ssh and port 22 problem, cont.
by Gerhard Magnus
Greetings!
I've made some progress on troubleshooting this "ssh & port 22 problem".
Here was my original post:
When I try to connect from a remote machine to my one at home
using ssh I get the error message "ssh: connect to host 64.146.133.1 port
22: Connection refused" -- but using ssh in the outgoing direction (i.e.
from home to the remote location) works fine.
Here's what's happened since:
I have two machines (PuteA and PuteB) sharing an ActionTec DSL modem. The IP
I was using was that of my "Gateway" ISP (64.146.133.1) -- an error. But
when I used the correct, static IP address of the ActionTec
(64.146.133.52) I got this message:
ssh: connect to host 64.146.133.52 port22: Connection refused
I thought I had port forwarding (for port 22) set correctly on the modem. For
troubleshooting, my ISP advised me to run "tcpdump -n host 192.168.0.2" on
PuteA, where 192.168.0.2 is the "internal" IP of PuteA. Then I logged on
to the remote location from PuteB and tried to ssh from there to PuteA
using the static IP address. The ssh from the remote location timed out
with the same "port 22: connection refused" message. The tcpdump on Pute
A gave this message:
> tcpdump: listening on eth0
> 17:27:33.662753 arp who-has 192.168.0.2 tell 192.168.0.1
where 182.168.0.1 is the "internal" IP of the modem. (Sorry if I have
this terminology wrong.)
My ISP says the problem is the firewall on PuteA and that he doesn't do linux
firewalls.
Here are my replies to the people who responded to my first post:
(1) "Do you have the firewall configured to deny incoming packets to port
22?"
How do I check this?
(2) "You need to check that sshd is running on your system."
Yes. I comes up with each boot. Also "service sshd status" gives
"sshd (pid 787) is running".
(3) "sshd uses /etc/hosts.allow and /etc/hosts.deny. Check that they are
configured to allow your remote machine in."
Both files have only commented lines.
(4) "Also, if your /etc/ssh/sshd_config file has VerifyReverseMapping
turned on, you will get kicked out if your remote address does not work
with a reverse dns lookup."
There's a "VerifyReverseMapping no" line in the file but it's been commented
out.
(5) "Just to be sure: when you are at home machine, try 'ssh localhost'.
If this works, you probably need to check your firewall."
It seems to work -- I ssh to the machine itself.
(6) "This is common on every system I have ever loaded with FC2. Your
iptables are blocking the connection. You can do one of the following:
iptables -A INPUT -m tcp -p tcp --dport 22 - j ACCEPT"
I tried this. The ssh to PuteA from the remote location still times out.
(7) "Oh yes I also took out the REDHAT firewall entrie as I dont have a
clue as to how to work with it."
I've fiddled endlessly with this "system tool" at each of the three levels
of security as well as using the "customize" option to set eth0 as a
trusted device and to allow incoming ssh. It doesn't show the settings
that actually exist.
(8) "If your fedora box is connected directly to a DSL modem, you should
be able to find your IP address by running ifconfig from the command
line and looking for 'inet addr:' (probably under 'eth0')."
eth0 Link encap:Ethernet HWaddr 00:40:05:81:60:8E
inet addr:192.168.0.4 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2184 errors:0 dropped:0 overruns:0 frame:0
TX packets:2005 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1122075 (1.0 Mb) TX bytes:190214 (185.7 Kb)
Interrupt:5 Base address:0x3000
Could this be the problem -- the "inet addr" of 192.168.0.4? As far as I
can tell, the modem is 192.168.0.1, PuteA is 192.168.0.2, and PuteB is
192.168.0.3. I haven't set anything as 192.168.0.4.
(9) "nmap 64.146.133.52"
(The 1598 ports scanned but not shown below are in state: closed)
Port State Service
23/tcp open telnet
53/tcp open domain
80/tcp open http
Shouldn't ssh be here? And what's telnet doing open? The books have me
scared to death of this... hackers, crackers, script kiddies, etc.
Thanks for the help!
Jerry Magnus
15 years, 6 months
Can scp be used to update a directory?
by Anne Wilson
The scp man page is not very verbose ;-) I want to copy a directory,
recursively, over the lan, but only those files that are new or updated.
MS-DOS could do this back in ...Ummm.... so I can't believe it can't be done
in scp, but I can't see how to do it.
Anne
15 years, 7 months
eth0 dont start at bootime
by Wolfgang Morawetz
Hi,
each time i boot fedora i must enable by hand the eth0 device (by the
gui congig-tool).
What must i do to enable the device at boot?
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=bugs.acme
# cat /etc/sysconfig/networking/devices/ifcfg-eth0
# cat /etc/sysconfig/networking/profiles/default/ifcfg-eth0
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
all 3 the same output
# Macronix, Inc. [MXIC]|MX987x5
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:50:BF:76:39:8F
ONBOOT=yes
TYPE=Ethernet
DHCP_HOSTNAME=bugs.acme
USERCTL=no
PEERDNS=no
Thx
Wolfgang
alias wfx (http://teg.sf.net)
15 years, 8 months
Yum on x86_64
by Gareth Bult
Hi,
I seem to have (finally :) ) acquired a complete(ish) / working x86_64
system .. but I'm still having trouble with a few bits, not least "yum".
I get;
Server: Fedora Core 1 - i386 - Base
Server: Fedora Core 1 - i386 - Released Updates
Server: Fedora Core 1 - i386 - Unreleased Updates
Finding updated packages
Traceback (most recent call last):
File "/usr/bin/yum", line 60, in ?
yummain.main(sys.argv[1:])
File "yummain.py", line 204, in main
File "clientStuff.py", line 363, in getupdatedhdrlist
File "clientStuff.py", line 409, in bestversion
IndexError: list index out of range
[root@squizzey oddjob]#
(This is a modified system [2.6.0-test11] however it seems to run well)
Pointing it at mozilla's channel for SeaMonkey seems to work if I
disable the default channels, however...
Anyone any ideas ?
(I was sort of expecting to see it say "no x86_64 updates supported yet"
as opposed to a complete crash)
Also, can yum pull SRPMS and rebuild them ?
tia
Gareth.
15 years, 8 months
Python, RPM error
by Austin Isler
I apologize if this is in the archives, and I missed it.
I updated rpm a while back with:
# yum -y update rpm
I believe it installed a python2.4 package as well. Ever since then, I
have had problems with python and rpm. I get this error when trying to
use yum:
Traceback (most recent call last):
File "/usr/bin/yum", line 6, in ?
import yummain
File "/usr/share/yum-cli/yummain.py", line 23, in ?
import yum
File "/usr/lib/python2.3/site-packages/yum/__init__.py", line 21, in ?
import rpm
ImportError: No module named rpm
Appreciate the help,
Austin
16 years, 1 month
firefox bookmarks
by Richard E Miles
Is it possible to save the firefox bookmarks so that when I do a clean install
of FC4 I can reload them?
I tried to cp the bookmarks.html file back into the /home/rmiles/.mozilla/firefox/0qem39dn.default directory but it did not
restore them from an earlier saving of this file.
It would be nice to be able to reset the bookmarks that I had in FC 3 to the FC 4
firefox.
--
Richard E Miles
Federal Way WA. USA
registered linux user 46097
16 years, 2 months
dump/restore (or "star") and SELinux problems
by Kayvan A. Sylvan
Hi folks,
I am trying again. I haven't gotten an answer that works yet and hoping that
people who know more about SELinux and Fedora can see this and suggest
a solution (or at least a way to investigate).
My goal: To be able to reszie a partition (or rearrange filesystems) without
losing any data or meta-data.
parted is useless, since it won't handle the xattr filesystem data.
I used dump to create a filesystem backup, then used the FC5 Install DVD
to go into rescue mode and restore the dump. That seem to work okay for
the file data. However, for each and every file, I get the message:
restore: lsetxattr ./filename_being_restored failed: Invalid argument
Using "ls -Z", I see that all the files end up being unlabeled (or they
are in the unlabeled_t context).
These files were all set up in Fedora FC4, using the targeted policy.
When I am booting up using the FC5 Install DVD ("linux rescue"), the SELinux
startup shows:
security: 3 users, 6 roles, 1161 types, 135 bools, 1 sens, 256 cats
security: 55 classes, 38679 rules
SELinux: Completing initialization.
SELinux: Setting up existing superblocks.
SELinux: initialized (dev loop0, type squashfs), not configured for labeling
SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts
SELinux: initialized (dev ramfs, type ramfs), uses genfs_contexts
SELinux: initialized (dev ramfs, type ramfs), uses genfs_contexts
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts
SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs
SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses genfs_contexts
SELinux: initialized (dev devpts, type devpts), uses transition SIDs
SELinux: initialized (dev eventpollfs, type eventpollfs), uses genfs_contexts
SELinux: initialized (dev inotifyfs, type inotifyfs), uses genfs_contexts
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts
SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
SELinux: initialized (dev cpuset, type cpuset), not configured for labeling
SELinux: initialized (dev proc, type proc), uses genfs_contexts
SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
I have also tried using "star" with the following args:
star -v -c -xdev -sparse -acl -link-dirs level=0 -wtardumps \
f=root.star -C / .
And then, when booted into the rescue mode, did the following to extract:
star -xpU -restore f=root.star
This produced the same result. The files end up being unlabeled.
I am wondering if I have to have the same SELinux policy loaded while
in the rescue mode in order to avoid the "lsetxattr: invalid argument"
error? How would I go about doing that?
Thanks for any help!
---Kayvan
--
Kayvan A. Sylvan | Proud husband of | Father to my kids:
Sylvan Associates, Inc. | Laura Isabella Sylvan, | Katherine Yelena (8/8/89)
http://sylvan.com/~kayvan | my beautiful Queen. | Robin Gregory (2/28/92)
16 years, 4 months
Installing JAVA
by Michael Wright
? Need help on how i can install java
The other problem i have with the terminal it wont let me download the new cpanel.. you can find them here at http://www.cpanel.com
16 years, 6 months
What is the proper way to restart udev?
by Steven W. Orr
I found /sbin/udevstart but there is no udevstop. Can I kill -1 the
running udevd, or do I kill -9 the udevd followed by a udevstart, or do I
have to reboot?
TIA
--
Time flies like the wind. Fruit flies like a banana. Stranger things have .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
16 years, 6 months
