Re: SSH: does it require portmapper and what hostname is it looking for?
On 2004-02-21, Anthony Campbell penned: > On 21 Feb 2004, Monique Y. Herman wrote: >> > [snip] > Monique, I really am grateful to you for supplying this information; > exactly what I was looking for. I've adopted your suggested format for > /etc/hosts. [snip] You're welcome =) Hope it's working for you. [snip] > > A commented example of a working setup - brilliant! Just what I was > hoping for. > > Thanks again. No problem! -- monique -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On 21 Feb 2004, Monique Y. Herman wrote: > [snip] Monique, I really am grateful to you for supplying this information; exactly what I was looking for. I've adopted your suggested format for /etc/hosts. > > The lan IP address in the router is 192.168.0.20, which is why I had it > > in /etc/hosts. > > That part is good! I was questioning the mixture of 192.168.0.x with > 10.0.0.x. Generally speaking, you want the IP addresses of your > machines to look very similar to the IP address of your router. > > > I added the 192... business because I read in various places that you > > were supposed to have this line (I didn't previously) and because > > without it all hostname commands (hostname, hostname -f, hostname -s) > > produce the same thing, i.e. just arcadia. But perhaps that doesn't > > matter? I've taken it out at present. > > No, it matters =) > I've followed your advice and put in the IP from the router. I'd thought earlier that I should put in the IP that my domain name resolves to (194.176.77.5), but obviously that is the same for both computers, which is what was troubling me when I started this thread. > > The 0.0.0.0 line also came from a how-to I found on the Net, but I've > > taken it out. > > I can't swear that you don't need it. I just know that I don't have > one, and my setup works. > > [snip] > All of that looks good. For comparison's sake, why don't I show you the > relevant portions of /etc/network/interfaces and /etc/hosts on one of my > machines? (I'm ignoring the loopback entry in interfaces; that should > be fine.) > > Okay, I'm munging things a bit, but the sense should still be there: [snip] A commented example of a working setup - brilliant! Just what I was hoping for. Thanks again. Anthony -- [EMAIL PROTECTED]|| http://www.acampbell.org.uk using Linux GNU/Debian || for book reviews, electronic Windows-free zone || books and skeptical articles -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On 2004-02-21, Anthony Campbell penned:
> On 20 Feb 2004, Monique Y. Herman wrote:
>> On 2004-02-20, Anthony Campbell penned:
>> >
>> > My /etc/hosts is as follows, in case this indicates the problem:
>> > (The alternative lines are because I tried both the IP which my domain
>> > name resolves to and also the ip on my router. I don't know which, if
>> > either, I need.)
>> >
>> > cut--
>> > 127.0.0.1 localhost loopback
>> > # 194.176.77.5 acampbell.org.uk arcadia
>> > 192.168.0.20 acampbell.org.uk arcadia
>> > 0.0.0.0 accampbell.uklinux.net
>> >
>> > 10.0.0.1 arcadia
>> > 10.0.0.2 mimosas
>> >
>> > ---cut-
>>
>> 1) It looks like you're mixing internal network numbers here. 192.168.0.20
>> for arcadia, then later 10.0.0.1 for arcadia and .2 for mimosas ... I'm
>> fairly sure that this is not what you want.
>>
>> Is there a web interface to your router? Mine lets me set the LAN IP
>> address. Does yours, and if so, does it say 192.168.0.something or
>> 10.0.0.something?
>>
>> It might also be enlightening for you to share your
>> /etc/network/interfaces ... specifically, the "gateway" value for your
>> network device should be the same as the router's IP address. At least,
>> if you want outbound traffic, it should be.
>>
>> 2) What's that 0.0.0.0 entry for? I don't have any such entries on my
>> machine, and I'm not sure it's what you want.
>>
>> 3) You probably don't need to specify the external address (194.etc) in
>> the hosts file. In fact, it's a little misleading, as from outside your
>> router, all of your machines look like that address. All the hosts file
>> does is give your machine a cheat-sheet for the names of some
>> commonly-used hosts. If you frequently wanted to connect to a machine
>> that's outside the router (say, work or home) and wanted it to have a
>> nice, easy-to-remember name, then you might list an external IP address
>> for it.
>>
>> --
>> monique
>>
> If you think I've got myself into a right muddle with this business,
> you're correct. Not a case of failing to rtfm, rather of too much rtfm
> (or the wrong fm, perhaps).
Believe me, I've been there! Don't despair ... over time, this will all
start to make sense. Honest.
> The lan IP address in the router is 192.168.0.20, which is why I had it
> in /etc/hosts.
That part is good! I was questioning the mixture of 192.168.0.x with
10.0.0.x. Generally speaking, you want the IP addresses of your
machines to look very similar to the IP address of your router.
> I added the 192... business because I read in various places that you
> were supposed to have this line (I didn't previously) and because
> without it all hostname commands (hostname, hostname -f, hostname -s)
> produce the same thing, i.e. just arcadia. But perhaps that doesn't
> matter? I've taken it out at present.
No, it matters =)
> The 0.0.0.0 line also came from a how-to I found on the Net, but I've
> taken it out.
I can't swear that you don't need it. I just know that I don't have
one, and my setup works.
> My /etc/network/interfaces:
>
> --cut--
> # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
>
> # The loopback interface
> # automatically added when upgrading
> auto lo
> iface lo inet loopback
> address 127.0.0.1
> netmask 255.0.0.0
> broadcast 127.0.0.255
> gateway 127.0.0.1
>
> #Router stuff
> auto eth0
> iface eth0 inet static
>address 192.168.0.20
>netmask 255.255.255.0
>gateway 192.168.0.1
>broadcast 192.168.0.255
> ---cut
>
All of that looks good. For comparison's sake, why don't I show you the
relevant portions of /etc/network/interfaces and /etc/hosts on one of my
machines? (I'm ignoring the loopback entry in interfaces; that should
be fine.)
Okay, I'm munging things a bit, but the sense should still be there:
Here's the relevant portion of my /etc/network/interfaces on foo :
---cut
auto eth0
iface eth0 inet static
address 192.168.1.15
netmask 255.255.255.0
gateway 192.168.1.1
---cut
Here's the relevant portion of my /etc/hosts , also on foo :
---cut
127.0.0.1 localhost
192.168.1.15foo.hostname.org foo
192.168.1.150 bar
---cut
Let me read this in "plain English." foo is a machine with the static
IP address 192.168.1.15. The gateway line tells foo that the router is
at 192.168.1.1. The netmask line tells foo that every possible value of
192.168.1.x is on the same network as foo. On foo, the term 'localhost'
when used anywhere that involves networking ('ssh localhost', for
example) will resolve to 127.0.0.1. On foo, the term 'foo' will resolve
to 192.168.1.15, and so will foo.hostname.org. Also, if you use the
term 'bar', it will resolve to 192.168.1.150, which is the IP address of
anot
Re: SSH: does it require portmapper and what hostname is it looking for?
On 21 Feb 2004, Antony Gelberg wrote: > On Sat, Feb 21, 2004 at 10:07:28AM +, Anthony Campbell wrote: > > If you think I've got myself into a right muddle with this business, > > you're correct. Not a case of failing to rtfm, rather of too much rtfm > > (or the wrong fm, perhaps). > > I think a good book or other guide on IP networking wouldn't go amiss. > Then the fm would make more sense. :) > > A > I agree, and when I have more time I'll try to get down to it. Meanwhile I can at least communicate between the two machines by email, which seems a satisfactory temporary solution. AC -- [EMAIL PROTECTED]|| http://www.acampbell.org.uk using Linux GNU/Debian || for book reviews, electronic Windows-free zone || books and skeptical articles -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On Sat, Feb 21, 2004 at 10:07:28AM +, Anthony Campbell wrote: > If you think I've got myself into a right muddle with this business, > you're correct. Not a case of failing to rtfm, rather of too much rtfm > (or the wrong fm, perhaps). I think a good book or other guide on IP networking wouldn't go amiss. Then the fm would make more sense. :) A -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On 20 Feb 2004, Monique Y. Herman wrote: > On 2004-02-20, Anthony Campbell penned: > > > > My /etc/hosts is as follows, in case this indicates the problem: > > (The alternative lines are because I tried both the IP which my domain > > name resolves to and also the ip on my router. I don't know which, if > > either, I need.) > > > > cut-- > > 127.0.0.1 localhost loopback > > # 194.176.77.5 acampbell.org.uk arcadia > > 192.168.0.20 acampbell.org.uk arcadia > > 0.0.0.0 accampbell.uklinux.net > > > > 10.0.0.1 arcadia > > 10.0.0.2 mimosas > > > > ---cut- > > 1) It looks like you're mixing internal network numbers here. 192.168.0.20 > for arcadia, then later 10.0.0.1 for arcadia and .2 for mimosas ... I'm > fairly sure that this is not what you want. > > Is there a web interface to your router? Mine lets me set the LAN IP > address. Does yours, and if so, does it say 192.168.0.something or > 10.0.0.something? > > It might also be enlightening for you to share your > /etc/network/interfaces ... specifically, the "gateway" value for your > network device should be the same as the router's IP address. At least, > if you want outbound traffic, it should be. > > 2) What's that 0.0.0.0 entry for? I don't have any such entries on my > machine, and I'm not sure it's what you want. > > 3) You probably don't need to specify the external address (194.etc) in > the hosts file. In fact, it's a little misleading, as from outside your > router, all of your machines look like that address. All the hosts file > does is give your machine a cheat-sheet for the names of some > commonly-used hosts. If you frequently wanted to connect to a machine > that's outside the router (say, work or home) and wanted it to have a > nice, easy-to-remember name, then you might list an external IP address > for it. > > -- > monique > If you think I've got myself into a right muddle with this business, you're correct. Not a case of failing to rtfm, rather of too much rtfm (or the wrong fm, perhaps). The lan IP address in the router is 192.168.0.20, which is why I had it in /etc/hosts. I added the 192... business because I read in various places that you were supposed to have this line (I didn't previously) and because without it all hostname commands (hostname, hostname -f, hostname -s) produce the same thing, i.e. just arcadia. But perhaps that doesn't matter? I've taken it out at present. The 0.0.0.0 line also came from a how-to I found on the Net, but I've taken it out. My /etc/network/interfaces: --cut-- # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # The loopback interface # automatically added when upgrading auto lo iface lo inet loopback address 127.0.0.1 netmask 255.0.0.0 broadcast 127.0.0.255 gateway 127.0.0.1 #Router stuff auto eth0 iface eth0 inet static address 192.168.0.20 netmask 255.255.255.0 gateway 192.168.0.1 broadcast 192.168.0.255 ---cut Anthony -- [EMAIL PROTECTED]|| http://www.acampbell.org.uk using Linux GNU/Debian || for book reviews, electronic Windows-free zone || books and skeptical articles -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
I am confused. Can you post a simple ASCII draw of your network? Does the firewall contain log rules? Which firewall is it? -- "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw (sent by shaulk @ actcom . net . il) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On 2004-02-20, Anthony Campbell penned: > > My /etc/hosts is as follows, in case this indicates the problem: > (The alternative lines are because I tried both the IP which my domain > name resolves to and also the ip on my router. I don't know which, if > either, I need.) > > cut-- > 127.0.0.1 localhost loopback > # 194.176.77.5 acampbell.org.uk arcadia > 192.168.0.20 acampbell.org.uk arcadia > 0.0.0.0 accampbell.uklinux.net > > 10.0.0.1 arcadia > 10.0.0.2 mimosas > > ---cut- 1) It looks like you're mixing internal network numbers here. 192.168.0.20 for arcadia, then later 10.0.0.1 for arcadia and .2 for mimosas ... I'm fairly sure that this is not what you want. Is there a web interface to your router? Mine lets me set the LAN IP address. Does yours, and if so, does it say 192.168.0.something or 10.0.0.something? It might also be enlightening for you to share your /etc/network/interfaces ... specifically, the "gateway" value for your network device should be the same as the router's IP address. At least, if you want outbound traffic, it should be. 2) What's that 0.0.0.0 entry for? I don't have any such entries on my machine, and I'm not sure it's what you want. 3) You probably don't need to specify the external address (194.etc) in the hosts file. In fact, it's a little misleading, as from outside your router, all of your machines look like that address. All the hosts file does is give your machine a cheat-sheet for the names of some commonly-used hosts. If you frequently wanted to connect to a machine that's outside the router (say, work or home) and wanted it to have a nice, easy-to-remember name, then you might list an external IP address for it. -- monique -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On 20 Feb 2004, Shaul Karl wrote: > On Fri, Feb 20, 2004 at 09:48:55AM +, Anthony Campbell wrote: > > > > which I seem to remember, from a previous abortive attempt to set up > > plip, was the way to go, but no luck. I also tried putting in the IP > > addresses from the router; I could then ping one of them but not telnet > > to it. > > > > > If you are trying to ssh 10.0.0.1 from 10.0.0.2 you might try the > following line in /etc/hosts.allow of 10.0.0.1: > > sshd: 10.0.0.2 > > Is there a firewall on 10.0.0.1? I do have a firewall on both but I turned it off without achieving anything. Something must be badly misconfigured because although I can ping mimosa and arcadia on their respective computers I cannot ping either 10.0.0.1 or 10.0.0.2 on either machine. My /etc/hosts is as follows, in case this indicates the problem: (The alternative lines are because I tried both the IP which my domain name resolves to and also the ip on my router. I don't know which, if either, I need.) cut-- 127.0.0.1 localhost loopback # 194.176.77.5 acampbell.org.uk arcadia 192.168.0.20 acampbell.org.uk arcadia 0.0.0.0 accampbell.uklinux.net 10.0.0.1 arcadia 10.0.0.2 mimosas # The following lines are desirable for IPv6 capable hosts # (added automatically by netbase upgrade) ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts ---cut- -- [EMAIL PROTECTED]|| http://www.acampbell.org.uk using Linux GNU/Debian || for book reviews, electronic Windows-free zone || books and skeptical articles -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On Fri, Feb 20, 2004 at 09:48:55AM +, Anthony Campbell wrote: > > which I seem to remember, from a previous abortive attempt to set up > plip, was the way to go, but no luck. I also tried putting in the IP > addresses from the router; I could then ping one of them but not telnet > to it. > If you are trying to ssh 10.0.0.1 from 10.0.0.2 you might try the following line in /etc/hosts.allow of 10.0.0.1: sshd: 10.0.0.2 Is there a firewall on 10.0.0.1? -- "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw (sent by shaulk @ actcom . net . il) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On 19 Feb 2004, Jack Carroll wrote: > On Wed, Feb 18, 2004 at 10:24:44AM -0700, Monique Y. Herman wrote: > > On 2004-02-18, Anthony Campbell penned: > > > I'm trying to run ssh between two computers but I get: > > > > > > "connect to host port 22: Connection refused." > > > > > > I have portmapper turned off for security, but is it essential for > > > ssh? > > > > I don't know about this one, but I don't think so? > > > > > Also, what is the hostname I have to supply? The FQDN seems to be > > > acampbell.org.uk but this is the same for both computers, which > > > doesn't seem to be right. > > > > Two machines should not resolve to the same FQDN. > > > > -- > > monique > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > SSH doesn't require portmap. It uses a fixed well-known port. You > might not have sshd running on the destination machine. You could use > ps ax > to find out. It wasn't running but now it is. However, I still don't seem to get anywhere. >If it's running, and the machines can ping each other, the > next thing to try is > telnet destination ssh > This is where the problem arises. I can't ping the other machine nor can I telnet it (in fact, I can't even telnet to myself; I get "connection refused".) What would the "destination" be? I have two machines, mimosas and arcadia, both connected to the router. I tried putting this in /etc/hosts: 10.0.0.1arcadia 10.0.0.2mimosas which I seem to remember, from a previous abortive attempt to set up plip, was the way to go, but no luck. I also tried putting in the IP addresses from the router; I could then ping one of them but not telnet to it. Anthony > If a server answers, then you're reaching it, so the next place to > look for the answer is in the sshd config file. That's > /etc/ssh/sshd_config. There's some on-system documentation, and a > comprehensive book published by O'Reilly. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > This email has been scanned using the CleanPort MEF antivirus > system. Funded for members by the Doctors.net.uk Bulletin service > How does this protect me? http://www.Doctors.net.uk/qualityemail > > > -- [EMAIL PROTECTED]|| http://www.acampbell.org.uk using Linux GNU/Debian || for book reviews, electronic Windows-free zone || books and skeptical articles -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On Wed, Feb 18, 2004 at 10:24:44AM -0700, Monique Y. Herman wrote: > On 2004-02-18, Anthony Campbell penned: > > I'm trying to run ssh between two computers but I get: > > > > "connect to host port 22: Connection refused." > > > > I have portmapper turned off for security, but is it essential for > > ssh? > > I don't know about this one, but I don't think so? > > > Also, what is the hostname I have to supply? The FQDN seems to be > > acampbell.org.uk but this is the same for both computers, which > > doesn't seem to be right. > > Two machines should not resolve to the same FQDN. > > -- > monique > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > SSH doesn't require portmap. It uses a fixed well-known port. You might not have sshd running on the destination machine. You could use ps ax to find out. If it's running, and the machines can ping each other, the next thing to try is telnet destination ssh If a server answers, then you're reaching it, so the next place to look for the answer is in the sshd config file. That's /etc/ssh/sshd_config. There's some on-system documentation, and a comprehensive book published by O'Reilly. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: DNS and Hostnames (was: Re: SSH: does it require portmapper and what hostname is it looking for?)
On 19 Feb 2004, Monique Y. Herman wrote: > [snip] > This is just the hosts file for one of the machines ... > > What are you intending to accomplish with the acampbell.org.uk and > accampbell.uklinux.net entries? > > Each entry after the IP address on a line should be an identifier for > this machine and this machine only. Thanks. After a fair amount of googling I've found some templates for /etc/hosts and these have clarified most of the issues for me. > > > Related question to start of this thread: is ssh what I need? The > > situation is that I have two computers (desktop and notebook) > > connected to the router and accessing the Internet independently. I > > want to be able to exchange files between them. (Email would do at a > > pinch but I can't see how to do that either.) > > > > Well, scp is ssh's file transfer tool. If your router also acts as a > firewall *and* you have particular directories you care about, you might > consider using NFS or Samba for file sharing. Do *not* use NFS or Samba > unless you have a firewall of some sort in between those machines and > the world at large. > > (Actually, I strongly recommend configuring a firewall, regardless of > what services you choose to run. Close every inbound port that you > don't absolutely need.) > Yes, I do have a firewall. I'll take up your suggestion of looking into NFS and Samba and do some more work on all this over the coming days. Thanks to you and everyone else for help. Anthony -- [EMAIL PROTECTED]|| http://www.acampbell.org.uk using Linux GNU/Debian || for book reviews, electronic Windows-free zone || books and skeptical articles -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: DNS and Hostnames (was: Re: SSH: does it require portmapper and what hostname is it looking for?)
On 2004-02-19, Anthony Campbell penned: > > I am indeed grateful to everyone for help with this. Following > suggestions received so far I've tried (for this computer) setting my > hostname to arcadia.acampbell.org.uk and putting the following in > /etc/hosts: > >>---cut- > 127.0.0.1 acampbell.org.uk localhost ac arcadia.acampbell.org.uk > accampbell.uklinux.net > >>--cut- > > I'm not sure that the first line is right - any corrections please? This is just the hosts file for one of the machines ... What are you intending to accomplish with the acampbell.org.uk and accampbell.uklinux.net entries? Each entry after the IP address on a line should be an identifier for this machine and this machine only. > Related question to start of this thread: is ssh what I need? The > situation is that I have two computers (desktop and notebook) > connected to the router and accessing the Internet independently. I > want to be able to exchange files between them. (Email would do at a > pinch but I can't see how to do that either.) > Well, scp is ssh's file transfer tool. If your router also acts as a firewall *and* you have particular directories you care about, you might consider using NFS or Samba for file sharing. Do *not* use NFS or Samba unless you have a firewall of some sort in between those machines and the world at large. (Actually, I strongly recommend configuring a firewall, regardless of what services you choose to run. Close every inbound port that you don't absolutely need.) -- monique -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: DNS and Hostnames (was: Re: SSH: does it require portmapper and what hostname is it looking for?)
On 18 Feb 2004, Jacob S. wrote: > [snip] > In your case, you want hostname -f to resolve to > arcadia.acampbell.org.uk and mimosas.acampbell.org.uk. (Then, of course, > you still have to have dns setup to point to the appropriate IP for each > of those machines or you won't be able to ssh to them from the internet. > Assuming that's your goal.) > > HTH, > Jacob > > - I am indeed grateful to everyone for help with this. Following suggestions received so far I've tried (for this computer) setting my hostname to arcadia.acampbell.org.uk and putting the following in /etc/hosts: >---cut- 127.0.0.1 acampbell.org.uk localhost ac arcadia.acampbell.org.uk accampbell.uklinux.net # The following lines are desirable for IPv6 capable hosts # (added automatically by netbase upgrade) ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts >--cut- I'm not sure that the first line is right - any corrections please? Related question to start of this thread: is ssh what I need? The situation is that I have two computers (desktop and notebook) connected to the router and accessing the Internet independently. I want to be able to exchange files between them. (Email would do at a pinch but I can't see how to do that either.) Anthony -- [EMAIL PROTECTED]|| http://www.acampbell.org.uk using Linux GNU/Debian || for book reviews, electronic Windows-free zone || books and skeptical articles -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: DNS and Hostnames (was: Re: SSH: does it require portmapper and what hostname is it looking for?)
On Wed, 18 Feb 2004 17:31:00 -0700 "Monique Y. Herman" <[EMAIL PROTECTED]> wrote: > On 2004-02-18, Jacob S. penned: > > > > There is something called "round-robin dns", among other things, for > > the purpose of having multiple machines answer queries for the same > > domain name. This is used for domains where web and e-mail traffic > > is heavy enough that one server can't handle the load. It's not > > typically used (or useful) for things like ssh and can cause a lot > > of problems if the servers aren't setup right. > > This is a good point. I don't know much (anything) about round-robin > implementation. The theory is really pretty simple... It just means your dns server is setup to automatically rotate the order in which it returns the ip addresses of various servers that answer for the domain in question. It's not uncommon to see a domain that has multiple IPs/servers hosting their website - cnn.com is an example - do "host cnn.com" from the command line. > I suspect, though, in the case of the OP, that if you don't know why > your machines are answering to the same FQDN, they probably shouldn't > be. Assuming you're the admin, of course. Exactly. On both counts. Jacob - GnuPG Key: 1024D/16377135 Random .signature #63: Microsoft has combined the strengths of its three most powerful operating systems to create its next generation operating system: Windows CE+ME+NT As hard as a rock and as dumb as a brick! http://www.6texans.net/img/msc.jpg pgp0.pgp Description: PGP signature
Re: DNS and Hostnames (was: Re: SSH: does it require portmapper and what hostname is it looking for?)
On 2004-02-18, Jacob S. penned: > > There is something called "round-robin dns", among other things, for > the purpose of having multiple machines answer queries for the same > domain name. This is used for domains where web and e-mail traffic is > heavy enough that one server can't handle the load. It's not typically > used (or useful) for things like ssh and can cause a lot of problems > if the servers aren't setup right. This is a good point. I don't know much (anything) about round-robin implementation. I suspect, though, in the case of the OP, that if you don't know why your machines are answering to the same FQDN, they probably shouldn't be. Assuming you're the admin, of course. -- monique -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On Wed, 2004-02-18 at 09:25, Anthony Campbell wrote: > I'm trying to run ssh between two computers but I get: > > "connect to host port 22: Connection refused." > Have you made sure that the remote host is running sshd? If not, a refused connection should be expected. > I have portmapper turned off for security, but is it essential for ssh? > sshd doesnt require portmapper > Also, what is the hostname I have to supply? The FQDN seems to be > acampbell.org.uk but this is the same for both computers, which doesn't > seem to be right. the same for both computers? thats certainly not right. how did you determine their hostnames? if you know the ip of the remote machine, you could use that instead of a hostname. -davidc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: DNS and Hostnames (was: Re: SSH: does it require portmapper and what hostname is it looking for?)
On Wed, 18 Feb 2004 12:36:03 -0700 "Monique Y. Herman" <[EMAIL PROTECTED]> wrote: > On 2004-02-18, Anthony Campbell penned: > > On 18 Feb 2004, Monique Y. Herman wrote: > >> On 2004-02-18, Anthony Campbell penned: > >> > Also, what is the hostname I have to supply? The FQDN seems to be > >> > acampbell.org.uk but this is the same for both computers, which > >> > doesn't seem to be right. > >> > >> Two machines should not resolve to the same FQDN. > >> > >> -- monique > >> > > > > Can you enlarge on this? One computer, hostname arcadia, resolves to > > arcadia and (with hostname -f) to acampbell.org.uk. > > > > The other, hostname mimosas, resolves to mimosas and (with -f) to > > acampbell.org.uk. > > > > So is something misconfigured? > > Well, here's the thing. When someone tries to ping acampbell.org.uk, > which one of those machines do you want the ping to use? > > While I suppose that I could tell two machines that they have the same > name, and then only refer to one of them by that name externally, it > sounds like a mess to me. > > I would look in /etc/hosts for both machines and see what is defined > for both 127.0.0.1 and for the "real" IP address of the machine. > > Note: I am by no means a DNS expert. It just seems awfully strange to > me to have two machines believing they have the same name. While I > can't think of any exact reason this would cause trouble, I have this > gut feeling that it would. There is something called "round-robin dns", among other things, for the purpose of having multiple machines answer queries for the same domain name. This is used for domains where web and e-mail traffic is heavy enough that one server can't handle the load. It's not typically used (or useful) for things like ssh and can cause a lot of problems if the servers aren't setup right. Also, in the instance of multiple servers answering queries for, say, example.domain.com, each of those servers also has a unique FQDN associated with them, such as machineA.domain.com and machineB.domain.com. Because, even though you might want Apache on both of them to do the same, you need a way to reliably ssh into the one of your choice should either one ever have problems. In your case, you want hostname -f to resolve to arcadia.acampbell.org.uk and mimosas.acampbell.org.uk. (Then, of course, you still have to have dns setup to point to the appropriate IP for each of those machines or you won't be able to ssh to them from the internet. Assuming that's your goal.) HTH, Jacob - GnuPG Key: 1024D/16377135 Random .signature #25: Microsoft: "You've got questions. We've got dancing paperclips." pgp0.pgp Description: PGP signature
Re: SSH: does it require portmapper and what hostname is it looking for?
Anthony Campbell wrote: On 18 Feb 2004, Andreas Janssen wrote: Hello Anthony Campbell (<[EMAIL PROTECTED]>) wrote: [sshd does not accept connections] Thanks for this reply. I'm getting "connection refused" on port 22. I don't know if this port is blocked, perhaps. (I had bastille in place at one time though not now.) Bastille asks you if you want to set a defauly deny rule in /etc/hosts.deny. Maybe this is still set. Check that file. best regards Andreas Janssen -- Thanks; useful check, but nothing is enabled in that file. AC Are you positive that ssh is indeed running on the remote host? to check telnet $host 22 . It should give you a ssh banner. If you have console access to the machine check to see if you have any iptables rules in place that might be blocking ssh access as well. hth Jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On 2004-02-18, Anthony Campbell penned: > On 18 Feb 2004, Monique Y. Herman wrote: >> On 2004-02-18, Anthony Campbell penned: >> > I'm trying to run ssh between two computers but I get: >> > >> >"connect to host port 22: Connection refused." >> > >> > I have portmapper turned off for security, but is it essential for >> > ssh? >> >> I don't know about this one, but I don't think so? >> >> > Also, what is the hostname I have to supply? The FQDN seems to be >> > acampbell.org.uk but this is the same for both computers, which >> > doesn't seem to be right. >> >> Two machines should not resolve to the same FQDN. >> >> -- monique >> > > Can you enlarge on this? One computer, hostname arcadia, resolves to > arcadia and (with hostname -f) to acampbell.org.uk. > > The other, hostname mimosas, resolves to mimosas and (with -f) to > acampbell.org.uk. > > So is something misconfigured? Well, here's the thing. When someone tries to ping acampbell.org.uk, which one of those machines do you want the ping to use? While I suppose that I could tell two machines that they have the same name, and then only refer to one of them by that name externally, it sounds like a mess to me. I would look in /etc/hosts for both machines and see what is defined for both 127.0.0.1 and for the "real" IP address of the machine. Note: I am by no means a DNS expert. It just seems awfully strange to me to have two machines believing they have the same name. While I can't think of any exact reason this would cause trouble, I have this gut feeling that it would. -- monique -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On 2004-02-18, Lou Losee penned: >> > >> Thanks for this reply. I'm getting "connection refused" on port 22. I >> don't know if this port is blocked, perhaps. (I had bastille in place >> at one time though not now.) >> My understanding of Bastille is that it's not a service per se; it's an application that, when run, allows you to configure more secure/paranoid settings for your system. I don't think that uninstalling Bastille undoes these changes, although I may be wrong. -- monique -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On 18 Feb 2004, Andreas Janssen wrote: > Hello > > Anthony Campbell (<[EMAIL PROTECTED]>) wrote: > > > [sshd does not accept connections] > > Thanks for this reply. I'm getting "connection refused" on port 22. I > > don't know if this port is blocked, perhaps. (I had bastille in place > > at one time though not now.) > > Bastille asks you if you want to set a defauly deny rule in > /etc/hosts.deny. Maybe this is still set. Check that file. > > best regards > Andreas Janssen > > -- Thanks; useful check, but nothing is enabled in that file. AC -- [EMAIL PROTECTED]|| http://www.acampbell.org.uk using Linux GNU/Debian || for book reviews, electronic Windows-free zone || books and skeptical articles -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On 18 Feb 2004, Monique Y. Herman wrote: > On 2004-02-18, Anthony Campbell penned: > > I'm trying to run ssh between two computers but I get: > > > > "connect to host port 22: Connection refused." > > > > I have portmapper turned off for security, but is it essential for > > ssh? > > I don't know about this one, but I don't think so? > > > Also, what is the hostname I have to supply? The FQDN seems to be > > acampbell.org.uk but this is the same for both computers, which > > doesn't seem to be right. > > Two machines should not resolve to the same FQDN. > > -- > monique > Can you enlarge on this? One computer, hostname arcadia, resolves to arcadia and (with hostname -f) to acampbell.org.uk. The other, hostname mimosas, resolves to mimosas and (with -f) to acampbell.org.uk. So is something misconfigured? AC -- [EMAIL PROTECTED]|| http://www.acampbell.org.uk using Linux GNU/Debian || for book reviews, electronic Windows-free zone || books and skeptical articles -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
Hello Anthony Campbell (<[EMAIL PROTECTED]>) wrote: > [sshd does not accept connections] > Thanks for this reply. I'm getting "connection refused" on port 22. I > don't know if this port is blocked, perhaps. (I had bastille in place > at one time though not now.) Bastille asks you if you want to set a defauly deny rule in /etc/hosts.deny. Maybe this is still set. Check that file. best regards Andreas Janssen -- Andreas Janssen <[EMAIL PROTECTED]> PGP-Key-ID: 0xDC801674 Registered Linux User #267976 http://www.andreas-janssen.de/debian-tipps.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
* Anthony Campbell <[EMAIL PROTECTED]> [2004-02-18 12:45]: > On 18 Feb 2004, Jacob S. wrote: > > On Wed, 18 Feb 2004 14:25:08 + > > Anthony Campbell <[EMAIL PROTECTED]> wrote: > > > > > I'm trying to run ssh between two computers but I get: > > > > > > "connect to host port 22: Connection refused." > > > > > > I have portmapper turned off for security, but is it essential for > > > ssh? > > > > In my /etc/hosts.allow file I have the line "sshd: ALL". I don't think > > portmap should make a difference. (Also note that I'm running ssh as a > > daemon, on this machine, not through inetd or anything else.) > > > so am I. > > > > Also, what is the hostname I have to supply? The FQDN seems to be > > > acampbell.org.uk but this is the same for both computers, which > > > doesn't seem to be right. > > > > Any FQDN that properly resolves to the ip address for the computer > > you're trying to ssh into should work. You could also use it's ip > > address, if you need to make sure which computer is giving you the > > problem. > > > > HTH, > > Jacob > > > Thanks for this reply. I'm getting "connection refused" on port 22. I > don't know if this port is blocked, perhaps. (I had bastille in place at > one time though not now.) > Just a couple of thoughts: - Are you able to telnet to port 22 on the target system? for example: telnet abc.com 22 you should get to see the OpenSSH banner if it connects successfully. - Do you have a router (i.e., LinkSys or DLink type box) that you need to open port 22 on? Lou Losee -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On 2004-02-18, Anthony Campbell penned: > I'm trying to run ssh between two computers but I get: > > "connect to host port 22: Connection refused." > > I have portmapper turned off for security, but is it essential for > ssh? I don't know about this one, but I don't think so? > Also, what is the hostname I have to supply? The FQDN seems to be > acampbell.org.uk but this is the same for both computers, which > doesn't seem to be right. Two machines should not resolve to the same FQDN. -- monique -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On 18 Feb 2004, Jacob S. wrote: > On Wed, 18 Feb 2004 14:25:08 + > Anthony Campbell <[EMAIL PROTECTED]> wrote: > > > I'm trying to run ssh between two computers but I get: > > > > "connect to host port 22: Connection refused." > > > > I have portmapper turned off for security, but is it essential for > > ssh? > > In my /etc/hosts.allow file I have the line "sshd: ALL". I don't think > portmap should make a difference. (Also note that I'm running ssh as a > daemon, on this machine, not through inetd or anything else.) > so am I. > > Also, what is the hostname I have to supply? The FQDN seems to be > > acampbell.org.uk but this is the same for both computers, which > > doesn't seem to be right. > > Any FQDN that properly resolves to the ip address for the computer > you're trying to ssh into should work. You could also use it's ip > address, if you need to make sure which computer is giving you the > problem. > > HTH, > Jacob > Thanks for this reply. I'm getting "connection refused" on port 22. I don't know if this port is blocked, perhaps. (I had bastille in place at one time though not now.) AC -- [EMAIL PROTECTED]|| http://www.acampbell.org.uk using Linux GNU/Debian || for book reviews, electronic Windows-free zone || books and skeptical articles -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
Hello Anthony Campbell (<[EMAIL PROTECTED]>) wrote: > I'm trying to run ssh between two computers but I get: > > "connect to host port 22: Connection refused." > > I have portmapper turned off for security, but is it essential for > ssh? sshd does not portmapper. Check if sshd is bound to the right interfaces, and take a look at your /etc/hosts.allow, /etc/hosts.deny (man hosts_access) and firewall configuration. best regards Andreas Janssen -- Andreas Janssen <[EMAIL PROTECTED]> PGP-Key-ID: 0xDC801674 Registered Linux User #267976 http://www.andreas-janssen.de/debian-tipps.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH: does it require portmapper and what hostname is it looking for?
On Wed, 18 Feb 2004 14:25:08 + Anthony Campbell <[EMAIL PROTECTED]> wrote: > I'm trying to run ssh between two computers but I get: > > "connect to host port 22: Connection refused." > > I have portmapper turned off for security, but is it essential for > ssh? In my /etc/hosts.allow file I have the line "sshd: ALL". I don't think portmap should make a difference. (Also note that I'm running ssh as a daemon, on this machine, not through inetd or anything else.) > Also, what is the hostname I have to supply? The FQDN seems to be > acampbell.org.uk but this is the same for both computers, which > doesn't seem to be right. Any FQDN that properly resolves to the ip address for the computer you're trying to ssh into should work. You could also use it's ip address, if you need to make sure which computer is giving you the problem. HTH, Jacob - GnuPG Key: 1024D/16377135 Random .signature #47: Windows, the yo-yo operating system; it goes up... it goes down... it goes up... pgp0.pgp Description: PGP signature
