I forgot to mention that they can all ping each other On Sun, Mar 18, 2012 at 5:01 PM, Michael Havens wrote: > it is strange and I think related to the printing issue that when I try to > ssh from the server to the laptop the connection is refused but when I try > the other way the connection times out. Does that little piece of > information help any? > --more info-- > ssh server to xp=timeout > ssh laptopto XP= timeout > ssh xp to laptop=connection refused (cygwin) > ssh xp to server=connection timeout (cygwin) > > > On Sun, Mar 18, 2012 at 4:21 PM, Michael Havens wrote: > >> >> >> On Sat, Mar 17, 2012 at 6:35 AM, Lisa Kachold wrote: >> >>> Good Job Michael! You have negotiated the ufw. Keep in mind that you >>> would not want to open all this on a traveling laptop (since it would >>> expose trusted services to all). Now just because you have opened the >>> ports on one system, you can't be sure they are actually "seen" from the >>> other system without a test? >>> >>> From the other system, now run: >>> >>> # nmap $thissystem >>> >>> Did you see 22 tcp open from the other system NOW? >>> >>> no. >> >> bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.4 (laptops ip) >> >> Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:11 MST >> Nmap scan report for 192.168.0.4 >> Host is up (0.000022s latency). >> Not shown: 999 closed ports >> PORT STATE SERVICE >> 631/tcp open ipp >> >> Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds >> >> bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.3 (print servers ip) >> >> Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:12 MST >> Nmap scan report for 192.168.0.3 >> Host is up (0.0020s latency). >> Not shown: 997 filtered ports >> PORT STATE SERVICE >> 139/tcp open netbios-ssn >> 443/tcp open https >> 445/tcp open microsoft-ds >> MAC Address: 00:09:6B:78:AB:F0 (IBM) >> >> Nmap done: 1 IP address (1 host up) scanned in 12.29 seconds >> bmike1@Michaels-Laptop ~ $ >> >> Make sure it's enabled for the service via ufw (on the target system): >>> >>> # sudo ufw allow ssh >>> >>> it said the rule already exists. >> >> >>> It appears that your ssh is timing out, but the logs can tell you why: >>> >>> On the target system: >>> >>> # tail /var/log/messages >>> or >>> # tail /var/log/secure >>> >>> it responded '...no such file...' >> >> Sshd is setup by default for strict host checking, so you MUST have an >>> acceptable /etc/hosts file configuration: >>> >>> There must be a hostname that matches your host entry, which matches >>> your IP address. >>> >> >> Here is now my /etc/hosts file >> >> 127.0.0.1 localhost >> 127.0.1.1 Michaels-PC >> ##################### >> #added >> 192.168.0.2 SonyDesktop <-this is the computer name..... if I'm >> supposed to put something else in please >> tell me how to get that >> info on an XP >> 192.168.0.4 Michaels-Laptop <-I put the computer name in because >> that is what is in there in /etc/hosts >> [127.0.0.1 (computer >> name)] >> #added >> ##################### >> # The following lines are desirable for IPv6 capable hosts >> ::1 ip6-localhost ip6-loopback >> fe00::0 ip6-localnet >> ff00::0 ip6-mcastprefix >> ff02::1 ip6-allnodes >> ff02::2 ip6-allrouters >> >> >> >>> You can also do a couple of ssh daemon "hacks", by editing the >>> /etc/ssh/sshd_config file: >>> >>> If I do this I don't need to worry about /etc/hosts? >> >> >>> a) Allow root ssh (which is disallowed by default) [What command are you >>> running from the other system to get here? As root?]: >>> >>> Find out line that read as follows: >>> *PermitRootLogin no* >>> Set it as follows: >>> *PermitRootLogin yes* >>> >>> b) Disable Strict >>> *StrictHostKeyChecking* *yes >>> *set it as follows:* >>> **StrictHostKeyChecking* *no* >>> >>> c) Change/extend the timeouts: >>> >>> *ServerAliveInterval 100* >>> >>> >>> These changes can be used to provide more information on why you are not >>> connecting. >>> >>> ALWAYS remember to copy your original CONFIGS to backup before editing >>> so you can seamlessly roll forward and back. >>> >>> Don't forget to restart ssh daemon after making configuration changes! >>> >>> Nope... didn't work. >> >> >>> >>> >> On Fri, Mar 16, 2012 at 11:00 PM, James Mcphee wrote: >>> >>>> if you're opening that much, just disable iptables until you figure out >>>> what you need to leave open. >>>> On Mar 16, 2012 6:06 PM, "Michael Havens" wrote: >>>> >>>>> hmmmmmm..... opening the ports didn't help any. I opened: >>>>> >>>>> bmike1@Michaels-PC:~$ sudo ufw status >>>>> Status: active >>>>> >>>>> To Action From >>>>> -- ------ ---- >>>>> 22 ALLOW Anywhere >>>>> 137 ALLOW Anywhere >>>>> 138 ALLOW Anywhere >>>>> 139 ALLOW Anywhere >>>>> 445 ALLOW Anywhere >>>>> 389 ALLOW Anywhere >>>>> 901 ALLOW Anywhere >>>>> 53 ALLOW Anywhere >>>>> 80 ALLOW Anywhere >>>>> 110 ALLOW Anywhere >>>>> 143 ALLOW Anywhere >>>>> 443 ALLOW Anywhere >>>>> 631 ALLOW Anywhere >>>>> 993 ALLOW Anywhere >>>>> 995 ALLOW Anywhere >>>>> 5800 ALLOW Anywhere >>>>> 5900 ALLOW Anywhere >>>>> 9418 ALLOW Anywhere >>>>> 8080 ALLOW Anywhere >>>>> 22 ALLOW Anywhere (v6) >>>>> 137 ALLOW Anywhere (v6) >>>>> 138 ALLOW Anywhere (v6) >>>>> 139 ALLOW Anywhere (v6) >>>>> 445 ALLOW Anywhere (v6) >>>>> 389 ALLOW Anywhere (v6) >>>>> 901 ALLOW Anywhere (v6) >>>>> 53 ALLOW Anywhere (v6) >>>>> 80 ALLOW Anywhere (v6) >>>>> 110 ALLOW Anywhere (v6) >>>>> 143 ALLOW Anywhere (v6) >>>>> 443 ALLOW Anywhere (v6) >>>>> 631 ALLOW Anywhere (v6) >>>>> 993 ALLOW Anywhere (v6) >>>>> 995 ALLOW Anywhere (v6) >>>>> 5800 ALLOW Anywhere (v6) >>>>> 5900 ALLOW Anywhere (v6) >>>>> 9418 ALLOW Anywhere (v6) >>>>> 8080 ALLOW Anywhere (v6) >>>>> >>>>> bmike1@Michaels-PC:~$ >>>>> >>>>> >>>>> What else do you think I should open? >>>>> >>>>> >>>>> On Fri, Mar 16, 2012 at 10:44 AM, Michael Havens wrote: >>>>> >>>>>> look what I found in my quest to open ports for printing: I found a >>>>>> program called ufw which is a 'program for managing a netfilter >>>>>> firewall.' And one of the commands is: >>>>>> >>>>>> ufw allow 53 >>>>>> This rule will allow tcp and udp port 53 to any address on >>>>>> this >>>>>> host. >>>>>> >>>>>> Which is the printers port?... of course 631. my search engine is >>>>>> givong me another: 515? But both of my computers print. >>>>>> Do you know if I can specify more than one port in the command? >>>>>> oops... I just found the correct syntax: >>>>>> ufw allow 18:25,50:110,130:150,389:445, >>>>>> 631,900:1000,5800:5900,8080,9418 >>>>>> the man page says I'm allowed 15 numbers in there. No spaces, >>>>>> separated by a coma, and ranges (x:y ) count as two numbers. >>>>>> >>>>>> What other ports does the great brain known as PLUG believe is good >>>>>> to open? >>>>>> I think ufw is basically a program to make iptables easier. Or do >>>>>> you want to give me a tutelage on iptables. I'm willing if you are! Does >>>>>> anyone have any pointers about ufw? >>>>>> >>>>>> ufw probably is an acronym for unix fire wall. or perhaps ubuntu >>>>>> fire wall. >>>>>> >>>>>> >>>>> >>> -- >>> (503) 754-4452 Android >>> (623) 239-3392 Skype >>> (623) 688-3392 Google Voice >>> ** >>> it-clowns.com >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> --------------------------------------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >>> >> >> >> >> -- >> :-)~MIKE~(-: >> > > > > -- > :-)~MIKE~(-: > -- :-)~MIKE~(-: