SV: [opensuse] ssh
-Oprindelig meddelelse- Fra: Aaron Kulkis [mailto:[EMAIL PROTECTED] Sendt: 4. januar 2008 22:05 Til: opensuse Emne: Re: [opensuse] ssh Tage Danielsen wrote: Hello I have a suse 10.0 server running and OK. Now I have installed a new machine running suse 10.3 and I want to make ssh connection from this machine to other suse machines. I get the error: warning: Authentication failed. Disconnected; no more authentication methods available (No further authentication methods available.). When I try ssh -X it come with error that the option -X Fatal error, -X is not allowed. Can someone guide me to use the ssh so I can connect to other systems Best regards Tage do you have sshd running on both hosts? (Yes, you only need it on the server, but for all practical purposes, you should have it running on all machines. Sorry for my question, I did not have the sshd running on suse ver 10.3 I had to update the ssh before I could start the sshd. Now it is updated and the sshd is started, and now I can connect to others via ssh. Thanks for help. Tage * -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Denne meddelelse er blevet skannet for virus og farligt indhold af MailScanner, og er fundet ufarlig. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh
Tage Danielsen wrote: Hello I have a suse 10.0 server running and OK. Now I have installed a new machine running suse 10.3 and I want to make ssh connection from this machine to other suse machines. I get the error: warning: Authentication failed. Disconnected; no more authentication methods available (No further authentication methods available.). When I try ssh -X it come with error that the option -X Fatal error, -X is not allowed. Can someone guide me to use the ssh so I can connect to other systems Best regards Tage do you have sshd running on both hosts? (Yes, you only need it on the server, but for all practical purposes, you should have it running on all machines. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Login Delay running 10.3
I guess you perform all the updates and the prob seems to disappear (at least it did so in my case!). I don't think so. Which version are you using? # rpm -q openssh openssh-4.6p1-58.1 Could it be related to unauthorized logins? There are some in the log but not all the time while I tried to login. Btw. # ssh localhost delays, too. frustrating. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Login Delay running 10.3
make sure your DNS works properly this usually happens when reverse lookups are broken in my experience, that is most likely the cause, there is a setting you can disable if you will not have a good working DNS in your environment, I believe it is the GSSAPI options, if you google search with slow ssh logins GSSAPI options not in quotes you should see some hits. But, having a good DNS is the best answer. On Mon, 2007-11-05 at 16:46 +0100, Johannes Nohl wrote: I guess you perform all the updates and the prob seems to disappear (at least it did so in my case!). I don't think so. Which version are you using? # rpm -q openssh openssh-4.6p1-58.1 Could it be related to unauthorized logins? There are some in the log but not all the time while I tried to login. Btw. # ssh localhost delays, too. frustrating. smime.p7s Description: S/MIME cryptographic signature
Re: [opensuse] SSH Login Delay running 10.3
Johannes Nohl wrote: I guess you perform all the updates and the prob seems to disappear (at least it did so in my case!). I don't think so. Which version are you using? # rpm -q openssh openssh-4.6p1-58.1 Could it be related to unauthorized logins? There are some in the log but not all the time while I tried to login. Btw. # ssh localhost delays, too. frustrating. Hi, Yep, mine is the same openssh version (openssh-4.6p1-58.1). I checked my logs and yes there are some ssh login attempts but nothing that would cause the delay. I also fiddled with both firewall up and down and same problem. My problem with the lengthy ssh login time (it could just be coincidence??) seems to have disappeared after I did a couple of Yast2 updates (including the new kernel 2.6.22.9-0.4-default). Now ssh seems to be back to normal as it was in 10.2. I agree - it was very frustrating there for a while. Not sure if it makes a diff but my system is a dual amd64x2 and I used the opensuse x86_64 dvd. I also made sure that the dns lookup and reverse dns were setup and working properly (basically identical as in 10.2) but again no joy. Rgds. Otto. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Login Delay running 10.3
Hi Todd! make sure your DNS works properly this usually happens when reverse lookups are broken in my experience, that is most likely the cause, there is a setting you can disable if you will not have a good working DNS in your environment, I believe it is the GSSAPI options, if you google search with slow ssh logins GSSAPI options not in quotes you should see some hits. But, having a good DNS is the best answer. You know what you're saying. Great! That was the answer. THANKS. Is it a security risk? I uncommented this options in /etc/ssh/sshd_config: # GSSAPI options GSSAPIAuthentication no GSSAPICleanupCredentials yes (what I don't understand: I read that every option in config which is commented points to the default. Now I just uncommenting it, not changing the value, does the trick. weird... For the archive...) -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [opensuse] SSH Login Delay running 10.3
You know what you're saying. Great! That was the answer. THANKS. Is it a security risk? I uncommented this options in /etc/ssh/sshd_config: # GSSAPI options GSSAPIAuthentication no GSSAPICleanupCredentials yes (what I don't understand: I read that every option in config which is commented points to the default. Now I just uncommenting it, not changing the value, does the trick. weird... For the archive...) Glad to have helped someone. I have to admit the I do not know the total implications of those options, I think they are related to Kerberos authentication somehow. I personally choose in making my DNS correct and not changing the GSSAPI Options I just ran across the alternate solution researching something Else. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Login Delay running 10.3
This normally is a problem with dns resolution. The resolv.conf file should be updated automatically updated by dhclient when you get your ip. If it isn't, then something is wrong. But that's exactly what happens. All three nameservers are working and I can look up my dial in IP using nslookup. There are no delays. Also I read that the resolving problem is causing a delay before you are prompted for password. I experienced the delay AFTER password prompt. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Login Delay running 10.3
Johannes Nohl wrote: This normally is a problem with dns resolution. The resolv.conf file should be updated automatically updated by dhclient when you get your ip. If it isn't, then something is wrong. But that's exactly what happens. All three nameservers are working and I can look up my dial in IP using nslookup. There are no delays. Also I read that the resolving problem is causing a delay before you are prompted for password. I experienced the delay AFTER password prompt. Hi, I also encountered this problem when I upgraded from 10.2 to 10.3. On 10.2 using putty from either a linux box or winx box to the 10.2 server it was almost instantaneous. After the upgrade to 10.3 it took a LONG time to get the password prompt after entering the login name - sometimes the problem was also seen on the login prompt. It was not a dns issue as my dns and resolv were working fine in all other aspects - only ssh was affected. This was when 10.3 first came out - however now it seems to be back to normal - not sure if the updates had anything to do with it. In fact when this originally happened after the upgrade to 10.3 - i did monitor the log files as well as using tripwire but nothing came of it as there were no errors or anything - just a timing issue. After entering the login name, it would just sit there for between 15 to 35 secs and EVENTUALLY the password prompt came up. I guess you perform all the updates and the prob seems to disappear (at least it did so in my case!). Rgds. Otto. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse] SSH Login Delay running 10.3
Dear list, I just set up a new server running 10.3 (minimal text install). Whenever I try to login using a ssh client (ssh on linux, putty on windows) I encounter a long delay (appr. 15 seconds) after the password input. log/messages says sshd: reverse mapping ... I googled this and it was about a DNS error. But all postings I saw so far about are about a delay before login (at least before password input). And they are from prior 2006. So I guess the DNS problem is fixed. (I can't use etc/resolv because I don't have a fixed IP). Next line in log is about a login but no errors anymore. The server I ran before was a 9.3 updated to 10.0 on older hardware and login is defitnly 20 times as fast! Am I the only one? Any ideas? -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Login Delay running 10.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/3/07, Johannes Nohl wrote: Dear list, I just set up a new server running 10.3 (minimal text install). Whenever I try to login using a ssh client (ssh on linux, putty on windows) I encounter a long delay (appr. 15 seconds) after the password input. log/messages says sshd: reverse mapping ... I googled this and it was about a DNS error. But all postings I saw so far about are about a delay before login (at least before password input). And they are from prior 2006. So I guess the DNS problem is fixed. (I can't use etc/resolv because I don't have a fixed IP). Next line in log is about a login but no errors anymore. The server I ran before was a 9.3 updated to 10.0 on older hardware and login is defitnly 20 times as fast! Am I the only one? Any ideas? This normally is a problem with dns resolution. The resolv.conf file should be updated automatically updated by dhclient when you get your ip. If it isn't, then something is wrong. - -- Andy Harrison public key: 0x67518262 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: http://firegpg.tuxfamily.org iD8DBQFHLO8WNTm8fWdRgmIRAq6KAKCgYkpAh7G10L3sDHU/QGRLEEZn7gCdGheO ln4BK0G2eHow/6nhjtvLUaU= =k9q1 -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse] ssh can not use dns anymore
Hi, a very weird problem with ssh and dns... Suddenly since Sunday evening my (default) desktop system does not resolve system names (dns) when using ssh. E.g. # ssh [EMAIL PROTECTED] results in (by heart): system name can not be resolved # ping domain.tld results in an ip address X # ssh [EMAIL PROTECTED] this just works When I use: # ssh [EMAIL PROTECTED] on another desktop system it just works. My default desktop system and this other desktop system use the same /home as the latter is a nfs exported file system. Both are suse-10.2 AFAICS nothing has changed on my default desktop system, no new rpms and the config files in /etc/did not change. Does anyone have an idea what is causing this particular behaviour? -- Richard -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh can not use dns anymore
Op Tuesday 03 July 2007 08:39:22 schreef Richard Bos: a very weird problem with ssh and dns... Suddenly since Sunday evening my (default) desktop system does not resolve system names (dns) when using ssh. Forget about this weird problem. It has been solved the same way that it started: all by itself ... -- Richard Bos Without a home the journey is endless -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Rkhunter
On Friday 29 June 2007, Susemail wrote: Is this a more or less general rule for comments in config files? Its quite common in the Linux world. Dozens of packages use this method. -- _ John Andersen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Rkhunter
On Thursday 28 June 2007 16:14:54 John Andersen wrote: On Thursday 28 June 2007, Bob S wrote: John, That line is commented out in my sshd_config file. Yes, lines that are set to the default are commented out. Uncomment it and set it to Protocol 2 Yes, lines that are set to the default are commented out. Why? Jerome -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Rkhunter
On Fri, Jun 29, 2007 at 07:42:30AM -1000, Susemail wrote: On Thursday 28 June 2007 16:14:54 John Andersen wrote: On Thursday 28 June 2007, Bob S wrote: John, That line is commented out in my sshd_config file. Yes, lines that are set to the default are commented out. Uncomment it and set it to Protocol 2 Yes, lines that are set to the default are commented out. Why? To give an example. The default in 10.2 is Protocol 2. Ciao, Marcus -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Rkhunter
On Friday 29 June 2007 19:42:30 Susemail wrote: On Thursday 28 June 2007 16:14:54 John Andersen wrote: On Thursday 28 June 2007, Bob S wrote: John, That line is commented out in my sshd_config file. Yes, lines that are set to the default are commented out. Uncomment it and set it to Protocol 2 Yes, lines that are set to the default are commented out. Why? To emphasize what the default is. This way you can quickly easily see what the default is. If it wasn't there, you'd have to look it up in some reference manual -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Rkhunter
On Friday 29 June 2007, Susemail wrote: On Thursday 28 June 2007 16:14:54 John Andersen wrote: On Thursday 28 June 2007, Bob S wrote: John, That line is commented out in my sshd_config file. Yes, lines that are set to the default are commented out. Uncomment it and set it to Protocol 2 Yes, lines that are set to the default are commented out. Why? Jerome Because that's the way its done. The defaults that the developers chose are shown in the default setup but commented out. This is so that people can see the format for specifying these defaults. Ask the developers why they chose to do it this way. With No parameters sshd runs using that are generally regarded as safe (hence the silliness of HKHunter reporting vulnerabilities). -- _ John Andersen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Rkhunter
On Friday 29 June 2007 08:23:56 Anders Johansson wrote: On Friday 29 June 2007 19:42:30 Susemail wrote: On Thursday 28 June 2007 16:14:54 John Andersen wrote: On Thursday 28 June 2007, Bob S wrote: John, That line is commented out in my sshd_config file. Yes, lines that are set to the default are commented out. Uncomment it and set it to Protocol 2 Yes, lines that are set to the default are commented out. Why? To emphasize what the default is. This way you can quickly easily see what the default is. If it wasn't there, you'd have to look it up in some reference manual Thank you Anders, I opened the file and it's obvious what you mean. Is this a more or less general rule for comments in config files? Jerome -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Rkhunter
On Wednesday 27 June 2007, Bob S wrote: Hello SuSE people, I keep getting messages everyday from rkhunter about possible root login because SSH V1 is running. I shouldn't need SSH because this is a stand-alone PC, right? So how do I disable it? Found something in the Yast /etc/Sysconfig editor but have no idea what the option should be Running 10.2 64 bit. Bob S. Shutting down sshd is not wise. There are many times where I have had to ssh into a stand alone machine. You should look into /etc/ssh/sshd_config and change the line that says Protocol 1,2 to just Protocol 2 However, running any modern version of ssh version 1 does not expose one to root logins as all known bugs have been patched. Seriously, rkhunter raises so many red herrings as to be useless in my opinion. -- _ John Andersen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Rkhunter
On Thursday 28 June 2007 05:16:44 John Andersen wrote: On Wednesday 27 June 2007, Bob S wrote: Hello SuSE people, I keep getting messages everyday from rkhunter about possible root login because SSH V1 is running. I shouldn't need SSH because this is a stand-alone PC, right? So how do I disable it? Found something in the Yast /etc/Sysconfig editor but have no idea what the option should be Running 10.2 64 bit. Bob S. Shutting down sshd is not wise. There are many times where I have had to ssh into a stand alone machine. You should look into /etc/ssh/sshd_config and change the line that says Protocol 1,2 to just Protocol 2 However, running any modern version of ssh version 1 does not expose one to root logins as all known bugs have been patched. Seriously, rkhunter raises so many red herrings as to be useless in my opinion. Thanks Sean John. Bob S -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Rkhunter
On Thursday 28 June 2007 05:16:44 John Andersen wrote: On Wednesday 27 June 2007, Bob S wrote: Hello SuSE people, I keep getting messages everyday from rkhunter about possible root login because SSH V1 is running. I shouldn't need SSH because this is a stand-alone PC, right? So how do I disable it? Found something in the Yast /etc/Sysconfig editor but have no idea what the option should be Running 10.2 64 bit. Bob S. Shutting down sshd is not wise. There are many times where I have had to ssh into a stand alone machine. You should look into /etc/ssh/sshd_config and change the line that says Protocol 1,2 to just Protocol 2 John, That line is commented out in my sshd_config file. However, running any modern version of ssh version 1 does not expose one to root logins as all known bugs have been patched. Seriously, rkhunter raises so many red herrings as to be useless in my opinion. Very possible. Can't dispute you. Just want toget rid of that pita message. Bob S -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Rkhunter
On Thursday 28 June 2007, Bob S wrote: John, That line is commented out in my sshd_config file. Yes, lines that are set to the default are commented out. Uncomment it and set it to Protocol 2 -- _ John Andersen pgpUHVGY5ELVb.pgp Description: PGP signature
[opensuse] SSH Rkhunter
Hello SuSE people, I keep getting messages everyday from rkhunter about possible root login because SSH V1 is running. I shouldn't need SSH because this is a stand-alone PC, right? So how do I disable it? Found something in the Yast /etc/Sysconfig editor but have no idea what the option should be Running 10.2 64 bit. Bob S. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Rkhunter
Hi Bob, On the command line as root: chkconfig -d sshd or in YaST System | System Services -- find sshd and turn off Regards Sean Bob S wrote: Hello SuSE people, I keep getting messages everyday from rkhunter about possible root login because SSH V1 is running. I shouldn't need SSH because this is a stand-alone PC, right? So how do I disable it? Found something in the Yast /etc/Sysconfig editor but have no idea what the option should be Running 10.2 64 bit. Bob S. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Login Message
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2007-05-22 at 16:29 -0400, Bob wrote: I actually systems. The test one that I configure for LDAP a few months ago doesn't do this. It is the production one that does now so I can compared config files between the 2 systems. The syslog config on both systems are the same. I'm having a similar problem now: http://lists.opensuse.org/opensuse/2007-05/msg02814.html Please add yourself to the bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=279904 - -- Cheers, Carlos E. R. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGX+/wtTMYHG2NR9URAvQRAJ4sIVMaKX3+dyeQmnwi4LaWFhmB/ACfaUp6 +IJ21Bl6M8Tf44PjJSt3wKc= =9HD/ -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse] SSH Login Message
Does anyone know how to stop this message from being displayed when someone logs in using SSH sshd[26987]: pam_unix2: session started for user , service sshd -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ***SPAM*** [opensuse] SSH Login Message
On Tue, 2007-05-22 at 13:55 -0400, Bob wrote: Does anyone know how to stop this message from being displayed when someone logs in using SSH sshd[26987]: pam_unix2: session started for user , service sshd No, and why would you want to unless you were breaking into the system? -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ***SPAM*** [opensuse] SSH Login Message
Because it is displayed to the console as well as the syslog and we are using an IBM product called Toolkit and when that product tries to connect and run scripts on the linux machine, it destroys products display screen ad makes it impossible to read. Somehow this message to the console got turned on when I configured LDAP but I don't know how. Kenneth Schneider wrote: On Tue, 2007-05-22 at 13:55 -0400, Bob wrote: Does anyone know how to stop this message from being displayed when someone logs in using SSH sshd[26987]: pam_unix2: session started for user , service sshd No, and why would you want to unless you were breaking into the system? -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ***SPAM*** Re: ***SPAM*** [opensuse] SSH Login Message
On Tue, 2007-05-22 at 15:00 -0400, Bob wrote: Because it is displayed to the console as well as the syslog and we are using an IBM product called Toolkit and when that product tries to connect and run scripts on the linux machine, it destroys products display screen ad makes it impossible to read. Somehow this message to the console got turned on when I configured LDAP but I don't know how. Ah... the crystal ball lights up dimly, I see now that you did something with LDAP and this started. Maybe now some of the other folks can come up with an answer for you. Perhaps something in the syslog config or maybe you have tty10 being displayed instead of tty1 (which should not show any log activities like they do in tty10). -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Login Message
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2007-05-22 at 15:21 -0400, Kenneth Schneider wrote: On Tue, 2007-05-22 at 15:00 -0400, Bob wrote: Because it is displayed to the console as well as the syslog and we are using an IBM product called Toolkit and when that product tries to connect and run scripts on the linux machine, it destroys products display screen ad makes it impossible to read. Somehow this message to the console got turned on when I configured LDAP but I don't know how. Ah... the crystal ball lights up dimly, I see now that you did something with LDAP and this started. Maybe now some of the other folks can come up with an answer for you. Perhaps something in the syslog config or maybe you have tty10 being displayed instead of tty1 (which should not show any log activities like they do in tty10). Something similar happened to me with 7.3 when I wanted to dump some messages to tty11: some of them came in the rest of the consoles too. The place to look is the syslog config (to undo the change), but I never discovered why they went to the incorrect ttys. - -- Cheers, Carlos E. R. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGU1DUtTMYHG2NR9URAtGVAJ0bGJ1TzdzENt5Yt3okjukLW66k/ACggo90 wKeLGajxgJTO1dTLim5/b5A= =dtOv -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH Login Message
I actually systems. The test one that I configure for LDAP a few months ago doesn't do this. It is the production one that does now so I can compared config files between the 2 systems. The syslog config on both systems are the same. Carlos E. R. wrote: Something similar happened to me with 7.3 when I wanted to dump some messages to tty11: some of them came in the rest of the consoles too. The place to look is the syslog config (to undo the change), but I never discovered why they went to the incorrect ttys. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH tunnels without a real shell ?
On Thu, May 03, 2007 at 03:39:12PM -0700, Seth Arnold wrote: On Thu, May 03, 2007 at 11:11:12PM +0200, Andreas wrote: is there a way to get expernal people to establish a SSH tunnel to one firewalled internal port without them getting a real shell to snoop around? I'd like to let some externals use our database server that sits behind a port filter. There is only the ssh port to come in. Up until now there was only me and I trust me enough to grant me a shell. ;-) I've got SUSE 9.3 on our server and the clients would be all kinds of Windows. Hrm. Forget AppArmor then, it didn't ship in 9.3. (Or, consider upgrading the machine to a newer release -- 9.3 will be leaving maintenance soon.) Also, if you're willing to upgrade to 10.2, openssh 4.4 includes the new server config option ForceCommand. From the sshd_config(5) man page: ForceCommand Forces the execution of the command specified by ForceCommand, ignoring any command supplied by the client. The command is invoked by using the user's login shell with the -c option. This applies to shell, command, or subsystem execution. It is most useful inside a Match block. The command originally supplied by the client is available in the SSH_ORIGINAL_COMMAND environment variable. You could then add something like the following to /etc/ssh/sshd_config Match group dbusers ForceCommand sleep 180 (assuming you've added all the users you want to allow access to the database to the dbusers group.) This will cause the command sleep 180 to run on behalf of the connecting user, regardless of what command they request. You could also make a shell script which invokes sleep and then provide an AppArmor profile for the shell script to make the enforcement stronger. You'd also want to make sure sshd is not configured to honor environment variables (for those users at a minimum). You may also wish to look into the PermitOpen keyword (also new in openssh 4.4), which would allow you to restrict which hosts+ports your users are allowed to create a tunnel to, preventing them from opening tunnels to anywhere else behind your port filter. -- Steve Beattie SUSE Labs, Novell Inc. [EMAIL PROTECTED] http://NxNW.org/~steve/ pgpfC9OCNQVMA.pgp Description: PGP signature
Re: [opensuse] SSH tunnels without a real shell ?
On Thursday 03 May 2007 23:11, Andreas wrote: Hi, is there a way to get expernal people to establish a SSH tunnel to one firewalled internal port without them getting a real shell to snoop around? If you mean that the users should be able to login but not do anything on the system just give them a non-interactive shell. The first that comes to my mind is to give them /usr/bin/sum as shell. Don't know if this is the best solution but a quick and easy one. Ciao, Daniel -- J. Daniel Schmidt [EMAIL PROTECTED] SUSE Linux Products GmbH Research Development Maxfeldstr. 5 GF: Markus Rex, HRB 16746 (AG Nürnberg) D-90409 Nürnberg -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse] SSH tunnels without a real shell ?
Hi, is there a way to get expernal people to establish a SSH tunnel to one firewalled internal port without them getting a real shell to snoop around? I'd like to let some externals use our database server that sits behind a port filter. There is only the ssh port to come in. Up until now there was only me and I trust me enough to grant me a shell. ;-) Are there reasonably simple alternatives to do this without SSH? I've got SUSE 9.3 on our server and the clients would be all kinds of Windows. Our Internet connection has no fixed IP but this would be manageable with a dynamic dns service, I suppose. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH tunnels without a real shell ?
On Thu, May 03, 2007 at 11:11:12PM +0200, Andreas wrote: is there a way to get expernal people to establish a SSH tunnel to one firewalled internal port without them getting a real shell to snoop around? I'd like to let some externals use our database server that sits behind a port filter. There is only the ssh port to come in. Up until now there was only me and I trust me enough to grant me a shell. ;-) You could use AppArmor to confine your users to a restricted shell -- enough to let them login, but do nothing else once they are authenticated. The pam_apparmor PAM module can help significantly -- put all your untrusted users in a single group, and then give that group very restricted privileges in AppArmor's sshd policy. Are there reasonably simple alternatives to do this without SSH? stunnel can let you tunnel connections over SSL. Needs to be done on both endpoints of course, and I'm not sure about windows builds of stunnel, but it should be feasible. I've got SUSE 9.3 on our server and the clients would be all kinds of Windows. Hrm. Forget AppArmor then, it didn't ship in 9.3. (Or, consider upgrading the machine to a newer release -- 9.3 will be leaving maintenance soon.) Hope this helps pgpRCzkmzHAk8.pgp Description: PGP signature
Re: [opensuse] SSH tunnels without a real shell ?
On Thursday 03 May 2007, Andreas wrote: Hi, is there a way to get expernal people to establish a SSH tunnel to one firewalled internal port without them getting a real shell to snoop around? Yes, you can run any program you want thru the ssh tunnel. man ssh Where in it states: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D port] [-e escape_char] [-F configfile] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-R [bind_address:]port:host:hostport] [-S ctl_path] [EMAIL PROTECTED] - [command] That command bit is what you want. -- _ John Andersen pgp4FzfUYqU1s.pgp Description: PGP signature
Re: [opensuse] SSH session not terminated when rebooting machine + startup question
Carlos E. R. wrote: The original poster did not say that the shutdown command is issued from the ssh session. That's an assumption made later by Harris. That's right, ssh session is not terminated in any case - I can submit reboot from other session or locally, nothing matters. Look: open a terminal in you computer, and do ssh localhost. Then, shut down the sshd daemon. I just did, and the client ssh is still running and working! In fact, doing a ps afx shows that the sshd daemon did not die: 16412 ?Ss 0:00 sshd: cer [priv] 16414 ?S 0:00 \_ sshd: [EMAIL PROTECTED]/31 16415 pts/31 Ss+0:00 \_ -bash And the log shows: Apr 19 23:18:07 nimrodel sshd[16409]: Server listening on :: port 22. Apr 19 23:18:19 nimrodel sshd[16412]: Accepted publickey for cer from 127.0.0.1 port 23422 ssh2 Apr 19 23:18:29 nimrodel sshd[16409]: Received signal 15; terminating. but it hasn't terminated. During halt it will be forcibly killed later on the sequence. I killed it via killall sshd and then the client died. I'm not going to shutdown my computer to check, but as I recollect, I have seen client sessions not dying. Well, my experience is when you work on remote machine using ssh and restart sshd daemon (sshd gets killed for sure), no ssh session is terminated and you can work almost without interruption. Obviously, Suse behaves exactly the same way when rebooting. BUT every other distro I ever used extensively (Debian, RH, Fedora) terminated ssh sessions correctly upon reboot. Oh and I see that I forgot my second question before. It's related to shutdown rather that to startup though. I use OpenSuse 10.X with /home on NFS (not sure if it's significant...). The problem is that sometimes reboot or shutdown doesn't proceed and halts. Last message written on the console is Sending processes the KILL signal. System is not dead (NumLock responding), but doesn't proceed with shutdown/reboot further. This happens everytime (or almost everytime) I try to shutdown/reboot from KDE or GDM or using reboot command. On the contrary, shutdown/reboot succeeds everytime when a) pressing Power button and letting ACPI do the trick or b) going to the console (real text console - Ctrl+Alt+F1...) and hitting Ctrl+Alt+Delete... I experienced such behaviour with all OpenSuse 10.x versions, on different machines, both i386 and x86_64 platforms. Thanks for suggestions. Petr -- Petr Tosuja Klíma Mail: [EMAIL PROTECTED] Web: www.tosuja.info ICQ: 52057532 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH session not terminated when rebooting machine + startup question
Petr Klíma wrote: Carlos E. R. wrote: The original poster did not say that the shutdown command is issued from the ssh session. That's an assumption made later by Harris. That's right, ssh session is not terminated in any case - I can submit reboot from other session or locally, nothing matters. Look: open a terminal in you computer, and do ssh localhost. Then, shut [snip] Well, my experience is when you work on remote machine using ssh and restart sshd daemon (sshd gets killed for sure), no ssh session is terminated and you can work almost without interruption. Obviously, Suse behaves exactly the same way when rebooting. BUT every other distro I ever used extensively (Debian, RH, Fedora) terminated ssh sessions correctly upon reboot. This is not my experience at all, in fact quite the opposite. On RHEL 2.1 and 3.0 I have used this feature to do updates to sshd_config and the sshd binary itself. Restarting the process and being able to verify the configuration is working as expected without getting cut off with your original session was a good thing in that case. Having several dozen machines and having to connect to the console remotely (through the RIB or RSA) can be a pain in the butt. Yes, of course you could just setup your own daemon running on a different port and do the work from there, but since this feature existed it was nice to use. Michael -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse] SSH session not terminated when rebooting machine + startup question
Hi, with OpenSuse 10.2 (but the same misfeature is present in an old 8.2) I've got this annoying behaviour: Let's login using SSH from computer Anna to computer Boris. Restart Boris. SSH session on Anna is not correctly terminated and hangs on until I kill that specific ssh process. I haven't investigated it in depth, but I suspect init scripts, more specifically ssh server being shut down after bringing down network interfaces. Does anoyone else suffer from the same feature? Is it worth submitting as a bug? Regards, Tosuja -- Petr Tosuja Klíma Mail: [EMAIL PROTECTED] Web: www.tosuja.info ICQ: 52057532 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH session not terminated when rebooting machine + startup question
On Thursday 19 April 2007, Petr Klíma wrote: I haven't investigated it in depth, but I suspect init scripts, more specifically ssh server being shut down after bringing down network interfaces. Does anoyone else suffer from the same feature? Is it worth submitting as a bug? The ssh server in Anna is not involved in an ssh session initiated from anna to boris. Its just a command line program. But to answer your question, yes I see this occasionally, and I learn to close the window immediately after i tell boris to reboot. Its a tcp thing I think. Anna is still believing there is a chance boris will come back, but he's run off somewhere. -- _ John Andersen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH session not terminated when rebooting machine + startup question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Thursday 2007-04-19 at 11:05 +0200, Petr Klíma wrote: with OpenSuse 10.2 (but the same misfeature is present in an old 8.2) I've got this annoying behaviour: Let's login using SSH from computer Anna to computer Boris. Restart Boris. SSH session on Anna is not correctly terminated and hangs on until I kill that specific ssh process. I think that if you leave it on for suficient time it finally gives up (timeout somewhere) and closes. I haven't investigated it in depth, but I suspect init scripts, more specifically ssh server being shut down after bringing down network interfaces. No, not so. In my system: /etc/init.d/rc3.d/K17sshd /etc/init.d/rc3.d/K21network ie, the sshd daemon goe down first. Does anoyone else suffer from the same feature? Is it worth submitting as a bug? Yes, I have seen it before. Maybe it is a feature. Maybe we have to modify something so taht the server inform the client that he is going down. Dunno. I'd have to read the manual again, but I have a slight headache... - -- Cheers, Carlos E. R. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGJ7xftTMYHG2NR9URAo7nAKCPxMlRYQDqCIKVrmz9M7vw+UpPJACeOdRn fwBRNlyml79/buqRuhm028A= =AA3V -END PGP SIGNATURE-
Re: [opensuse] SSH session not terminated when rebooting machine + startup question
On Thursday 19 April 2007 04:05, Petr Klíma wrote: Let's login using SSH from computer Anna to computer Boris. Restart Boris. SSH session on Anna is not correctly terminated and hangs on until I kill that specific ssh process. Its pretty normal, actually. ... what you want to do is to ssh to Boris and reboot the guy with this: su - -c shutdown -r +1 Change the +1 to anything you want... in minutes. This gives you a little more time to type exit and get back to Anna before Boris goes down. If you are quick enough you can use: su - -c shutdown -r now ... but, you must type exit immediately after you see the shutting down message... or it will hang there for a long long long time. Eventually it will give up though and go away. I think its really a tcp/ip thing. :} -- Kind regards, M Harris -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH session not terminated when rebooting machine + startup question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Thursday 2007-04-19 at 14:27 -0500, M Harris wrote: Its pretty normal, actually. ... what you want to do is to ssh to Boris and reboot the guy with this: su - -c shutdown -r +1 It happens regardless of how you shutdown Boris; it might be some one else who is closing Boris. message... or it will hang there for a long long long time. Eventually it will give up though and go away. I think its really a tcp/ip thing. :} The problem is, that although the sshd daemon knows it is going down, and it knows perfectly well who is connected, it doesn't disconnect the clients before going down. It shouldn't be the responsibility of the user to detect that the server is going down and disconnect. Computers are made to automate things. So, unless there is an option in the sshd configuration to change this behavior, it is a bug or misfeature. - -- Cheers, Carlos E. R. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGJ8xZtTMYHG2NR9URAn4JAJ9fu4liPUrkzdGn+ZGXeEQQYU7hvQCfdXpW zXwrE1nKroXnqz4F2A1RJUY= =YKaO -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH session not terminated when rebooting machine + startup question
Hi all, Isn't this whole issue related to the fact that when a process is still active in that ssh session (namely: the reboot command), the session 'hangs' when closing..? This is normal, isn't it? Like this: sleep 10 exit hangs the ssh session, it doesn't resturn the prompt. Whereas sleep 10 /dev/null /dev/null 21 DOES work, does return the prompt.* * mourik jan* * -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH session not terminated when rebooting machine + startup question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Thursday 2007-04-19 at 22:19 +0200, mourik jan heupink wrote: Isn't this whole issue related to the fact that when a process is still active in that ssh session (namely: the reboot command), the session 'hangs' when closing..? This is normal, isn't it? The original poster did not say that the shutdown command is issued from the ssh session. That's an assumption made later by Harris. Look: open a terminal in you computer, and do ssh localhost. Then, shut down the sshd daemon. I just did, and the client ssh is still running and working! In fact, doing a ps afx shows that the sshd daemon did not die: 16412 ?Ss 0:00 sshd: cer [priv] 16414 ?S 0:00 \_ sshd: [EMAIL PROTECTED]/31 16415 pts/31 Ss+0:00 \_ -bash And the log shows: Apr 19 23:18:07 nimrodel sshd[16409]: Server listening on :: port 22. Apr 19 23:18:19 nimrodel sshd[16412]: Accepted publickey for cer from 127.0.0.1 port 23422 ssh2 Apr 19 23:18:29 nimrodel sshd[16409]: Received signal 15; terminating. but it hasn't terminated. During halt it will be forcibly killed later on the sequence. I killed it via killall sshd and then the client died. I'm not going to shutdown my computer to check, but as I recollect, I have seen client sessions not dying. - -- Cheers, Carlos E. R. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGJ+AAtTMYHG2NR9URApyIAJ9N+ND7sGiGK33RlNr1uZ9QajNb3wCfUJee c/c1pu5aH/2IoMr6a1xxK48= =aXVm -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH session not terminated when rebooting machine + startup question
The original poster did not say that the shutdown command is issued from the ssh session. That's an assumption made later by Harris. Right... I got on too late. Anyway, thanks for explaining the real problem. regards, mj -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh
Hey, In the file: /etc/ssh/sshd_config you can change the line with #PermitRootLogin yes into PermitRootLogin without-pasword This retrict you either to do a su - from a nonpriviliged user, or use a key-pair. Works like a charm! But how can i tweak this value in xml for autoyast? One idea is to use a post-install section /1/ with a script to do this (e.g. via perl's in place edit). /1/ http://www.suse.com/~ug/autoyast_doc/createprofile.scripts.html#post-insall.scripts Greetings, -- Patrick Kirsch - Quality Assurance Department SUSE Linux Products GmbH GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse] ssh
Hi! In the file: /etc/ssh/sshd_config you can change the line with #PermitRootLogin yes into PermitRootLogin without-pasword This retrict you either to do a su - from a nonpriviliged user, or use a key-pair. Works like a charm! But how can i tweak this value in xml for autoyast? Kind regards, hans -- pgp-id: 926EBB12#PermitRootLogin yes pgp-fingerprint: BE97 1CBF FAC4 236C 4A73 F76E EDFC D032 926E BB12 Registered linux user: 75761 (http://counter.li.org) -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse] SSH(d) as SOCKS proxy (ssh -D) - Dynamically forwarding ports
Hi, I've read up on some articles explaining some more delicate features of SSH. There is a switch (namely -D), which apparently would cause SSH to work as a SOCKS protocol proxy, by dynamically forwarding ports when requested. However, I am unable to get this to work, between 2 SUSE 10.0 boxes. Ssh always reports bind: address already in use, no matter which port I decide to try (yes they are really unused). e.g.: ssh 10.0.0.2 -D 15081 bind: Address already in use This happens both as user, and root. Someone suggested setting AllowTcpForwarding yes in /etc/ssh/sshd_config, then restart sshd. No luck. SUSE LINUX 10.0 (i586) OSS VERSION = 10.0 openssh-4.1p1-10.13 Best regards Sylvester -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] SSH(d) as SOCKS proxy (ssh -D) - Dynamically forwarding ports
Try using: SSHD_OPTS=-4 This should make ssh use ipv4 and disable ipv6 , which should solve the bind: address already in use error On 3/12/07, Sylvester Lykkehus [EMAIL PROTECTED] wrote: Hi, I've read up on some articles explaining some more delicate features of SSH. There is a switch (namely -D), which apparently would cause SSH to work as a SOCKS protocol proxy, by dynamically forwarding ports when requested. However, I am unable to get this to work, between 2 SUSE 10.0 boxes. Ssh always reports bind: address already in use, no matter which port I decide to try (yes they are really unused). e.g.: ssh 10.0.0.2 -D 15081 bind: Address already in use This happens both as user, and root. Someone suggested setting AllowTcpForwarding yes in /etc/ssh/sshd_config, then restart sshd. No luck. SUSE LINUX 10.0 (i586) OSS VERSION = 10.0 openssh-4.1p1-10.13 Best regards Sylvester -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh problem from remote LAN
From: Carl Hartung [EMAIL PROTECTED] On Tue January 30 2007 13:28, James D. Parra wrote: Hello, Set up a SLES 10 server and although I can ssh to it from any box on the local LAN I can't get to it from a remote LAN even though I can ssh to any other box on the local LAN via ssh. snip Hi James, After mulling your post over since yesterday, the thought occurred to me that you might be troubleshooting the wrong device. Is it possible the router connecting the local LAN to the Internet has previously been configured to enable port-forwarding to the other clients? regards, Carl I thought about that too. But, if the router is providing NAT for the LAN, then it doesn't make sense that it (a simple router) would be able to configure port forwarding of an incoming ssh requrest to multiple clients behing the router. Generally, the router will only port forward requests to a single machine on the LAN side. My question would be how is the router configured and how is James ssh'ing to the other machines on the LAN across the router. My initial thoughts on the problem were a misconfigured /etc/ssh/sshd_conf; a non-running sshd on the SLES machine; or a problem with the /etc/hosts.allow or /etc/hosts.deny setup. HTH. -- David C. Rankin, J.D., P.E. 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [opensuse] ssh problem from remote LAN
On Tuesday 30 January 2007, James D. Parra wrote: Hello, Set up a SLES 10 server and although I can ssh to it from any box on the local LAN I can't get to it from a remote LAN even though I can ssh to any other box on the local LAN via ssh. All of the other servers are running Suse 9.1 to Suse 10, while the one I can't connect to remotely is running SLES 10. The sshd_config is identical to the other servers and the firewall is off. Nmap results show that the ssh port on the SLES 10 server is appearing as filtered from the remote network and open from the local LAN. Only the SLES 10 box has this behavior. Any ideas? Since you seem to be connecting to the same port (192.168.0.6) regardless of where you attempt to connect FROM, I can only assume the machine has only a single nic, Is that right? Therefore, a connection to that nic from a local machine is going to the same port as a connection from another lan. It seems to me that the firewall is not really off, or that there is a subnetting mask error such that packets can't get back from 192.168.0.6. That seems right to me and, yes, there is only one nic in the server. Any ideas on how to fix it? Where is the conf file (if there is one on SLES 10) for the Firewall settings? When viewing the logs on the host server, it doesn't record ssh login attempts from the remote LAN. From the remote ssh client, ssh just times out. I can ping the host from the remote LAN, but remote ssh packets aren't arriving at the host, or so it appears. Many thanks, ~James -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh problem from remote LAN
On Tue January 30 2007 13:28, James D. Parra wrote: Hello, Set up a SLES 10 server and although I can ssh to it from any box on the local LAN I can't get to it from a remote LAN even though I can ssh to any other box on the local LAN via ssh. snip Hi James, After mulling your post over since yesterday, the thought occurred to me that you might be troubleshooting the wrong device. Is it possible the router connecting the local LAN to the Internet has previously been configured to enable port-forwarding to the other clients? regards, Carl -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse] ssh problem from remote LAN
Hello, Set up a SLES 10 server and although I can ssh to it from any box on the local LAN I can't get to it from a remote LAN even though I can ssh to any other box on the local LAN via ssh. All of the other servers are running Suse 9.1 to Suse 10, while the one I can't connect to remotely is running SLES 10. The sshd_config is identical to the other servers and the firewall is off. Nmap results show that the ssh port on the SLES 10 server is appearing as filtered from the remote network and open from the local LAN. Only the SLES 10 box has this behavior. Any ideas? ~~~ Local LAN - 192.168.0.0 to SLES 10 server on 192.168.0.0 ~~~ Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2007-01-30 10:04 PST Interesting ports on 192.168.0.6: (The 1656 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcpopen ssh 111/tcp open rpcbind 389/tcp open ldap 427/tcp open svrloc 631/tcp open ipp 888/tcp open accessbuilder 1/tcp open snet-sensor-mgmt ~~~ Remote LAN - 192.168.1.0 to SLES 10 server on 192.168.0.0 ~~~ Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on (192.168.0.6): (The 1594 ports scanned but not shown below are in state: closed) Port State Service 22/tcp filteredssh 111/tcpopensunrpc 389/tcpopenldap 427/tcpopensvrloc 631/tcpopenipp 888/tcpopenaccessbuilder 1/tcp opensnet-sensor-mgmt ~~~ Remote LAN - 192.168.1.0 to Suse 10 server on LAN 192.168.0.0 ~~~ Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on (192.168.0.44): (The 1593 ports scanned but not shown below are in state: closed) Port State Service 22/tcp openssh 111/tcpopensunrpc 139/tcpopennetbios-ssn 445/tcpopenmicrosoft-ds 631/tcpopenipp 888/tcpopenaccessbuilder 5432/tcp openpostgres 1/tcp opensnet-sensor-mgmt Thank you in advance, James -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh problem from remote LAN
On Tuesday 30 January 2007, James D. Parra wrote: Hello, Set up a SLES 10 server and although I can ssh to it from any box on the local LAN I can't get to it from a remote LAN even though I can ssh to any other box on the local LAN via ssh. All of the other servers are running Suse 9.1 to Suse 10, while the one I can't connect to remotely is running SLES 10. The sshd_config is identical to the other servers and the firewall is off. Nmap results show that the ssh port on the SLES 10 server is appearing as filtered from the remote network and open from the local LAN. Only the SLES 10 box has this behavior. Any ideas? Since you seem to be connecting to the same port (192.168.0.6) regardless of where you attempt to connect FROM, I can only assume the machine has only a single nic, Is that right? Therefore, a connection to that nic from a local machine is going to the same port as a connection from another lan. It seems to me that the firewall is not really off, or that there is a subnetting mask error such that packets can't get back from 192.168.0.6. -- _ John Andersen pgpUZHqPGShg4.pgp Description: PGP signature
Re: [opensuse] ssh weirdness - ssh connects then hangs after transferring a few bytes
On Monday 22 January 2007 08:37, Christopher Townson wrote: Hi, Has anyone else out there encountered problems with OpenSSH in opensuse 10.2? I'm having a weird problem connecting to certain servers: ssh connects absolutely fine, but attempting to run any commands once connected causes the session to hang. My investigations so far would seem to indicate that the session hang occurs when more than n bytes are transferred (not sure how many bytes, but a very small number) For example: ssh [EMAIL PROTECTED] - connects ls /directory/with/very/few/files - works ls /usr/bin - causes session to hang (or anything that might require transfer of more than a few bytes) Hi Chris Do you get any useful info by forcing verbose output from ssh? Doing 'ssh -vvv [EMAIL PROTECTED]' _might_ give some clues. Good luck Pete -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh weirdness - ssh connects then hangs after transferring a few bytes
On Jan 22 2007 08:37, Christopher Townson wrote: Has anyone else out there encountered problems with OpenSSH in opensuse 10.2? I'm having a weird problem connecting to certain servers: ssh connects absolutely fine, but attempting to run any commands once connected causes the session to hang. My investigations so far would seem to indicate that the session hang occurs when more than n bytes are transferred (not sure how many bytes, but a very small number) Run tcpdump and watch out for spurious RSTs on the ssh connection. Found some? -`J' -- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh to a machine, run bash with some commands, keep bash running?
Hello, Am Freitag, 22. September 2006 20:02 schrieb [EMAIL PROTECTED]: [...] I want somecommand to set up some aliases and stuff like that, [...] The thread had many interesting postings, but: What's wrong with putting somecommand into your ~/.bashrc? Do I think too simple? ;-) Or did I overlook something? Regards, Christian Boltz -- Oder kannst du dir ein AUto vorstellen das erst mit einem Benzinmotor fabriziert wird und dann wenn du es mit Diesel betankst auch noch fährt. *lach* [Thomas Templin in suse-linux] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh to a machine, run bash with some commands, keep bash running?
screen is great for that, but that's not quite what I'm looking for... maybe I phrased my original post badly... My basic problem is that when I run: # bash -c 'command1;command2;command3' bash does those commands, then exits. I want bash to do those commands and not exit, without having to put the commands into a file and use --rcname. On Fri, 22 Sep 2006 20:48:22 +0200, Hans du Plooy [EMAIL PROTECTED] said: On Fri, 2006-09-22 at 14:02 -0400, [EMAIL PROTECTED] wrote: I want to be able to do something like this: [EMAIL PROTECTED] ssh [EMAIL PROTECTED] somecommand Where the end result is that somecommand runs and _I am still logged in to hostB_, running bash as if I had done these commands: Try screen. 1. ssh into host 2. screen -S give_name_to_session 3. run command 4. Ctrl+A D This disconnects you from that session. You can log out, log back in, and type: screen -r name_of_session Type screen -list to list sessions Hans - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh to a machine, run bash with some commands, keep bash running?
On Sun, 2006-09-24 at 09:01 -0400, [EMAIL PROTECTED] wrote: screen is great for that, but that's not quite what I'm looking for... maybe I phrased my original post badly... My basic problem is that when I run: # bash -c 'command1;command2;command3' bash does those commands, then exits. I want bash to do those commands and not exit, without having to put the commands into a file and use --rcname. OK, I misunderstood. Sorry, I can't help you there. Hans - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh to a machine, run bash with some commands, keep bash running?
On Sun, Sep 24, 2006 at 09:01:05AM -0400, [EMAIL PROTECTED] wrote: screen is great for that, but that's not quite what I'm looking for... maybe I phrased my original post badly... My basic problem is that when I run: # bash -c 'command1;command2;command3' bash does those commands, then exits. I want bash to do those commands and not exit, without having to put the commands into a file and use --rcname. The option `-c' is not designed for an interactive bash but for executing the string provided to that option. If there is no command left in the string the short `script' given by the string does exit as usual. As you can see from manual page, the string is like script because if you add a second string after the option -c and its string this is set as positional parameters strarting with `$0': bash -c 'echo $0; echo $@' foo bar Now knowing this you may use something like this bash -c 'echo $0; echo $@; exec -l bash' foo bar ... the option -l makes the second bash a login shell. Werner -- Having a smoking section in a restaurant is like having a peeing section in a swimming pool. -- Edward Burr - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh to a machine, run bash with some commands, keep bash running?
On Friday 22 September 2006 20:02, [EMAIL PROTECTED] wrote: I think I can make it work by putting somecommand into a file named somescript and doing two commands: [EMAIL PROTECTED] scp somescript [EMAIL PROTECTED]: [EMAIL PROTECTED] ssh -t [EMAIL PROTECTED] bash --login --rcfile somescript ... but I haven't tried that, and I'd rather find a way to do it without requiring files, if possible. Anyone have any suggestions on this? One thing that seems to work is ssh -t [EMAIL PROTECTED] foo\;bash by making bash the last command, you will stay logged in - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh to a machine, run bash with some commands, keep bash running?
Hans,
On Sunday 24 September 2006 06:01, [EMAIL PROTECTED] wrote:
screen is great for that, but that's not quite what I'm looking
for... maybe I phrased my original post badly...
My basic problem is that when I run:
# bash -c 'command1;command2;command3'
bash does those commands, then exits. I want bash to do those
commands and not exit, without having to put the commands into a file
and use --rcname.
Look into the nohup and sleep commands along with the shell's
parentheses and process detaching ('') operator and looping
constructs. You should be able to concoct something that does what you
want.
However, I don't know what the virtue of keeping the shell running after
all the commands it initiated are complete. Or is the goal just to hold
open the descriptor, and hence the SSH connection, back to the machine
that initiated the command?
Randall Schulz
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh to a machine, run bash with some commands, keep bash running?
I think the 'keep bash running' was also poor phrasing on my part; I
really meant to have the bash that ran with some commands remain the
single, main logon shell for the ssh session. My original goal was to
be able to run:
# ssh [EMAIL PROTECTED] 'some command'
and end up in bash on otherhost as user, with aliases set and
environment variables set, without having to copy over an rc file.
It looks like this is not possible; I can get ssh to run stuff before
bash, but I can't get bash to set the aliases AND keep running. The
rcfile seems to be the only way to get bash to do something as it starts
up. I think the best I'll be able to do is something like:
# ssh -t [EMAIL PROTECTED] 'scp mainhost:specialrcfile .; bash --login
--rcfile specialrcfile'
.. but I haven't tried that yet.
Thanks to all for your ongoing comments and suggestions.
On Mon, 25 Sep 2006 05:48:49 -0700, Randall R Schulz
[EMAIL PROTECTED] said:
Hans,
On Sunday 24 September 2006 06:01, [EMAIL PROTECTED] wrote:
screen is great for that, but that's not quite what I'm looking
for... maybe I phrased my original post badly...
My basic problem is that when I run:
# bash -c 'command1;command2;command3'
bash does those commands, then exits. I want bash to do those
commands and not exit, without having to put the commands into a file
and use --rcname.
Look into the nohup and sleep commands along with the shell's
parentheses and process detaching ('') operator and looping
constructs. You should be able to concoct something that does what you
want.
However, I don't know what the virtue of keeping the shell running after
all the commands it initiated are complete. Or is the goal just to hold
open the descriptor, and hence the SSH connection, back to the machine
that initiated the command?
Randall Schulz
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh to a machine, run bash with some commands, keep bash running?
[EMAIL PROTECTED] schrieb: I think the 'keep bash running' was also poor phrasing on my part; I really meant to have the bash that ran with some commands remain the single, main logon shell for the ssh session. My original goal was to be able to run: # ssh [EMAIL PROTECTED] 'some command' and end up in bash on otherhost as user, with aliases set and environment variables set, without having to copy over an rc file. It looks like this is not possible; I can get ssh to run stuff before bash, but I can't get bash to set the aliases AND keep running. The rcfile seems to be the only way to get bash to do something as it starts up. I think the best I'll be able to do is something like: # ssh -t [EMAIL PROTECTED] 'scp mainhost:specialrcfile .; bash --login --rcfile specialrcfile' .. but I haven't tried that yet. Thanks to all for your ongoing comments and suggestions. Hi, I don't have the right glue about bash shells, but the last try looks like your specialrcfile will be run twice, wouldn't it ? JBScout - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh to a machine, run bash with some commands, keep bash running?
[EMAIL PROTECTED] schrieb: I think the 'keep bash running' was also poor phrasing on my part; I really meant to have the bash that ran with some commands remain the single, main logon shell for the ssh session. My original goal was to be able to run: # ssh [EMAIL PROTECTED] 'some command' and end up in bash on otherhost as user, with aliases set and environment variables set, without having to copy over an rc file. It looks like this is not possible; I can get ssh to run stuff before bash, but I can't get bash to set the aliases AND keep running. The rcfile seems to be the only way to get bash to do something as it starts up. I think the best I'll be able to do is something like: I suggest you have a look at 'expect' Expect is a tool for automating interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, etc. Expect really makes this stuff trivial. Expect is also useful for testing these same applications. And by adding Tk, you can also wrap interactive applications in X11 GUIs. Expect can make easy all sorts of tasks that are prohibitively difficult with anything else. You will find that Expect is an absolutely invaluable tool - using it, you will be able to automate tasks that you've never even thought of before - and you'll be able to do this automation quickly and easily. http://ftp.cdut.edu.cn/pub/linux/develop/Expect/expect_nist_gov.html You will find it included in the SuSE distribution. -- Regards, Graham Smith - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse] ssh to a machine, run bash with some commands, keep bash running?
I want to be able to do something like this: [EMAIL PROTECTED] ssh [EMAIL PROTECTED] somecommand Where the end result is that somecommand runs and _I am still logged in to hostB_, running bash as if I had done these commands: [EMAIL PROTECTED] ssh [EMAIL PROTECTED] [EMAIL PROTECTED] somecommand [EMAIL PROTECTED] I want somecommand to set up some aliases and stuff like that, but not require any files on hostB. The closest I've been able to come is: [EMAIL PROTECTED] ssh -t [EMAIL PROTECTED] bash --login -c somecommand This connects to hostB, does the standard login stuff, runs the command, and bash exits. If it would do all that but leave bash running, I'd be happy. I think I can make it work by putting somecommand into a file named somescript and doing two commands: [EMAIL PROTECTED] scp somescript [EMAIL PROTECTED]: [EMAIL PROTECTED] ssh -t [EMAIL PROTECTED] bash --login --rcfile somescript ... but I haven't tried that, and I'd rather find a way to do it without requiring files, if possible. Anyone have any suggestions on this? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh to a machine, run bash with some commands, keep bash running?
On Fri, 2006-09-22 at 14:02 -0400, [EMAIL PROTECTED] wrote: I want to be able to do something like this: [EMAIL PROTECTED] ssh [EMAIL PROTECTED] somecommand Where the end result is that somecommand runs and _I am still logged in to hostB_, running bash as if I had done these commands: Try screen. 1. ssh into host 2. screen -S give_name_to_session 3. run command 4. Ctrl+A D This disconnects you from that session. You can log out, log back in, and type: screen -r name_of_session Type screen -list to list sessions Hans - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse] ssh
how do you start ssh in suse. sshd is started in system runlevel. Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh
* Marc Benstein [EMAIL PROTECTED] [01-07-06 20:08]:
You can use chkconfig or yast to turn it on and off and set which run
level. Or manually by Usage: /etc/init.d/sshd
{start|stop|status|try-restart|restart|force-reload|reload|probe}
or /usr/sbin/rcsshd
--
Patrick ShanahanRegistered Linux User #207535
http://wahoo.no-ip.org@ http://counter.li.org
HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ssh
On 2006-01-07 20:04:23 -0500, jim tate wrote: how do you start ssh in suse. sshd is started in system runlevel. $ chkconfig sshd sshd off if you get off there as in the example above. $ chkconfig sshd on $ rcsshd start if you still cant ssh into your suse box: $ yast2 firewall there you can open the port for the sshd daemon. hope this helps darix - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
