Re: ssh problems

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Mike Hoy
Date:  
To: Main PLUG discussion list
Subject: Re: ssh problems
Lisa,

Thanks for in depth response. I'm gonna stop on #2 because I went to
that site and typed in port 22 and it replied with: "that We completed
the audit and did not find any open ports.
This is ideal for the average visitor."

So apparently port 22 is not 'open'. Does that mean I need to
configure my router or is it something on my computer?

On Mon, Nov 17, 2008 at 8:26 PM, Lisa Kachold <> wrote:
> 1) Check your Local Router port forwarding/triggering.
>
> 2) Verify that port 22 is open:
>
> http://www.auditmypc.com/firewall-test.asp
>
> 3) Verify that /etc/ssh/sshd_conf has:
>
> a) Protocol 2
> b) Root access disabled
>
> PermitRootLogin                 no

>
> c) Listen on 0.0.0.0
> d) Keys setup.
>
> http://www.linuxsecure.de/index.php?action=33
>
> 4) If you are in fact opening up SSH to the internet, you should optimally
> setup:
>
> a) IPTABLES SSH protection rule: (NOTE if you have Suse or RHEL your
> iptables are probably setup differently).
>
> # /sbin/iptables-save >/root/iptables.last
> # vi /root/iptables.last
>
> Verify you have all the basics...and add at bottom:
>
> -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set
> --name SSH
> -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update
> --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
>
> then enter
> # /sbin/iptables-restore </root/iptables.last
>
> You can also just drop this into the command line:
>
> # sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m
> recent --set --name SSH
> # sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m
> recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
>
> Be sure to save this for persistence (next restart survival):
>
> # /etc/init.d/iptables save
>
> http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/
>
>
> b) Sshutout or SSHIT wrapper for dictionary and brute force attacks:
>
> http://www.techfinesse.com/sshutout/sshutout.html
>
>
> 5) Still not working?
>
> a) Check SELINUX
>
> b) Check the logs on the server.
>
> c) Run a sniffer and watch while you try.
>
> # tcpdump >file
> # grep $login file
>
> Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis |
> http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452
> ________________________________
>> From:
>> To:
>> Subject: Re: ssh problems
>> Date: Mon, 17 Nov 2008 19:56:00 -0700
>>
>> On Mon November 17 2008 07:44:11 pm Mike Hoy wrote:
>> > Hi,
>> >
>> > I just set up ssh server on this computer and was able to connect like
>> > this:
>> >
>> > ssh localhost
>> >
>> > and from my laptop connected to the same router like this
>> >
>> > ssh username@192.168.1.100
>> >
>> > Now I take it that I'm going to need my real ip address so I tried
>> > that and I got
>> >
>> > ssh: connect to host IP_ADDRESS port 22: Connection refused
>> >
>> > I thought it may have something to do with my router so I forwarded
>> > port 22 to this machine and same error. Any thoughts as to what's
>> > going on? I need to be able to connect to this machine from work
>> > tomorrow.
>>
>> Hi MIke,
>>
>> There are two problems most likely, imo... DHCP is giving you a new ip
>> address
>> (either on the router or your ISP) or that our ISP simply does not allow
>> you
>> to connect to port 22... This is common on port 80 but i am not so sure on
>> 22.
>>
>> try doing a traceroute on it, and when the trace dies, do an nslookup on
>> that
>> site and see if that's one of your ISP's then call them up and bitch em
>> out.
>>
>> if you think it may be a dhcp problem try a dynamic dns service like
>> dyndns.org (I use it quite wonderfully, with a package called ddclient in
>> debian apt) If you don't have a domain name on your system this will
>> provide
>> you with a free *.dyndns.org domain name, which again, quite nice
>>
>> If these don't work for you, someone else will help :)
>>
>> ~Ryan
>>
>>
>> --
>> Thanks and best regards,
>> Ryan Rix
>> TamsPalm - The PalmOS Blog
>>
>> I begin to wonder if randomized sigs really accomplish anything.
>>
>>
>>
>
> ________________________________
> Stay up to date on your PC, the Web, and your mobile phone with Windows Live
> Click here
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>




--
Mike Hoy
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss