Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Setting Up SSH to allow remote login

  • 04-03-2006 5:57pm
    #1
    Closed Accounts Posts: 6,151 ✭✭✭


    Ok, i need some help setting up sshd to allow remote logins to my computer
    It's running Slackware 10.1
    I've got BT broadband with the Zyxel 600 series router, which i have set up to forward port 22 to the computer
    sshd seems to be set up fine and allows access from all the computers on the local network, but it wont allow any connections remotely. I just get an error message which says "connect to address xxx.xxx.xxx.xxx port 22: Permission denied"

    Also I'm using dyndns.org as my dynamic dns service

    Could anyone help me with this, i've looked through the ssh config files but i cant find anything about remote access?

    Thanks


Comments

  • Registered Users, Registered Users 2 Posts: 1,865 ✭✭✭Syth


    I don't think the problem is what sshd. sshd only exists for remote logins, so there's no real way to turn it off or on. If you can ssh into it from any other machine then sshd is doing it's job.

    It sounds like it might be a routing problem.
    Try sshing into it with '-v' to get more verbose output. (ie "ssh -v username@host"). Post that output here (after stripping out potentially sensitive information)

    Look at the sshd logs to see if anything interesting is there. /var/log/authlog AFAIR.


  • Registered Users, Registered Users 2 Posts: 16,288 ✭✭✭✭ntlbell


    sounds more like a nat/port fowarding issue

    run tcpdump on the slackware box and try an ssh from a box outside your own network and see if the connection attempt is even hitting the slackware box


  • Registered Users, Registered Users 2 Posts: 1,067 ✭✭✭tomk


    Does Slackware use hosts.allow/hosts.deny? If so, you'll need to set them up appropriately too.


  • Closed Accounts Posts: 6,151 ✭✭✭Thomas_S_Hunterson


    Syth wrote:
    I don't think the problem is what sshd. sshd only exists for remote logins, so there's no real way to turn it off or on. If you can ssh into it from any other machine then sshd is doing it's job.

    It sounds like it might be a routing problem.
    Try sshing into it with '-v' to get more verbose output. (ie "ssh -v username@host"). Post that output here (after stripping out potentially sensitive information)

    Look at the sshd logs to see if anything interesting is there. /var/log/authlog AFAIR.
    i got the following out put from running a verbose ssh from a remote computer:

    OpenSSH_3.4p1 FreeBSD-20020702, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Rhosts Authentication disabled, originating port will not be trusted.
    debug1: ssh_connect: needpriv 0
    debug1: Connecting to domain.dyndns.org [xxx.xxx.xxx.xxx] port 22.
    ssh: connect to address xxx.xxx.xxx.xxx port 22: Permission denied
    ntlbell wrote:
    run tcpdump on the slackware box and try an ssh from a box outside your own network and see if the connection attempt is even hitting the slackware box
    It doesn't seem to be hitting it at all
    tomk wrote:
    Does Slackware use hosts.allow/hosts.deny? If so, you'll need to set them up appropriately too.
    my hosts.allow file is set up as follows

    in.smtpd: ALL
    sshd: ALL

    and there are no entries in the hosts.deny file

    so it would seem to point towards a portforwarding issue, but port 22 is definitely forwarded on my router, so i'm stumped


  • Closed Accounts Posts: 6,151 ✭✭✭Thomas_S_Hunterson


    Anybody have any ideas??


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 273 ✭✭electrofelix


    Can you check to see if your router can connect to ssh?


    /var/log/secure is the log file for sshd, so you can check that to see if sshd is ignoring the connections, assuming any get through.

    also run
    /etc/init.d/sshd stop

    to stop sshd and
    sshd -de

    to run the server in debug mode and to output any error messages to the screen.

    the "permission denied" sounds more like sshd refusing access than the usual "connection refused" where its blocked or "destination host unreachable" where it can't be seen.


  • Registered Users, Registered Users 2 Posts: 16,288 ✭✭✭✭ntlbell


    if your sure the packets are not hitting the box

    you could look into your routers DMZ feature, put the slackware box into the dmz and try from an external box.

    if this works you need to look at your routers port forwarding/NAT config.



  • Closed Accounts Posts: 210 ✭✭deimos


    Sounds like a nat problem... but the other possibility is that BT block connections to some/all priviliged ports (e.g. 1-1024incl) due to the fact you are a home user or something (I don't know, just a wild guess).

    You could do a "nc -l -v -p 22" after disabling sshd and see does this see a connection.
    Just telnet to it and type something, there are both tcp/ip connection anyways.
    At least you would know straight away whether the problem was with sshd or not.


  • Registered Users, Registered Users 2 Posts: 1,865 ✭✭✭Syth


    deimos wrote:
    Sounds like a nat problem... but the other possibility is that BT block connections to some/all priviliged ports (e.g. 1-1024incl) due to the fact you are a home user or something (I don't know, just a wild guess).
    I'm pretty sure they do. I tried running a web server on my broadband connection and I couldn't get through. It's either that or a port forwarding. Make sure your router is set to forward port 22 to the IP of the ssh server. If you use DHCP your ssh server might have a dynamic IP. Either give it a static IP or look into 'static DHCP'.

    You can run ssh on a different port easily. If you run it on port 443, you can use Proxy Tunnel to access the box from almost any location. :)


  • Registered Users, Registered Users 2 Posts: 2,800 ✭✭✭voxpop


    what user are you using to connect with - some sshd flavours,by default, dont allow remote root sessions - you have to explicitly enable it


  • Advertisement
  • Closed Accounts Posts: 6,151 ✭✭✭Thomas_S_Hunterson


    i'm just using a regular user,and port 22 is forwarded in the router


  • Registered Users, Registered Users 2 Posts: 6,762 ✭✭✭WizZard


    What router? Is it forwarded to the correct IP?
    Can you SSH into the box from another machine behind the firewall/router? That would be best to isolate the cause of the problem.

    BT definitely don't block SSH as I use it on BT broadband myself.


  • Closed Accounts Posts: 6,151 ✭✭✭Thomas_S_Hunterson


    Its a Prestige 623R-T1 ADSL modem, which is connected to a 3Com Office Connect 8 port hub.
    Port 22 is forwarded to the correct IP, and I can SSH it form the local network, which is why i'm so confused


  • Registered Users, Registered Users 2 Posts: 1,865 ✭✭✭Syth


    Try running it on a different port (say 22,222) and see if you can log in remotely from another network. If you can, it's IOL/BT screwing with you.


Advertisement