Re: ssh in network

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Lisa Kachold
Date:  
To: Main PLUG discussion list
Subject: Re: ssh in network
<snip>

I was googling the 'no route to host' and found a suggestion to add a route
> that poimts to the routerr with the command 'sudo ip route add
> 192.168.1.0/24 dev eth0'. So I thought that sounded good but after I did
> not only could I not ssh out of the computer but I could no longer ssh into
> the computer. I then tried to remove the route with the command 'sudo ip
> route del 192.168.1.0/24 dev eth0', but that didn't help any. I just
> realized that the ip address is wrong.... my router is 192.168.0.1 but:
>
> sudo ip route add 192.168.0.1/24 dev eth0
> RTNETLINK answers: Invalid argument
>


A route add command is not persistent past a reboot or network restart.

Mike, ONE of your systems is on your Wireless and the other is on the
wired? Sometimes wireless to wired connections take longer than the
timeout values for ssh or scp. Try putting them both on either wireless or
wired and see if that's more successful?

Timeouts could be why you get a no route to host.

Verify that both boxes have a default route:

# sudo netstat -rn

Verify that both boxes have a listening ssh daemon:

# sudo netstat -antp | grep 22

Make sure you haven't installed DenyHosts or iptables that limits your
connections:

# locate Deny |more
# sudo iptables-save |more

If you don't understand the output post it to the list.

>
> # apt-get install openssh-server
>>
>
> sudo apt-get install openssh-server
> . . .
> openssh-server is already the newest version.
> openssh-server set to manually installed.
>
>
>> You run a ssh server and you use a ssh client as a user.
>>
>> # ssh myusername@targetserverIP
>>
>>>
>>>> # grep Root /etc/ssh/sshd_config <--------------- 'root' not in file
>>>>
>>>
>> Make sure you used "Root" like
>> # sudo grep Root /etc/ssh/sshd_config
>>
>
> there it is..... PermitRootLogin yes
>


Good! You can ssh to this host with root.

>
> If the connection is seen on the host (but has some problem due to FQN
>>>> (/etc/hosts) or /etc/hosts.allow files, it will be logged in either:
>>>>
>>> Hmmm? Go look in var log and see what this system logs to:
>>
>> # sudo tail /var/log/syslog
>>
>>>
>>>> bmike1@Michaels-PC:~$ sudo tail /var/log/messages;sudo tail
> /var/log/syslog
> tail: cannot open `/var/log/messages' for reading: No such file or
> directory
> Apr 1 13:09:46 Michaels-PC ddclient[1763]: WARNING: file
> /etc/ddclient.conf, line 8: Invalid Value for keyword 'login' = ''
> Apr 1 13:14:46 Michaels-PC ddclient[1763]: WARNING: file
> /etc/ddclient.conf, line 8: Invalid Value for keyword 'login' = ''
> Apr 1 13:17:01 Michaels-PC CRON[8219]: (root) CMD ( cd / && run-parts
> --report /etc/cron.hourly)
> Apr 1 13:19:46 Michaels-PC ddclient[1763]: WARNING: file
> /etc/ddclient.conf, line 8: Invalid Value for keyword 'login' = ''
> Apr 1 13:24:46 Michaels-PC ddclient[1763]: WARNING: file
> /etc/ddclient.conf, line 8: Invalid Value for keyword 'login' = ''
> Apr 1 13:29:46 Michaels-PC ddclient[1763]: WARNING: file
> /etc/ddclient.conf, line 8: Invalid Value for keyword 'login' = ''
> Apr 1 13:34:46 Michaels-PC ddclient[1763]: WARNING: file
> /etc/ddclient.conf, line 8: Invalid Value for keyword 'login' = ''
> Apr 1 13:39:46 Michaels-PC ddclient[1763]: WARNING: file
> /etc/ddclient.conf, line 8: Invalid Value for keyword 'login' = ''
> Apr 1 13:44:46 Michaels-PC ddclient[1763]: WARNING: file
> /etc/ddclient.conf, line 8: Invalid Value for keyword 'login' = ''
> Apr 1 13:49:46 Michaels-PC ddclient[1763]: WARNING: file
> /etc/ddclient.conf, line 8: Invalid Value for keyword 'login' = ''
> bmike1@Michaels-PC:~$
>


What - are you running ddclient for?
If you can't properly resolve DNS, you will not be able to ssh:

Please see this link regarding your ddclient errors:
http://www.linuxquestions.org/questions/linux-wireless-networking-41/wifi-connects-but-no-network-access-but-wired-works-880213/

>
>
>> Add this to /etc/hosts.allow:
>>>>
>>>> /etc/hosts.allow looks:
>>>>
>>>> ALL : 127.0.0.1
>>>> sshd : 192.168.0.0/24, 78.207.132.32
>>>>
>>>> This example shows an external address you might want to use to connect
>>>> from outside your internal network (once you open or port forward port 22).
>>>>
>>>> This is the hosts.allow file that I added. Does this look right?
>
> ALL : 127.0.0.1
> sshd : 192.168.0.0/24, 192.168.0.1/24, 192.168.0.2/24, 192.168.0.3/24,
> 192.168.$ <this goes on to x.y.z.10/24>
> #shows address to use from outside of network#, 78.207.132.32
>


No, you need that 78.207.132.32 on the SAME line with either ALL or sshd:
or commented out.

And 192.168.$ might cause problems. Change it to a safe entry:
############cut here############
ALL : 127.0.0.1
sshd : 192.168.0.0/16, 78.207.132.32 <http://192.168.0.0/24>
###########end ###############

Make sure you did this:

> Now the /etc/hosts.deny file:
>>>>
>>>> ALL : ALL
>>>>
>>>>
>>>
>>> Do this and your apt-get/aptitude will be fixed:
>>
>> # sudo apt-get install make
>>
>>
>>
> make is already its current version
>


# sudo apt-get update

Also setup your /etc/hosts file on both servers following these suggestions:
http://linux.about.com/od/commands/l/blcmdl5_hosts.htm

Should look like this (except with all your hostnames on your network - be
sure to put the same one on all your linux boxes):

 127.0.0.1       localhost
 192.168.1.10    foo.mydomain.org       foo
 192.168.1.13    bar.mydomain.org       bar




--
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss