it is strange and I think related to the printing issue that when I try to
ssh from the server to the laptop the connection is refused but when I try
the other way the connection times out. Does that little piece of
information help any?
--more info--
ssh server to xp=timeout
ssh laptopto XP= timeout
ssh xp to laptop=connection refused (cygwin)
ssh xp to server=connection timeout (cygwin)
On Sun, Mar 18, 2012 at 4:21 PM, Michael Havens <
bmike1@gmail.com> wrote:
>
>
> On Sat, Mar 17, 2012 at 6:35 AM, Lisa Kachold <lisakachold@obnosis.com>wrote:
>
>> Good Job Michael! You have negotiated the ufw. Keep in mind that you
>> would not want to open all this on a traveling laptop (since it would
>> expose trusted services to all). Now just because you have opened the
>> ports on one system, you can't be sure they are actually "seen" from the
>> other system without a test?
>>
>> From the other system, now run:
>>
>> # nmap $thissystem
>>
>> Did you see 22 tcp open from the other system NOW?
>>
>> no.
>
> bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.4 (laptops ip)
>
> Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:11 MST
> Nmap scan report for 192.168.0.4
> Host is up (0.000022s latency).
> Not shown: 999 closed ports
> PORT STATE SERVICE
> 631/tcp open ipp
>
> Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds
>
> bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.3 (print servers ip)
>
> Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:12 MST
> Nmap scan report for 192.168.0.3
> Host is up (0.0020s latency).
> Not shown: 997 filtered ports
> PORT STATE SERVICE
> 139/tcp open netbios-ssn
> 443/tcp open https
> 445/tcp open microsoft-ds
> MAC Address: 00:09:6B:78:AB:F0 (IBM)
>
> Nmap done: 1 IP address (1 host up) scanned in 12.29 seconds
> bmike1@Michaels-Laptop ~ $
>
> Make sure it's enabled for the service via ufw (on the target system):
>>
>> # sudo ufw allow ssh
>>
>> it said the rule already exists.
>
>
>> It appears that your ssh is timing out, but the logs can tell you why:
>>
>> On the target system:
>>
>> # tail /var/log/messages
>> or
>> # tail /var/log/secure
>>
>> it responded '...no such file...'
>
> Sshd is setup by default for strict host checking, so you MUST have an
>> acceptable /etc/hosts file configuration:
>>
>> There must be a hostname that matches your host entry, which matches your
>> IP address.
>>
>
> Here is now my /etc/hosts file
>
> 127.0.0.1 localhost
> 127.0.1.1 Michaels-PC
> #####################
> #added
> 192.168.0.2 SonyDesktop <-this is the computer name..... if I'm
> supposed to put something else in please
> tell me how to get that
> info on an XP
> 192.168.0.4 Michaels-Laptop <-I put the computer name in because that
> is what is in there in /etc/hosts
> [127.0.0.1 (computer
> name)]
> #added
> #####################
> # The following lines are desirable for IPv6 capable hosts
> ::1 ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
>
>
>> You can also do a couple of ssh daemon "hacks", by editing the
>> /etc/ssh/sshd_config file:
>>
>> If I do this I don't need to worry about /etc/hosts?
>
>
>> a) Allow root ssh (which is disallowed by default) [What command are you
>> running from the other system to get here? As root?]:
>>
>> Find out line that read as follows:
>> *PermitRootLogin no*
>> Set it as follows:
>> *PermitRootLogin yes*
>>
>> b) Disable Strict
>> *StrictHostKeyChecking* *yes
>> *set it as follows:*
>> **StrictHostKeyChecking* *no*
>>
>> c) Change/extend the timeouts:
>>
>> *ServerAliveInterval 100*
>>
>>
>> These changes can be used to provide more information on why you are not
>> connecting.
>>
>> ALWAYS remember to copy your original CONFIGS to backup before editing so
>> you can seamlessly roll forward and back.
>>
>> Don't forget to restart ssh daemon after making configuration changes!
>>
>> Nope... didn't work.
>
>
>>
>>
> On Fri, Mar 16, 2012 at 11:00 PM, James Mcphee <jmcphe@gmail.com> wrote:
>>
>>> if you're opening that much, just disable iptables until you figure out
>>> what you need to leave open.
>>> On Mar 16, 2012 6:06 PM, "Michael Havens" <bmike1@gmail.com> wrote:
>>>
>>>> hmmmmmm..... opening the ports didn't help any. I opened:
>>>>
>>>> bmike1@Michaels-PC:~$ sudo ufw status
>>>> Status: active
>>>>
>>>> To Action From
>>>> -- ------ ----
>>>> 22 ALLOW Anywhere
>>>> 137 ALLOW Anywhere
>>>> 138 ALLOW Anywhere
>>>> 139 ALLOW Anywhere
>>>> 445 ALLOW Anywhere
>>>> 389 ALLOW Anywhere
>>>> 901 ALLOW Anywhere
>>>> 53 ALLOW Anywhere
>>>> 80 ALLOW Anywhere
>>>> 110 ALLOW Anywhere
>>>> 143 ALLOW Anywhere
>>>> 443 ALLOW Anywhere
>>>> 631 ALLOW Anywhere
>>>> 993 ALLOW Anywhere
>>>> 995 ALLOW Anywhere
>>>> 5800 ALLOW Anywhere
>>>> 5900 ALLOW Anywhere
>>>> 9418 ALLOW Anywhere
>>>> 8080 ALLOW Anywhere
>>>> 22 ALLOW Anywhere (v6)
>>>> 137 ALLOW Anywhere (v6)
>>>> 138 ALLOW Anywhere (v6)
>>>> 139 ALLOW Anywhere (v6)
>>>> 445 ALLOW Anywhere (v6)
>>>> 389 ALLOW Anywhere (v6)
>>>> 901 ALLOW Anywhere (v6)
>>>> 53 ALLOW Anywhere (v6)
>>>> 80 ALLOW Anywhere (v6)
>>>> 110 ALLOW Anywhere (v6)
>>>> 143 ALLOW Anywhere (v6)
>>>> 443 ALLOW Anywhere (v6)
>>>> 631 ALLOW Anywhere (v6)
>>>> 993 ALLOW Anywhere (v6)
>>>> 995 ALLOW Anywhere (v6)
>>>> 5800 ALLOW Anywhere (v6)
>>>> 5900 ALLOW Anywhere (v6)
>>>> 9418 ALLOW Anywhere (v6)
>>>> 8080 ALLOW Anywhere (v6)
>>>>
>>>> bmike1@Michaels-PC:~$
>>>>
>>>>
>>>> What else do you think I should open?
>>>>
>>>>
>>>> On Fri, Mar 16, 2012 at 10:44 AM, Michael Havens <bmike1@gmail.com>wrote:
>>>>
>>>>> look what I found in my quest to open ports for printing: I found a
>>>>> program called ufw which is a 'program for managing a netfilter
>>>>> firewall.' And one of the commands is:
>>>>>
>>>>> ufw allow 53
>>>>> This rule will allow tcp and udp port 53 to any address on
>>>>> this
>>>>> host.
>>>>>
>>>>> Which is the printers port?... of course 631. my search engine is
>>>>> givong me another: 515? But both of my computers print.
>>>>> Do you know if I can specify more than one port in the command?
>>>>> oops... I just found the correct syntax:
>>>>> ufw allow 18:25,50:110,130:150,389:445,
>>>>> 631,900:1000,5800:5900,8080,9418
>>>>> the man page says I'm allowed 15 numbers in there. No spaces,
>>>>> separated by a coma, and ranges (x:y ) count as two numbers.
>>>>>
>>>>> What other ports does the great brain known as PLUG believe is good to
>>>>> open?
>>>>> I think ufw is basically a program to make iptables easier. Or do you
>>>>> want to give me a tutelage on iptables. I'm willing if you are! Does anyone
>>>>> have any pointers about ufw?
>>>>>
>>>>> ufw probably is an acronym for unix fire wall. or perhaps ubuntu fire
>>>>> wall.
>>>>>
>>>>>
>>>>
>> --
>> (503) 754-4452 Android
>> (623) 239-3392 Skype
>> (623) 688-3392 Google Voice
>> **
>> it-clowns.com
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> :-)~MIKE~(-:
>
--
:-)~MIKE~(-:
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss