for the service via ufw (on the target system): >> >> # sudo ufw allow ssh >> >> it said the rule already exists. > > >> It appears that your ssh is timing out, but the logs can tell you why: >> >> On the target system: >> >> # tail /var/log/messages >> or >> # tail /var/log/secure >> >> it responded '...no such file...' > > Sshd is setup by default for strict host checking, so you MUST have an >> acceptable /etc/hosts file configuration: >> >> There must be a hostname that matches your host entry, which matches your >> IP address. >> > > Here is now my /etc/hosts file > > 127.0.0.1 localhost > 127.0.1.1 Michaels-PC > ##################### > #added > 192.168.0.2 SonyDesktop <-this is the computer name..... if I'm > supposed to put something else in please > tell me how to get that > info on an XP > 192.168.0.4 Michaels-Laptop <-I put the computer name in because that > is what is in there in /etc/hosts > [127.0.0.1 (computer > name)] > #added > ##################### > # The following lines are desirable for IPv6 capable hosts > ::1 ip6-localhost ip6-loopback > fe00::0 ip6-localnet > ff00::0 ip6-mcastprefix > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > > >> You can also do a couple of ssh daemon "hacks", by editing the >> /etc/ssh/sshd_config file: >> >> If I do this I don't need to worry about /etc/hosts? > > >> a) Allow root ssh (which is disallowed by default) [What command are you >> running from the other system to get here? As root?]: >> >> Find out line that read as follows: >> *PermitRootLogin no* >> Set it as follows: >> *PermitRootLogin yes* >> >> b) Disable Strict >> *StrictHostKeyChecking* *yes >> *set it as follows:* >> **StrictHostKeyChecking* *no* >> >> c) Change/extend the timeouts: >> >> *ServerAliveInterval 100* >> >> >> These changes can be used to provide more information on why you are not >> connecting. >> >> ALWAYS remember to copy your original CONFIGS to backup before editing so >> you can seamlessly roll forward and back. >> >> Don't forget to restart ssh daemon after making configuration changes! >> >> Nope... didn't work. > > >> >> > On Fri, Mar 16, 2012 at 11:00 PM, James Mcphee wrote: >> >>> if you're opening that much, just disable iptables until you figure out >>> what you need to leave open. >>> On Mar 16, 2012 6:06 PM, "Michael Havens" wrote: >>> >>>> hmmmmmm..... opening the ports didn't help any. I opened: >>>> >>>> bmike1@Michaels-PC:~$ sudo ufw status >>>> Status: active >>>> >>>> To Action From >>>> -- ------ ---- >>>> 22 ALLOW Anywhere >>>> 137 ALLOW Anywhere >>>> 138 ALLOW Anywhere >>>> 139 ALLOW Anywhere >>>> 445 ALLOW Anywhere >>>> 389 ALLOW Anywhere >>>> 901 ALLOW Anywhere >>>> 53 ALLOW Anywhere >>>> 80 ALLOW Anywhere >>>> 110 ALLOW Anywhere >>>> 143 ALLOW Anywhere >>>> 443 ALLOW Anywhere >>>> 631 ALLOW Anywhere >>>> 993 ALLOW Anywhere >>>> 995 ALLOW Anywhere >>>> 5800 ALLOW Anywhere >>>> 5900 ALLOW Anywhere >>>> 9418 ALLOW Anywhere >>>> 8080 ALLOW Anywhere >>>> 22 ALLOW Anywhere (v6) >>>> 137 ALLOW Anywhere (v6) >>>> 138 ALLOW Anywhere (v6) >>>> 139 ALLOW Anywhere (v6) >>>> 445 ALLOW Anywhere (v6) >>>> 389 ALLOW Anywhere (v6) >>>> 901 ALLOW Anywhere (v6) >>>> 53 ALLOW Anywhere (v6) >>>> 80 ALLOW Anywhere (v6) >>>> 110 ALLOW Anywhere (v6) >>>> 143 ALLOW Anywhere (v6) >>>> 443 ALLOW Anywhere (v6) >>>> 631 ALLOW Anywhere (v6) >>>> 993 ALLOW Anywhere (v6) >>>> 995 ALLOW Anywhere (v6) >>>> 5800 ALLOW Anywhere (v6) >>>> 5900 ALLOW Anywhere (v6) >>>> 9418 ALLOW Anywhere (v6) >>>> 8080 ALLOW Anywhere (v6) >>>> >>>> bmike1@Michaels-PC:~$ >>>> >>>> >>>> What else do you think I should open? >>>> >>>> >>>> On Fri, Mar 16, 2012 at 10:44 AM, Michael Havens wrote: >>>> >>>>> look what I found in my quest to open ports for printing: I found a >>>>> program called ufw which is a 'program for managing a netfilter >>>>> firewall.' And one of the commands is: >>>>> >>>>> ufw allow 53 >>>>> This rule will allow tcp and udp port 53 to any address on >>>>> this >>>>> host. >>>>> >>>>> Which is the printers port?... of course 631. my search engine is >>>>> givong me another: 515? But both of my computers print. >>>>> Do you know if I can specify more than one port in the command? >>>>> oops... I just found the correct syntax: >>>>> ufw allow 18:25,50:110,130:150,389:445, >>>>> 631,900:1000,5800:5900,8080,9418 >>>>> the man page says I'm allowed 15 numbers in there. No spaces, >>>>> separated by a coma, and ranges (x:y ) count as two numbers. >>>>> >>>>> What other ports does the great brain known as PLUG believe is good to >>>>> open? >>>>> I think ufw is basically a program to make iptables easier. Or do you >>>>> want to give me a tutelage on iptables. I'm willing if you are! Does anyone >>>>> have any pointers about ufw? >>>>> >>>>> ufw probably is an acronym for unix fire wall. or perhaps ubuntu fire >>>>> wall. >>>>> >>>>> >>>> >> -- >> (503) 754-4452 Android >> (623) 239-3392 Skype >> (623) 688-3392 Google Voice >> ** >> it-clowns.com >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> > > > > -- > :-)~MIKE~(-: > -- :-)~MIKE~(-: