<-------------------[ SNIP ]--------------------------------->On Sunday 27 February 2005 16:47, Mikkel L. Ellertson wrote:
First of all, this is your ssh server config, not IP tables. It looks like the default setup, and should not be a problem. You firewall is probably controlled by shorewall. The config files it uses are in /etc/shorewall.
For networking problems, looking in the logs in /var/log is a good lace to start. Especialy on the machine you are trying to connect to. A lot of the time, you will see a message telling you why the connection was not allowed. Firewalls can make things especialy interesting.
You can say that again about firewalls making things especially interesting.
I found that the MSI box that I could connect to by fish by SSH did not have a firewall as I intended when I set it up. I did not check status of HP as that currently has a test setup in it that will be eliminated once I have the MSI and IBM boxes working as needed.
I found that the box I was NOT able to SSH into DID HAVE a fire wall installed. Wonder when and how I managed to install it as I do not like firewalls in computers I am experimenting with; they are nice for security but hell on problem solving when the issue is NOT involved with security.
Anyway having NO knowledge of ip tables I have attached mine as I believe the box should have a firewall. The ip tables is followed by an additional questions.
______________________________________________________________________
# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
# This is the sshd server system-wide configuration file. See # sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
# The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value.
#Port 22 #Protocol 2,1 Protocol 2 #ListenAddress 0.0.0.0 #ListenAddress ::
# HostKey for protocol version 1 HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768
# Logging #obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO
# Authentication:
#LoginGraceTime 2m PermitRootLogin no #StrictModes yes #MaxAuthTries 6
#RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys ______________________________________________________________________
Question:
Does anyone see a issue with this setup that would prevent my connecting to this box by ssh and thus fish?
In particular should #ListenAddress 0.0.0.0 be uncommented?
Thanks
If I remember right, this network uses dialup to connect to the Internet. If so, you can turn off the firewall on the machines not connected to the Internet for now. AS root, run:
service shorewall stop service iptables stop chkconfig shorewall off chkconfig iptables off
For testing, you can run the service stop commands on the dialup machine when it is not connected to the Internet, and run them with start to turn things back on later.
You firewall was set up during installation, and is based on the security level you picked. If I remember right, anything above normal will block incomming ssh connections.
Others on the list can give you options for a better GUI firewall setup then shorewall, when you are ready for the firewall...
Mikkel --
Do not meddle in the affairs of dragons, for you are crunchy and taste good with Ketchup!
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
