Good Job Michael! You have negotiated the ufw. Keep in mind that you
would not want to open all this on a traveling laptop (since it would
expose trusted services to all). Now just because you have opened the
ports on one system, you can't be sure they are actually "seen" from the
other system without a test?
From the other system, now run:
# nmap $thissystem
Did you see 22 tcp open from the other system NOW?
Make sure it's enabled for the service via ufw (on the target system):
# sudo ufw allow ssh
It appears that your ssh is timing out, but the logs can tell you why:
On the target system:
# tail /var/log/messages
or
# tail /var/log/secure
Sshd is setup by default for strict host checking, so you MUST have an
acceptable /etc/hosts file configuration:
There must be a hostname that matches your host entry, which matches your
IP address.
*EXAMPLE*
127.0.0.1 localhost
192.168.1.10 foo.mydomain.org foo
192.168.1.13 bar.mydomain.org bar
146.82.138.7 master.debian.org master
209.237.226.90 www.opensource.org
Reference:
http://manpages.ubuntu.com/manpages/jaunty/man5/hosts.5.html
You can also do a couple of ssh daemon "hacks", by editing the
/etc/ssh/sshd_config file:
a) Allow root ssh (which is disallowed by default) [What command are you
running from the other system to get here? As root?]:
Find out line that read as follows:
*PermitRootLogin no*
Set it as follows:
*PermitRootLogin yes*
b) Disable Strict
*StrictHostKeyChecking* *yes
*set it as follows:*
**StrictHostKeyChecking* *no*
c) Change/extend the timeouts:
*ServerAliveInterval 100*
These changes can be used to provide more information on why you are not
connecting.
ALWAYS remember to copy your original CONFIGS to backup before editing so
you can seamlessly roll forward and back.
Don't forget to restart ssh daemon after making configuration changes!
On Fri, Mar 16, 2012 at 11:00 PM, James Mcphee <
jmcphe@gmail.com> wrote:
> if you're opening that much, just disable iptables until you figure out
> what you need to leave open.
> On Mar 16, 2012 6:06 PM, "Michael Havens" <bmike1@gmail.com> wrote:
>
>> hmmmmmm..... opening the ports didn't help any. I opened:
>>
>> bmike1@Michaels-PC:~$ sudo ufw status
>> Status: active
>>
>> To Action From
>> -- ------ ----
>> 22 ALLOW Anywhere
>> 137 ALLOW Anywhere
>> 138 ALLOW Anywhere
>> 139 ALLOW Anywhere
>> 445 ALLOW Anywhere
>> 389 ALLOW Anywhere
>> 901 ALLOW Anywhere
>> 53 ALLOW Anywhere
>> 80 ALLOW Anywhere
>> 110 ALLOW Anywhere
>> 143 ALLOW Anywhere
>> 443 ALLOW Anywhere
>> 631 ALLOW Anywhere
>> 993 ALLOW Anywhere
>> 995 ALLOW Anywhere
>> 5800 ALLOW Anywhere
>> 5900 ALLOW Anywhere
>> 9418 ALLOW Anywhere
>> 8080 ALLOW Anywhere
>> 22 ALLOW Anywhere (v6)
>> 137 ALLOW Anywhere (v6)
>> 138 ALLOW Anywhere (v6)
>> 139 ALLOW Anywhere (v6)
>> 445 ALLOW Anywhere (v6)
>> 389 ALLOW Anywhere (v6)
>> 901 ALLOW Anywhere (v6)
>> 53 ALLOW Anywhere (v6)
>> 80 ALLOW Anywhere (v6)
>> 110 ALLOW Anywhere (v6)
>> 143 ALLOW Anywhere (v6)
>> 443 ALLOW Anywhere (v6)
>> 631 ALLOW Anywhere (v6)
>> 993 ALLOW Anywhere (v6)
>> 995 ALLOW Anywhere (v6)
>> 5800 ALLOW Anywhere (v6)
>> 5900 ALLOW Anywhere (v6)
>> 9418 ALLOW Anywhere (v6)
>> 8080 ALLOW Anywhere (v6)
>>
>> bmike1@Michaels-PC:~$
>>
>>
>> What else do you think I should open?
>>
>>
>> On Fri, Mar 16, 2012 at 10:44 AM, Michael Havens <bmike1@gmail.com>wrote:
>>
>>> look what I found in my quest to open ports for printing: I found a
>>> program called ufw which is a 'program for managing a netfilter
>>> firewall.' And one of the commands is:
>>>
>>> ufw allow 53
>>> This rule will allow tcp and udp port 53 to any address on this
>>> host.
>>>
>>> Which is the printers port?... of course 631. my search engine is givong
>>> me another: 515? But both of my computers print.
>>> Do you know if I can specify more than one port in the command? oops...
>>> I just found the correct syntax:
>>> ufw allow 18:25,50:110,130:150,389:445,
>>> 631,900:1000,5800:5900,8080,9418
>>> the man page says I'm allowed 15 numbers in there. No spaces, separated
>>> by a coma, and ranges (x:y ) count as two numbers.
>>>
>>> What other ports does the great brain known as PLUG believe is good to
>>> open?
>>> I think ufw is basically a program to make iptables easier. Or do you
>>> want to give me a tutelage on iptables. I'm willing if you are! Does anyone
>>> have any pointers about ufw?
>>>
>>> ufw probably is an acronym for unix fire wall. or perhaps ubuntu fire
>>> wall.
>>>
>>>
>>
--
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss