Re: Unable to ssh nodes with global IP
On 10/25/2011 05:28 AM, Abu Attar Musharih wrote: > Above is another important point. I can not ping the machine. > I am wondering how they do that. What port do they close? > Thanks, > AA Ping uses ICMP packets. I don't think it uses a port; at least, there's no CLI option to change it. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
Am 25.10.2011 14:28, schrieb Abu Attar Musharih: > On Sat, Oct 22, 2011 at 7:12 PM, Andras Simon wrote: > >> Can you ping the machine? If yes, then are there traces in the logs >> that show the connection attempts? (You can make iptables log those.) > > Above is another important point. I can not ping the machine. > I am wondering how they do that. What port do they close? ping has no port nor is it TCP ping is ICMP Type 8 as log you machine does not accept this it can not be pinged so it is not sure if the ISP, some router or the machine himself does not accept ICMP this are the last two lines of all my firewalls the first does accept ping and the second reject all ports not explicitly opened iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT iptables -A INPUT -j REJECT signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Tuesday 25 October 2011 13:28:05 Abu Attar Musharih wrote: > On Sat, Oct 22, 2011 at 7:12 PM, Andras Simon wrote: > > Can you ping the machine? If yes, then are there traces in the logs > > that show the connection attempts? (You can make iptables log those.) > > Above is another important point. I can not ping the machine. > I am wondering how they do that. What port do they close? They filter out ICMP packets in the firewall. See http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol Best, :-) Marko -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Sat, Oct 22, 2011 at 7:12 PM, Andras Simon wrote: > Can you ping the machine? If yes, then are there traces in the logs > that show the connection attempts? (You can make iptables log those.) Above is another important point. I can not ping the machine. I am wondering how they do that. What port do they close? Thanks, AA -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Mon, 2011-10-24 at 18:31 +0200, Reindl Harald wrote: > for portscans allow only 120 connections from the same ip per second > makes it really hard do a full port-scan because it longs forever and > aditionally webservers are proctected against a single dos-attack 120 per second seems overly generous. > try it with "ab -c 20 -n 10 http://yourhost/"; and you will see Hmm, "ab"... Never go past *ix users for coming up with extremely abbreviated commands. > as you see security is never one setting and it is done and obscurity > as additional prevention is good and no overhead if someone knows to > handle his machines Yes/no... It's too easy to think being obscure protects you when it doesn't really. It only slightly shifts the goal posts. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
Am 24.10.2011 18:12, schrieb Tim: > On Sun, 2011-10-23 at 12:12 +0200, Reindl Harald wrote: >> put sshd on port 10022 and all is well >> >> this has the additional benefit to get rid of the most >> idiots trying password-attacks all day long > > Though it won't stop the more determined ones. Like those who scan for > all open ports, and then look at what responses they get to determine > what sort of server is listening. > > If you have a (potentially) vulnerable server exposed, using something > like fail2ban (if I remembered the name correctly) can be a good idea. > It allows a limited number of attempts from an IP, then temporarily > blacklists that IP. A hacker would have to have tremendous luck to > guess a password in only two attempts, for instance. i know this all but it is not in standard-nmap and so you have not the whole day the logfiles full and the overhead for non-standard-port is practically non-existent NOBODY should allow password-login on sshd, never and we do not additionally: iptables -A INPUT -p tcp --sport 1024:65535 -m state --syn --state NEW --dport YOURPORT -m limit --limit 60/minute --limit-burst 20 -j ACCEPT iptables -A INPUT -p tcp -m state --syn --state NEW --dport YOURPORT -j REJECT ___ for portscans allow only 120 connections from the same ip per second makes it really hard do a full port-scan because it longs forever and aditionally webservers are proctected against a single dos-attack try it with "ab -c 20 -n 10 http://yourhost/"; and you will see htop shortly with 100% cpu and falling down to normal values in waves iptables -I INPUT -p tcp -i eth0 -m state --state NEW -m recent --set iptables -I INPUT -p tcp -i eth0 -m state --state NEW -m recent --update --seconds 1 --hitcount 120 -j DROP ___ as you see security is never one setting and it is done and obscurity as additional prevention is good and no overhead if someone knows to handle his machines signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Mon, Oct 24, 2011 at 18:12, Tim wrote: > If you have a (potentially) vulnerable server exposed, using something > like fail2ban (if I remembered the name correctly) can be a good idea. > It allows a limited number of attempts from an IP, then temporarily > blacklists that IP. A hacker would have to have tremendous luck to > guess a password in only two attempts, for instance. An alternative to fail2ban is denyhosts. -- Suvayu Open source is the future. It sets us free. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Sun, 2011-10-23 at 12:12 +0200, Reindl Harald wrote: > put sshd on port 10022 and all is well > > this has the additional benefit to get rid of the most > idiots trying password-attacks all day long Though it won't stop the more determined ones. Like those who scan for all open ports, and then look at what responses they get to determine what sort of server is listening. If you have a (potentially) vulnerable server exposed, using something like fail2ban (if I remembered the name correctly) can be a good idea. It allows a limited number of attempts from an IP, then temporarily blacklists that IP. A hacker would have to have tremendous luck to guess a password in only two attempts, for instance. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
Am 24.10.2011 05:07, schrieb Marko Vojinovic: > On Monday 24 October 2011 03:35:12 Ed Greshko wrote: >> On 10/24/2011 10:18 AM, Marko Vojinovic wrote: >>> P.S. Sorry folks, just couldn't resist... :-D No hard feelings, Ed! :-) >> >> No hard feelings But. >> >> ISP ≠ Employer > > Oh, so if they are paying you, it's unethical to break the firewall, but if > you > are paying them, then it's perfectly ok to do so? if you really still not understand why someone MUST NOT break in through his companies fierwalls you should be fired now and never get a job again whereever this could be a topic signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
Am 23.10.2011 14:10, schrieb suvayu ali:
> I know about ~/.ssh/config and I use it. Logging in to the remote nodes
> is not the issue in my case. I use kerberos to authenticate anyway. The
> issue is when I want to access my machine from those remote nodes, I
> have to copy the section relevant to my machine to the remote nodes.
if you have to maintain many hosts you should invest an hour
for a infrastructure and after that it does not matter if you
have 10, 100 or thousands of hosts where you need the same
file distributed
sorry, but you can tell me what you want - there is no single problem
maintaining thousands of machines with ssh on non-stadnard-port
and if the ISP of the OP is blocking incoming port 22 he has
no other solution - so what baout are we speaking here?
your "nc" will not work for him and your problem maintaining
multiple machines does not affect the whole world because
most does not have so many hosts and the others are knowing
about shell-scripts
___
[root@buildserver:~]$ cat /Volumes/dune/buildserver/server-list.txt
#!/bin/bash
RH_TARGET_SERVERS=()
RH_TARGET_SERVERS[1]="host1"
RH_TARGET_SERVERS[2]="host2"
RH_TARGET_SERVERS[3]="host3"
RH_TARGET_SERVERS[4]="host4"
RH_TARGET_SERVERS[5]="host5"
RH_TARGET_SERVERS[6]="host6"
[root@buildserver:~]$ cat /Volumes/dune/buildserver/distribute-file.sh
#!/bin/bash
source /Volumes/dune/buildserver/server-list.txt
function rh_push_file
{
echo $1
RSYNC_PARAMS='--ipv4 --compress --times --progress --force --links --perms
--owner --group'
/bin/nice /usr/bin/rsync $RSYNC_PARAMS --rsync-path='nice -n 19 rsync' "$2"
"root@$1:$2"
echo ""
}
if [ "$2" == "" ]
then
echo "" > /dev/null
else
echo "Bitte Parameter in Quotes setzen"
exit
fi
for item in ${RH_TARGET_SERVERS[*]}
do
rh_push_file $item "$1"
done
[root@buildserver:~]$ cat /Volumes/dune/buildserver/distribute-command.sh
#!/bin/bash
source /Volumes/dune/buildserver/server-list.txt
function rh_run_command
{
echo $1
ssh root@$1 "$2"
echo ""
}
if [ "$2" == "" ]
then
echo "" > /dev/null
else
echo "Bitte Parameter in Quotes setzen"
exit
fi
echo ""
for item in ${RH_TARGET_SERVERS[*]}
do
rh_run_command $item "$1"
done
signature.asc
Description: OpenPGP digital signature
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On 10/23/2011 06:04 AM, Reindl Harald wrote: > > > Am 23.10.2011 12:58, schrieb suvayu ali: > >> I am no expert, I just said what worked for me in the past. I ssh into >> many systems everyday so changing to non-standard ports is >> inconvenient > > where is there any single problem if you can read manuals? > you have to specify the port only once per client and after > that rsync, ssh, scp and sftp even in konqueror is using this > port > > cat /etc/ssh/ssh_config > Host* > GSSAPIAuthentication no > Compression yes > CompressionLevel9 > Protocol2 > StrictHostKeyChecking ask > > Host yourhost.domain.tld > Port10022 > If the issue is with the ISP blocking 22, then leave SSHD on port 22 and simply map some external port on the WAN router (e.g., 10022) to 22 internally. It makes life a lot easier, because no matter how many machines you have on the internal network, you control it from a single point. -- -- Steve -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
Am 23.10.2011 13:09, schrieb suvayu ali: On Sun, Oct 23, 2011 at 13:04, Reindl Harald wrote: > Am 23.10.2011 12:58, schrieb suvayu ali: > >> I am no expert, I just said what worked for me in the past. I ssh into >> many systems everyday so changing to non-standard ports is >> inconvenient > where is there any single problem if you can read manuals? > you have to specify the port only once per client and after > that rsync, ssh, scp and sftp even in konqueror is using this > port > Please read carefully. I ssh to *multiple* machines. The list of > clients is hundreds, also I don't have the complete list. well i maintain 40 machines, all with non-standard-port and connecting multiple hundret times to omst of them each day /home/username/.ssh/id_rsa is needed on all clients or do you really allow password-login on standard-port and type the password all day long? so there is supported a file called "config" in the same folder > I mostly have to login to a distributed computing resource where the > physical node you is selected dynamically based on availability and > load. So I don't have the complete list of IPs. ip-addresses are not interesting here failovers are working dns-based, so your hostname is the same the ssh-client config is hostname-based signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
Am 23.10.2011 12:58, schrieb suvayu ali: > I am no expert, I just said what worked for me in the past. I ssh into > many systems everyday so changing to non-standard ports is > inconvenient where is there any single problem if you can read manuals? you have to specify the port only once per client and after that rsync, ssh, scp and sftp even in konqueror is using this port cat /etc/ssh/ssh_config Host* GSSAPIAuthentication no Compression yes CompressionLevel9 Protocol2 StrictHostKeyChecking ask Host yourhost.domain.tld Port10022 signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
Am 23.10.2011 12:20, schrieb suvayu ali: On Sun, Oct 23, 2011 at 12:12, Reindl Harald wrote: > mh and hwo do you start "nc" if you can not connect to the machine and > if you drive to the machine doing this manually what after internet > is shortly down - driving all the time around? > I didn't say that machine, I said a machine, as in any other machine not on the same local network. I am assuming if the OP wants to work with grid computing he has access to some other server/desktop/whatever which is connected to the internet. And he doesn't have to drive there, he can always use ssh. The OP never said ssh to some machine outside is not working, so its a fair assumption that he can. well, you can use 20 different machines to achieve a result or simply change a port so it is not blocked by the isp what do you think is smarter? signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
Am 23.10.2011 12:09, schrieb suvayu ali: > Hi Abu Attar, > > On Sun, Oct 23, 2011 at 11:09, Abu Attar Musharih > wrote: >> The customer service said that ssh is not allowed. So, what to do >> then? I badly need a server with global IP for experimenting grid >> computing. > > To be absolutely sure you can try the following. > > 1. confirm your global ip (e.g. here: http://checkip.dyndns.com) > 2. check sshd is running at your end and is using port 22. you can try >ssh-ing to another local user to check easily. > 3. nc -z 22 (from a machine outside your local network) > 4. if this last step shows you that connection is not happening, you >can try looking at your router settings. there should be a way to >port forward your ssh connections to port 22 of the machine you want >to use as a server mh and hwo do you start "nc" if you can not connect to the machine and if you drive to the machine doing this manually what after internet is shortly down - driving all the time around? put sshd on port 10022 and all is well this has the additional benefit to get rid of the most idiots trying password-attacks all day long signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
Am 23.10.2011 11:09, schrieb Abu Attar Musharih: > The customer service said that ssh is not allowed. So, what to do > then? I badly need a server with global IP for experimenting grid > computing [root@srv-rhsoft:~]$ cat /etc/ssh/sshd_config Port 22 Port 10022 Protocol 2 .. if we are spaeking OUTGOING ssh from your home-network is not allowed by your ISP then search a new one because this is unacceptable signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Monday 24 October 2011 12:15:03 Abu Attar Musharih wrote: > I tried INCOMING ssh several times and check file /var/log/secure > No entries related to login attempt found. > Now, it becomes even worse. Yesterday I could do OUTGOING ssh, but not > anymore. The following site is inaccessible > > http://www.yougetsignal.com/tools/open-ports/ > > While using different provider, there is no problem. I think that by now it is obvious that the problem is not with your machine, and that your ISP has closed down the ports. Your choices are probably the following: (1) Talk to your provider and ask them to open all ports to your IP. This is a reasonable request, since you have a public IP number, and should be able to use it however you like (provided that nobody complains about spam or attacks coming from your IP). Note, though, that the ISP may choose to charge you extra money for this. (2) Change the ISP for another that is more forthcoming. (3) Scan your IP from outside for any open ports, pick one and use it for ssh/openvpn/whatever, without discussing it with your ISP. This will work, but may not be considered legal by the ISP. Also, you might have a hard time choosing a port, if only a few of them are open, since you may need them all for their regular job (like ports 80/443 for the web, 25 for e-mail, etc.). YMMV. Best, :-) Marko -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Mon, Oct 24, 2011 at 4:35 PM, suvayu ali wrote: > Can you see entries corresponding to each login attempt in /var/log/secure? I tried INCOMING ssh several times and check file /var/log/secure No entries related to login attempt found. Now, it becomes even worse. Yesterday I could do OUTGOING ssh, but not anymore. The following site is inaccessible http://www.yougetsignal.com/tools/open-ports/ While using different provider, there is no problem. Regards, AA -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Mon, Oct 24, 2011 at 03:48, Abu Attar Musharih wrote: >> 4. if this last step shows you that connection is not happening, you >> can try looking at your router settings. there should be a way to >> port forward your ssh connections to port 22 of the machine you want >> to use as a server. > > The problem is, ssh does not work from another online laptop to to this > machine. > Neither does ping. Can you see entries corresponding to each login attempt in /var/log/secure? -- Suvayu Open source is the future. It sets us free. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Monday 24 October 2011 04:07:35 Marko Vojinovic wrote: > P.S. For the OP: in case you missed that previous thread I reffered to, > here's the link: > >http://lists.fedoraproject.org/pipermail/users/2011-October/406090.html It appears that the thread was lousy threaded, here are the remaining parts: http://lists.fedoraproject.org/pipermail/users/2011-October/406106.html http://lists.fedoraproject.org/pipermail/users/2011-October/406110.html Best, :-) Marko -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Monday 24 October 2011 03:35:12 Ed Greshko wrote: > On 10/24/2011 10:18 AM, Marko Vojinovic wrote: > > P.S. Sorry folks, just couldn't resist... :-D No hard feelings, Ed! :-) > > No hard feelings But. > > ISP ≠ Employer Oh, so if they are paying you, it's unethical to break the firewall, but if you are paying them, then it's perfectly ok to do so? Silly me, how did I forget that people's ethics and rules of behavior depend on the direction of the money flow... ;-) Not to mention that the arguments of security and "rules are there for a reason" work only if you are on the receiving side of that flow... None of this is directed particularly to you Ed, it's just that sometimes I almost enjoy losing an argument in a discussion, just to be able to explore the ultimate level of sanity of the counter-argument. P.S. For the OP: in case you missed that previous thread I reffered to, here's the link: http://lists.fedoraproject.org/pipermail/users/2011-October/406090.html Maybe you'll find some useful advice there, at least practical if not philosophical. ;-) Best, :-) Marko -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Mon, Oct 24, 2011 at 11:18 AM, Marko Vojinovic wrote: >> >> Thus my suggestion to use a port of a well known service that is allowed. > > Oh, be careful Ed, :-) > > I got bashed quite a lot for suggesting a similar thing about openvpn couple > of threads ago... I learned that the proper, politically correct way to answer > this is the following: if the ISP decided to block port 22, they probably did > it for security reasons (and not because someone over there is a moron), and > it's both illegal and unethical to go behind their backs and create a tunnel > through their firewall without their consent. The OP should check his contract > with the ISP, because it might be illegal or against their terms of service to > use ssh on their network. He might get sued and end up in jail, for all we > know. > > You wouldn't want to encourage the OP into such bad behavior by giving out > advice to use an open port outside of its intended purposes, would you now? > :-D > > Oh, btw, as a piece of preemptive advice --- if you reply to this, don't use > any strange words like "legitimate" or similar, 'cause someone might pick up a > dictionary against you... ;-) > > P.S. Sorry folks, just couldn't resist... :-D No hard feelings, Ed! :-) > With the same provider and the same type of service, I used to be able to do INCOMING SHH to the laptop connecting via the service. It seemed they have changed just recently without any clear explanation to the customer. best, AA -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On 10/24/2011 10:18 AM, Marko Vojinovic wrote: > P.S. Sorry folks, just couldn't resist... :-D No hard feelings, Ed! :-) No hard feelings But. ISP ≠ Employer -- Even if you do learn to speak correct English, whom are you going to speak it to? -- Clarence Darrow -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Mon, Oct 24, 2011 at 12:30 AM, Rick Sewill wrote: > Question to the OP please. Are you also behind your own router? > Does it run NAT? If yes, is it configured to forward an ssh connection, > from the Internet, to your local host? No, I am not. I do not have any router. My laptop is connecting via mobile broadband and have a global IP. $ ifconfig ppp0 Link encap:Point-to-Point Protocol inet addr:120.166.xx.xxx P-t-P:10.64.64.64 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:4245 errors:0 dropped:0 overruns:0 frame:0 TX packets:4914 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:1253230 (1.1 MiB) TX bytes:948317 (926.0 KiB) > -deleted- > > How can one tell if one is behind a router that uses NAT? > What is your local host's IP address? > If your host's IP address is in the range, listed by rfc 1918, > http://www.rfc-editor.org/rfc/rfc1918.txt > 192.168.0.0 - 192.168.255.255, 172.16.0.0 - 172.31.255.255, > or 10.0.0.0 - 10.255.255.255, you are behind a router running NAT. If I switch my connection to another provider, so that I have my own router, and the IP of the nodes are no longer global, (IP range 192.168.1. 1 etc), I can ssh between them, as well as to outside. regards, AA -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Monday 24 October 2011 02:18:39 Ed Greshko wrote: > On 10/24/2011 02:04 AM, Joe Zeff wrote: > > On 10/23/2011 02:09 AM, Abu Attar Musharih wrote: > >> The customer service said that ssh is not allowed. So, what to do > >> then? I badly need a server with global IP for experimenting grid > >> computing. > > > > Configure ssh to use a non-standard port such as 6002. > > FWIW If an ISP has gone through the trouble of blocking ports of > well known services chances are they have also blocked incoming SYN > packets on higher ports as well. > > Thus my suggestion to use a port of a well known service that is allowed. Oh, be careful Ed, :-) I got bashed quite a lot for suggesting a similar thing about openvpn couple of threads ago... I learned that the proper, politically correct way to answer this is the following: if the ISP decided to block port 22, they probably did it for security reasons (and not because someone over there is a moron), and it's both illegal and unethical to go behind their backs and create a tunnel through their firewall without their consent. The OP should check his contract with the ISP, because it might be illegal or against their terms of service to use ssh on their network. He might get sued and end up in jail, for all we know. You wouldn't want to encourage the OP into such bad behavior by giving out advice to use an open port outside of its intended purposes, would you now? :-D Oh, btw, as a piece of preemptive advice --- if you reply to this, don't use any strange words like "legitimate" or similar, 'cause someone might pick up a dictionary against you... ;-) P.S. Sorry folks, just couldn't resist... :-D No hard feelings, Ed! :-) Best, :-) Marko -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
> doesn't have to drive there, he can always use ssh. The OP never said > ssh to some machine outside is not working, so its a fair assumption > that he can. Yes, you are absolutely right. ssh to other outsides nodes with global ip works well. Thanks, AA -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Sun, Oct 23, 2011 at 7:09 PM, suvayu ali wrote: > Hi Abu Attar, > > On Sun, Oct 23, 2011 at 11:09, Abu Attar Musharih > wrote: >> The customer service said that ssh is not allowed. So, what to do >> then? I badly need a server with global IP for experimenting grid >> computing. > > To be absolutely sure you can try the following. I was trying to quickly respond all the answers last night. Unfortunately, the internet speed of this broadband connection was very slow from home (due to large distance of its BTS, base transceiver station). But here, I can do experiment as follows: > 1. confirm your global ip (e.g. here: http://checkip.dyndns.com) Current IP Address: 120.166.xx.xxx (successful). This is just similar to the info from > ifconfig ppp0 Link encap:Point-to-Point Protocol inet addr:120.166.xx.xxx P-t-P:10.64.64.64 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:2797 errors:0 dropped:0 overruns:0 frame:0 TX packets:2947 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:939701 (917.6 KiB) TX bytes:409709 (400.1 KiB) > 2. check sshd is running at your end and is using port 22. you can try > ssh-ing to another local user to check easily. [root@localhost tasrief]# /etc/init.d/sshd status openssh-daemon (pid 1302) is running... [root@localhost tasrief]# > 3. nc -z 22 (from a machine outside your local network) Connection to 120.166.xx.xxx 22 port [tcp/ssh] succeeded! > 4. if this last step shows you that connection is not happening, you > can try looking at your router settings. there should be a way to > port forward your ssh connections to port 22 of the machine you want > to use as a server. The problem is, ssh does not work from another online laptop to to this machine. Neither does ping. Regards, AA -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On 10/24/2011 02:04 AM, Joe Zeff wrote: > On 10/23/2011 02:09 AM, Abu Attar Musharih wrote: >> The customer service said that ssh is not allowed. So, what to do >> then? I badly need a server with global IP for experimenting grid >> computing. > Configure ssh to use a non-standard port such as 6002. FWIW If an ISP has gone through the trouble of blocking ports of well known services chances are they have also blocked incoming SYN packets on higher ports as well. Thus my suggestion to use a port of a well known service that is allowed. -- Even if you do learn to speak correct English, whom are you going to speak it to? -- Clarence Darrow -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/23/2011 03:37 PM, Joe Zeff wrote: > On 10/23/2011 01:24 PM, Mikkel L. Ellertson wrote: >> If you are using your own router, configure it to forward an >> incoming non-standard port to port 25 on your server. But if you are >> using a router with NAT, you problem might be that you did not >> configure the router to forward incoming port 25 connections to the >> proper local IP address. > > I think you mean Port 22. Port 25 is SMTP. Yes. My goof. Thank you for correcting me. Mikkel - -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6ke98ACgkQqbQrVW3JyMS6ngCfSIRR1N55opIQ8WLK1tTsdHix OWIAn1vjp7QNIafILlFdcNIlvZS5kKxO =6lJo -END PGP SIGNATURE- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On 10/23/2011 01:24 PM, Mikkel L. Ellertson wrote: > If you are using your own router, configure it to forward an > incoming non-standard port to port 25 on your server. But if you are > using a router with NAT, you problem might be that you did not > configure the router to forward incoming port 25 connections to the > proper local IP address. I think you mean Port 22. Port 25 is SMTP. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/23/2011 01:04 PM, Joe Zeff wrote: > On 10/23/2011 02:09 AM, Abu Attar Musharih wrote: >> The customer service said that ssh is not allowed. So, what to do >> then? I badly need a server with global IP for experimenting grid >> computing. > > Configure ssh to use a non-standard port such as 6002. If you are using your own router, configure it to forward an incoming non-standard port to port 25 on your server. But if you are using a router with NAT, you problem might be that you did not configure the router to forward incoming port 25 connections to the proper local IP address. Mikkel - -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6keAoACgkQqbQrVW3JyMT11QCfX7pkOFFfwMwjZra0id3ljwIi vwsAnROPY/zJVxeskhq2Yp/1oxv2aPcG =WEdg -END PGP SIGNATURE- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On 10/23/2011 02:09 AM, Abu Attar Musharih wrote: > The customer service said that ssh is not allowed. So, what to do > then? I badly need a server with global IP for experimenting grid > computing. Configure ssh to use a non-standard port such as 6002. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Sunday, October 23, 2011 05:14:01 AM Harish Pillay wrote: > > On 10/23/2011 05:09 PM, Abu Attar Musharih wrote: > >> The customer service said that ssh is not allowed. So, what to do > >> then? I badly need a server with global IP for experimenting grid > > You can do the following: > a) edit /etc/ssh/sshd_config and change the default port 22 to a > higher port say 10022. Actually anything above 1024 would > be sufficient. > b) restart your sshd daemon > c) from your client, say if you are running on the command line, > you can do the following: ssh -p 10022 hostname > replacing the 10022 with whatever you've changed your sshd > to. > d) do ensure that on your server you open up the port you want > sshd to accept connections. you can do that from the > command line via system-config-firewall. > > hth. > > harish Question to the OP please. Are you also behind your own router? Does it run NAT? If yes, is it configured to forward an ssh connection, from the Internet, to your local host? When you switch your ssh server (etc/ssh/sshd_config) to use a non-standard port, and if you are behind a router that is doing NAT, you will need to configure the router to forward the connection to your host. If you are behind a router, owned by the ISP, that is using NAT, our suggestions probably won't work...we need to know your network topology. How can one tell if one is behind a router that uses NAT? What is your local host's IP address? If your host's IP address is in the range, listed by rfc 1918, http://www.rfc-editor.org/rfc/rfc1918.txt 192.168.0.0 - 192.168.255.255, 172.16.0.0 - 172.31.255.255, or 10.0.0.0 - 10.255.255.255, you are behind a router running NAT. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Sun, Oct 23, 2011 at 14:24, Reindl Harald wrote:
>
> and if the ISP of the OP is blocking incoming port 22 he has
> no other solution - so what baout are we speaking here?
>
That was my intention of checking with nc, whether port 22 is indeed
being blocked if not whether it is being properly forwarded by the
router to the OP's new server.
In any case the OP is yet to respond. As long as his problem is solved
doesn't really matter.
> ___
>
>
> [root@buildserver:~]$ cat /Volumes/dune/buildserver/server-list.txt
> #!/bin/bash
> RH_TARGET_SERVERS=()
> RH_TARGET_SERVERS[1]="host1"
> RH_TARGET_SERVERS[2]="host2"
> RH_TARGET_SERVERS[3]="host3"
> RH_TARGET_SERVERS[4]="host4"
> RH_TARGET_SERVERS[5]="host5"
> RH_TARGET_SERVERS[6]="host6"
>
> [root@buildserver:~]$ cat /Volumes/dune/buildserver/distribute-file.sh
> #!/bin/bash
> source /Volumes/dune/buildserver/server-list.txt
> function rh_push_file
> {
> echo $1
> RSYNC_PARAMS='--ipv4 --compress --times --progress --force --links --perms
> --owner --group'
> /bin/nice /usr/bin/rsync $RSYNC_PARAMS --rsync-path='nice -n 19 rsync' "$2"
> "root@$1:$2"
> echo ""
> }
> if [ "$2" == "" ]
> then
> echo "" > /dev/null
> else
> echo "Bitte Parameter in Quotes setzen"
> exit
> fi
> for item in ${RH_TARGET_SERVERS[*]}
> do
> rh_push_file $item "$1"
> done
>
> [root@buildserver:~]$ cat /Volumes/dune/buildserver/distribute-command.sh
> #!/bin/bash
> source /Volumes/dune/buildserver/server-list.txt
> function rh_run_command
> {
> echo $1
> ssh root@$1 "$2"
> echo ""
> }
> if [ "$2" == "" ]
> then
> echo "" > /dev/null
> else
> echo "Bitte Parameter in Quotes setzen"
> exit
> fi
> echo ""
> for item in ${RH_TARGET_SERVERS[*]}
> do
> rh_run_command $item "$1"
> done
>
Thanks for these scripts. Maybe these will come in handy someday.
--
Suvayu
Open source is the future. It sets us free.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Sun, Oct 23, 2011 at 13:18, Reindl Harald wrote: > > > Am 23.10.2011 13:09, schrieb suvayu ali: > > On Sun, Oct 23, 2011 at 13:04, Reindl Harald wrote: > >> Am 23.10.2011 12:58, schrieb suvayu ali: >> >>> I am no expert, I just said what worked for me in the past. I ssh into >>> many systems everyday so changing to non-standard ports is >>> inconvenient >> where is there any single problem if you can read manuals? >> you have to specify the port only once per client and after >> that rsync, ssh, scp and sftp even in konqueror is using this >> port >> Please read carefully. I ssh to *multiple* machines. The list of >> clients is hundreds, also I don't have the complete list. > > well i maintain 40 machines, all with non-standard-port and connecting > multiple hundret times to omst of them each day > > /home/username/.ssh/id_rsa is needed on all clients or do you really > allow password-login on standard-port and type the password all day long? > so there is supported a file called "config" in the same folder > I know about ~/.ssh/config and I use it. Logging in to the remote nodes is not the issue in my case. I use kerberos to authenticate anyway. The issue is when I want to access my machine from those remote nodes, I have to copy the section relevant to my machine to the remote nodes. I use other ways to deal with securing my system like configuring ssh to reject hosts with more than one failed attempts, denyhosts and of course a firewall. >> I mostly have to login to a distributed computing resource where the >> physical node you is selected dynamically based on availability and >> load. So I don't have the complete list of IPs. > > ip-addresses are not interesting here > > failovers are working dns-based, so your hostname is the same > the ssh-client config is hostname-based > I know that and I use them when appropriate. -- Suvayu Open source is the future. It sets us free. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Sun, Oct 23, 2011 at 13:04, Reindl Harald wrote: > Am 23.10.2011 12:58, schrieb suvayu ali: > >> I am no expert, I just said what worked for me in the past. I ssh into >> many systems everyday so changing to non-standard ports is >> inconvenient > > where is there any single problem if you can read manuals? > you have to specify the port only once per client and after > that rsync, ssh, scp and sftp even in konqueror is using this > port Please read carefully. I ssh to *multiple* machines. The list of clients is hundreds, also I don't have the complete list. I mostly have to login to a distributed computing resource where the physical node you is selected dynamically based on availability and load. So I don't have the complete list of IPs. PS: Please be civil and don't insult fellow list members. -- Suvayu Open source is the future. It sets us free. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Sun, Oct 23, 2011 at 12:47, Reindl Harald wrote: > Am 23.10.2011 12:20, schrieb suvayu ali: > > On Sun, Oct 23, 2011 at 12:12, Reindl Harald wrote: > >> mh and hwo do you start "nc" if you can not connect to the machine and >> if you drive to the machine doing this manually what after internet >> is shortly down - driving all the time around? >> > I didn't say that machine, I said a machine, as in any other machine > not on the same local network. I am assuming if the OP wants to work > with grid computing he has access to some other > server/desktop/whatever which is connected to the internet. And he > doesn't have to drive there, he can always use ssh. The OP never said > ssh to some machine outside is not working, so its a fair assumption > that he can. > > NO HE CAN NOT AND THAT IS WHY PEOPOLE SHOULD NOT POST OFF-LIST I did not, you are adding me to the to: header. Fix your email client. > HOW WILL YOU ACCESS THE MACHINE REMOTE TO START NC WITHOUT DRIVING > THERE GENIUS? > Please be civil. Read my post carefully, then respond. And there is no need to respond to the same email twice. Now to the point of the discussion: The OP is trying to setup a server, lets call it newserver. Lets call his already working machine laptop. According to my suggestion he either needs to connect the laptop to a different network and use, nc -z -- Suvayu Open source is the future. It sets us free. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Sun, Oct 23, 2011 at 12:42, Reindl Harald wrote: > > > Am 23.10.2011 12:20, schrieb suvayu ali: > > On Sun, Oct 23, 2011 at 12:12, Reindl Harald wrote: > >> mh and hwo do you start "nc" if you can not connect to the machine and >> if you drive to the machine doing this manually what after internet >> is shortly down - driving all the time around? >> > I didn't say that machine, I said a machine, as in any other machine > not on the same local network. I am assuming if the OP wants to work > with grid computing he has access to some other > server/desktop/whatever which is connected to the internet. And he > doesn't have to drive there, he can always use ssh. The OP never said > ssh to some machine outside is not working, so its a fair assumption > that he can. > > well, you can use 20 different machines to achieve a result > or simply change a port so it is not blocked by the isp > > what do you think is smarter? > I am no expert, I just said what worked for me in the past. I ssh into many systems everyday so changing to non-standard ports is inconvenient. Rather than speculate what other ways might work I chose to suggest what has worked for me in the past. In any case I don't think many ISPs forward all ports to the user. Depending on their policy, they will forward certain ports. If its a non-standard port, and the ISP forwards selective ports it is more likely that those will be blocked. In any case I think Ed's suggestion is something the OP should try too. -- Suvayu Open source is the future. It sets us free. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Sun, Oct 23, 2011 at 12:12, Reindl Harald wrote: > mh and hwo do you start "nc" if you can not connect to the machine and > if you drive to the machine doing this manually what after internet > is shortly down - driving all the time around? > I didn't say that machine, I said a machine, as in any other machine not on the same local network. I am assuming if the OP wants to work with grid computing he has access to some other server/desktop/whatever which is connected to the internet. And he doesn't have to drive there, he can always use ssh. The OP never said ssh to some machine outside is not working, so its a fair assumption that he can. Hope this is clearer. -- Suvayu Open source is the future. It sets us free. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
> On 10/23/2011 05:09 PM, Abu Attar Musharih wrote: >> The customer service said that ssh is not allowed. So, what to do >> then? I badly need a server with global IP for experimenting grid You can do the following: a) edit /etc/ssh/sshd_config and change the default port 22 to a higher port say 10022. Actually anything above 1024 would be sufficient. b) restart your sshd daemon c) from your client, say if you are running on the command line, you can do the following: ssh -p 10022 hostname replacing the 10022 with whatever you've changed your sshd to. d) do ensure that on your server you open up the port you want sshd to accept connections. you can do that from the command line via system-config-firewall. hth. harish -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
Hi Abu Attar, On Sun, Oct 23, 2011 at 11:09, Abu Attar Musharih wrote: > The customer service said that ssh is not allowed. So, what to do > then? I badly need a server with global IP for experimenting grid > computing. To be absolutely sure you can try the following. 1. confirm your global ip (e.g. here: http://checkip.dyndns.com) 2. check sshd is running at your end and is using port 22. you can try ssh-ing to another local user to check easily. 3. nc -z 22 (from a machine outside your local network) 4. if this last step shows you that connection is not happening, you can try looking at your router settings. there should be a way to port forward your ssh connections to port 22 of the machine you want to use as a server. There are 2 "gotchas" about the above. You have to use other ports on the router for ssh to other machines on the same local network (not sure if there is a better way, but in my limited understanding this is the case). The other is, often ISPs have dynamic IPs, so the moment you reconnect or reboot your router, your IP might change (will?). To get around this you can use a service like dyndns.com (I use their free service) and use something like ddclient to update the IP when it is changed. Hope this helps. -- Suvayu Open source is the future. It sets us free. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On 10/23/2011 05:09 PM, Abu Attar Musharih wrote: > The customer service said that ssh is not allowed. So, what to do > then? I badly need a server with global IP for experimenting grid > computing. If they don't allow ssh what service do they allow? If, for example, they allow you to run a pop server and you don't use pop3 then run your ssh server on port 110. -- Even if you do learn to speak correct English, whom are you going to speak it to? -- Clarence Darrow -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
>> And then one sees... ssh: connect to host 120.166.xx.xxx >> >> Does anyone see a difference between 165 and 166? >> > I missed that - I think you nailed it. (Time for coffee!) > My apology, that was a typo. I have tried several times for different global ip address every time I reactivated the connection. So, Ssh was done to the right IP but failed. I baceme curious because with the same provider and the same service, I was able to do ssh before. Also, inside LAN with ip 192.168.xx.xx, ssh works fine. /etc/init.d/sshd is running. The customer service said that ssh is not allowed. So, what to do then? I badly need a server with global IP for experimenting grid computing. Regards, AA -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/22/2011 07:28 AM, Ed Greshko wrote: > On 10/22/2011 08:17 PM, Mikkel L. Ellertson wrote: >> On 10/22/2011 04:31 AM, Abu Attar Musharih wrote: >>> Dear List, >> >>> My internet connection is via mobile broadband. The ifconfig lists >>> the ppp0 with IP address, >> >> >>> ppp0 Link encap:Point-to-Point Protocol >>> inet addr:120.165.xx.xxx P-t-P:10.64.64.64 >> Mask:255.255.255.255 >>> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 >>> RX packets:5239 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:6371 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:3 >>> RX bytes:3867747 (3.6 MiB) TX bytes:1020544 (996.6 KiB) >> >>> I tried to remote login (using ssh) to this IP address from another >>> machine but failed. >> >>> The following message appears, >> >>> ssh: connect to host 120.166.xx.xxx port 22: Connection timed out >> >> >>> Editing /etc/sysconfig/iptables and add --dport 22 -j Accept does >> not help. >> >>> Could any one please provide some suggestions? >> >>> Thanks in advance, >>> AA >> Dumb question 1: Did you reload iptables after making the changes? >> >> Dumb question 2: Is sshd running on the machine you are trying to >> connect to? >> >> > > Dumb question 3: Above one sees... inet addr:120.165.xx.xxx > > And then one sees... ssh: connect to host 120.166.xx.xxx > > Does anyone see a difference between 165 and 166? > I missed that - I think you nailed it. (Time for coffee!) Mikkel - -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6iu5wACgkQqbQrVW3JyMSz9ACfSxeK7LTkJ5oan/VPszLrZGgL obYAn2yhKDuuzyywU4tKYGokd5HRjhGw =sCsS -END PGP SIGNATURE- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On 10/22/2011 08:17 PM, Mikkel L. Ellertson wrote: > On 10/22/2011 04:31 AM, Abu Attar Musharih wrote: > > Dear List, > > > My internet connection is via mobile broadband. The ifconfig lists > > the ppp0 with IP address, > > > > ppp0 Link encap:Point-to-Point Protocol > > inet addr:120.165.xx.xxx P-t-P:10.64.64.64 > Mask:255.255.255.255 > > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > > RX packets:5239 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:6371 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:3 > > RX bytes:3867747 (3.6 MiB) TX bytes:1020544 (996.6 KiB) > > > I tried to remote login (using ssh) to this IP address from another > > machine but failed. > > > The following message appears, > > > ssh: connect to host 120.166.xx.xxx port 22: Connection timed out > > > > Editing /etc/sysconfig/iptables and add --dport 22 -j Accept does > not help. > > > Could any one please provide some suggestions? > > > Thanks in advance, > > AA > Dumb question 1: Did you reload iptables after making the changes? > > Dumb question 2: Is sshd running on the machine you are trying to > connect to? > > Dumb question 3: Above one sees... inet addr:120.165.xx.xxx And then one sees... ssh: connect to host 120.166.xx.xxx Does anyone see a difference between 165 and 166? -- Even if you do learn to speak correct English, whom are you going to speak it to? -- Clarence Darrow -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/22/2011 04:31 AM, Abu Attar Musharih wrote: > Dear List, > > My internet connection is via mobile broadband. The ifconfig lists > the ppp0 with IP address, > > > ppp0 Link encap:Point-to-Point Protocol > inet addr:120.165.xx.xxx P-t-P:10.64.64.64 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:5239 errors:0 dropped:0 overruns:0 frame:0 > TX packets:6371 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > RX bytes:3867747 (3.6 MiB) TX bytes:1020544 (996.6 KiB) > > I tried to remote login (using ssh) to this IP address from another > machine but failed. > > The following message appears, > > ssh: connect to host 120.166.xx.xxx port 22: Connection timed out > > > Editing /etc/sysconfig/iptables and add --dport 22 -j Accept does not help. > > Could any one please provide some suggestions? > > Thanks in advance, > AA Dumb question 1: Did you reload iptables after making the changes? Dumb question 2: Is sshd running on the machine you are trying to connect to? Mikkel - -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6itEQACgkQqbQrVW3JyMSQwgCfdxzWs5vbObesZubgShCS6ORe aRUAn2ysuiqsHmguRL7G/+JxmnxsWkDS =AZ9V -END PGP SIGNATURE- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
Hi, Could be several reasons. I presume that you succeede in ssh-ing to that machine, from another client (i.e. The machine does accept incomoing ssh-request) Perhaps firewall settings? Or accept/deny configurations? - Oorspronkelijk bericht - Van: Abu Attar Musharih [mailto:abuattar.musha...@gmail.com] Verzonden: Saturday, October 22, 2011 11:31 AM Aan: Community support for Fedora users Onderwerp: Unable to ssh nodes with global IP Dear List, My internet connection is via mobile broadband. The ifconfig lists the ppp0 with IP address, ppp0 Link encap:Point-to-Point Protocol inet addr:120.165.xx.xxx P-t-P:10.64.64.64 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:5239 errors:0 dropped:0 overruns:0 frame:0 TX packets:6371 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:3867747 (3.6 MiB) TX bytes:1020544 (996.6 KiB) I tried to remote login (using ssh) to this IP address from another machine but failed. The following message appears, ssh: connect to host 120.166.xx.xxx port 22: Connection timed out Editing /etc/sysconfig/iptables and add --dport 22 -j Accept does not help. Could any one please provide some suggestions? Thanks in advance, AA -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines __ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
2011/10/22, Abu Attar Musharih : > Dear List, > > My internet connection is via mobile broadband. The ifconfig lists > the ppp0 with IP address, > > > ppp0 Link encap:Point-to-Point Protocol > inet addr:120.165.xx.xxx P-t-P:10.64.64.64 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:5239 errors:0 dropped:0 overruns:0 frame:0 > TX packets:6371 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > RX bytes:3867747 (3.6 MiB) TX bytes:1020544 (996.6 KiB) > > I tried to remote login (using ssh) to this IP address from another > machine but failed. > > The following message appears, > > ssh: connect to host 120.166.xx.xxx port 22: Connection timed out > > > Editing /etc/sysconfig/iptables and add --dport 22 -j Accept does not help. > > Could any one please provide some suggestions? Can you ping the machine? If yes, then are there traces in the logs that show the connection attempts? (You can make iptables log those.) I don't know much about networking, but I think it's good to isolate where the real problem lies. It may not have to do anything with ssh or the firewall. Andras -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Unable to ssh nodes with global IP
On Sat, Oct 22, 2011 at 11:31 AM, Abu Attar Musharih wrote: > I tried to remote login (using ssh) to this IP address from another > machine but failed. > > The following message appears, > > ssh: connect to host 120.166.xx.xxx port 22: Connection timed out > > > Editing /etc/sysconfig/iptables and add --dport 22 -j Accept does not help. > > Could any one please provide some suggestions? > Are you certain that your provider allows such connections? You could ask their customer support if they know. -- Suvayu Open source is the future. It sets us free. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Unable to ssh nodes with global IP
Dear List, My internet connection is via mobile broadband. The ifconfig lists the ppp0 with IP address, ppp0 Link encap:Point-to-Point Protocol inet addr:120.165.xx.xxx P-t-P:10.64.64.64 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:5239 errors:0 dropped:0 overruns:0 frame:0 TX packets:6371 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:3867747 (3.6 MiB) TX bytes:1020544 (996.6 KiB) I tried to remote login (using ssh) to this IP address from another machine but failed. The following message appears, ssh: connect to host 120.166.xx.xxx port 22: Connection timed out Editing /etc/sysconfig/iptables and add --dport 22 -j Accept does not help. Could any one please provide some suggestions? Thanks in advance, AA -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
