Re: networking via cross cable

From: Michael Heiming (michael+USENET_at_www.heiming.de)
Date: 05/30/04 

Date: Sun, 30 May 2004 17:15:33 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

In comp.os.linux.networking Allan Adler <ara@nestle.csail.mit.edu> suggested:

> Michael Heiming wrote:

>>There's no need to reinstall anything, you can start "lokkit" as
>>root from some xterm and fill in your trusted device below
[..]

> I ran lokkit on minsk and set it up with medium security and to accept ssh.
> Although the two machines can ping each other and traceroute shows they
> can find each other, ssh from pinsk to minsk doesn't work. It complains
> that it doesn't trust the port. I rebooted minsk to see if that was the
> problem, but that didn't help. I ran lokkit again and it ran with
> no apparent recollection of my last session, i.e. it had high security
> as the default and nothing allowed from outside. So, I did the work again
> of setting security to medium and allowing outside ssh. It didn't help.

If you have done your changes and they are working, issue:

 service iptables save
 chkconfig iptables on

> One way to check the work would be if there were some file to look at
> or some program to run which would say whether minsk is set to accept
> outside ssh.

Now, that's a mess, try on the systems 'ssh localhost' at first,
to see if it's running at all, if not start it (as root):

 /etc/init.d/sshd start
Keep sshd running after reboot:
 chkconfig sshd on

To check which service will be started in which runlevel, try:

 chkconfig --list

> After looking at the ssh man page in search of some daemon maybe named
> sshd, I also tried, not knowing what I was doing, adding pinsk to minsk's
> /etc/hosts.allow file, but I don't know what format pinsk should be entered

If sshd is compiled with tcp_wrapper support add to
/etc/hosts.allow

ALL: 192.168.3.3

Exchange 192.168.3.3 with the IP of the other machine.

> in. Since the comments in the file mention tcpd, I looked at the man page for
> tcpd and then tried to run it, in case it was necessary to start it. This

No, you don't run it, it will be used from services running from
(x)inetd if configured to do so.

Hope that helps?

If there are still problems, try:

ssh -vvv 192.168.3.3

Exchange 192.168.3.3 with the IP of the other machine.

Post the output if you still have problems. 

-- 
Michael Heiming (GPG-Key ID: 0xEDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFAuha0AkPEju3Se5QRAve+AKDLG2mM5G72b6YdptVM77clx2ru+QCdFCmm
jV2RVJNfjvidcF6Ppb7AxRA=
=c6qB
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: Is OpenSSH 3.5p1 secure?
    ... Do not allow root access over ssh. ... Do allow access over ssh for one and only one user. ... Here are a couple specific recommendations for you that you may wish ... Make sure your Protocol 2 RSA or DSA sshd keys are at the very ...
    (comp.security.ssh)
  • only root without password
    ... The ssh works without the password for the "root" user, ... the ssh works and I think there is a wrong config file but I ... let's see the strace of sshd daemon. ...
    (comp.security.ssh)
  • Re: [opensuse] screen reader problems
    ... Then the ssh -X command replies connect to port 22. ... Same result as user or root. ... Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ ...
    (SuSE)
  • Re: OpenSSh 3.4p1 PrivilegeSerparation experiment
    ... > o you expect disconnection from an ssh'd tty when root sends sshd the ... That's never been the way ssh has worked. ... > o We have the real daemon listening, ...
    (Vuln-Dev)
  • Re: why sshd is running under root ?
    ... > I dont understand why the deamon for ssh is running under root, ... I would imagine sshd runs as root in order to properly handle disparate ... Since changing userid and groupid in this manner is an action restricted ...
    (comp.os.linux.networking)