Re: networking via cross cable

From: Michael Heiming (michael+USENET_at_www.heiming.de)
Date: 05/30/04


Date: Sun, 30 May 2004 17:15:33 -0000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

In comp.os.linux.networking Allan Adler <ara@nestle.csail.mit.edu> suggested:

> Michael Heiming wrote:

>>There's no need to reinstall anything, you can start "lokkit" as
>>root from some xterm and fill in your trusted device below
[..]

> I ran lokkit on minsk and set it up with medium security and to accept ssh.
> Although the two machines can ping each other and traceroute shows they
> can find each other, ssh from pinsk to minsk doesn't work. It complains
> that it doesn't trust the port. I rebooted minsk to see if that was the
> problem, but that didn't help. I ran lokkit again and it ran with
> no apparent recollection of my last session, i.e. it had high security
> as the default and nothing allowed from outside. So, I did the work again
> of setting security to medium and allowing outside ssh. It didn't help.

If you have done your changes and they are working, issue:

 service iptables save
 chkconfig iptables on

> One way to check the work would be if there were some file to look at
> or some program to run which would say whether minsk is set to accept
> outside ssh.

Now, that's a mess, try on the systems 'ssh localhost' at first,
to see if it's running at all, if not start it (as root):

 /etc/init.d/sshd start
Keep sshd running after reboot:
 chkconfig sshd on

To check which service will be started in which runlevel, try:

 chkconfig --list

> After looking at the ssh man page in search of some daemon maybe named
> sshd, I also tried, not knowing what I was doing, adding pinsk to minsk's
> /etc/hosts.allow file, but I don't know what format pinsk should be entered

If sshd is compiled with tcp_wrapper support add to
/etc/hosts.allow

ALL: 192.168.3.3

Exchange 192.168.3.3 with the IP of the other machine.

> in. Since the comments in the file mention tcpd, I looked at the man page for
> tcpd and then tried to run it, in case it was necessary to start it. This

No, you don't run it, it will be used from services running from
(x)inetd if configured to do so.

Hope that helps?

If there are still problems, try:

ssh -vvv 192.168.3.3

Exchange 192.168.3.3 with the IP of the other machine.

Post the output if you still have problems.

-- 
Michael Heiming (GPG-Key ID: 0xEDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFAuha0AkPEju3Se5QRAve+AKDLG2mM5G72b6YdptVM77clx2ru+QCdFCmm
jV2RVJNfjvidcF6Ppb7AxRA=
=c6qB
-----END PGP SIGNATURE-----


Relevant Pages

  • Re: Is OpenSSH 3.5p1 secure?
    ... Do not allow root access over ssh. ... Do allow access over ssh for one and only one user. ... Here are a couple specific recommendations for you that you may wish ... Make sure your Protocol 2 RSA or DSA sshd keys are at the very ...
    (comp.security.ssh)
  • Re: fedora 20 disabling ssh by default
    ... There is the sshd that constrols the service. ... If you don't need ssh yourself you're all ... If you want to keep password authorization you can forbid direct root ... AllowUsers bill ...
    (comp.os.linux.misc)
  • Re: fedora 20 disabling ssh by default
    ... There is the sshd that constrols the service. ... If you don't need ssh yourself you're all ... If you want to keep password authorization you can forbid direct root ... AllowUsers bill ...
    (comp.os.linux.misc)
  • only root without password
    ... The ssh works without the password for the "root" user, ... the ssh works and I think there is a wrong config file but I ... let's see the strace of sshd daemon. ...
    (comp.security.ssh)
  • Re: [opensuse] screen reader problems
    ... Then the ssh -X command replies connect to port 22. ... Same result as user or root. ... Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ ...
    (SuSE)