Hi,
On other ssh dist's I use to just change the sshd_config port# to change what port # that was bound. With the 4.2 dist. I can change the port but it won't bind the port. What else do I need to change?
thanks in advance
Check the init script to make sure it doesn't override the config.
cu
59cobaltI found out one thing more.
I can connect from the same subnet as the linux box, with the port # changed. Otherwise I get a "connect refused" responce right away. What could allow me to connect if I am on the same subnet 192.168.10.X but not from the coffee shop through the firewall.
I do have the firewall port configured properly because when I set everything to port 22 it all works. If I move the sshd_config to port 27 then I get the connection refused if I am not on the same subnet.
Oh, my /etc/hosts.allow and deny are empty
Any ideas?
It depends on your firewall. Looking to your IP adress, I'd assume, that you're using NAT. So you're needing a static NAT rule on your NAT box (maybe the firewall).
If not, then there is a filtering device in between (you router?), which is filtering away traffic with the exception of traffic for port 22 for this host.
Yours, VB.
Done and does work with port 22, all that is necessary is just change the
22 to X. It;s just a linksys router.What is standard on fedora core 4 that could cause this to reject the connection if it is not on the subnet of the pc?
could it be the sshd_config family being commented out or maybe the listen address?
Good question. When you're starting sshd, what does lsof -i say to us?
Yours, VB.
Could you be a little more verbose? Please?
What's the output of "netstat -nlt" on the SSH server? What does your sshd_config look like? (please remove any line starting with a # before posting it) What does your network look like? You have a local network behind a NATing router? How is the router configured? Does it forward any ports? Which? Whereto?
No. The default is to listen on all interfaces.
cu
59cobaltHi,
Here is the sshd_config #start Port 2200 Protocol 2 SyslogFacility AUTHPRIV #LogLevel INFO # Authentication: #AllowUsers brenda AllowUsers brenda@coffeshopIp AllowUsers brenda@192.168.20.* AllowUsers brenda@127.0.0.1
#LoginGraceTime 2m PermitRootLogin no #StrictModes yes MaxAuthTries 3 PasswordAuthentication yes
# Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no GSSAPIAuthentication yes #GSSAPICleanupCredentials yes GSSAPICleanupCredentials yes #UsePAM no UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no X11Forwarding yes Compression yes #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #ShowPatchLevel no
# no default banner path #Banner /etc/ssh/banner
# override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server #end
[root@fedora brenda]# netstat -nlt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:56965 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:199 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5801 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:5335 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:13306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN tcp 0 0 :::54564 :::* LISTEN tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN tcp 0 0 :::8009 :::* LISTEN tcp 0 0 :::46480 :::* LISTEN tcp 0 0 :::80 :::* LISTEN tcp 0 0 :::2000 :::* LISTEN tcp 0 0 :::6001 :::* LISTEN tcp 0 0 :::51890 :::* LISTEN tcp 0 0 :::2200 :::* LISTEN tcp 0 0 ::1:6010 :::* LISTEN [root@fedora brenda]#the 2200 is what i get when I switch it to port 2200.
For the nat linksys the web page has 2200 t0 2200 Ip=192.168.20.X
I'm confused. Could it be the pam_abl? I do this all the time on my windows pc with cygwin and sshd by just changing the sshd_config
*sigh*
Didn't I expressly ask you to remove each line starting with a # (to keep the quote short)?
Is "coffeeshopIp" the actual *external* IP address of that coffee shop?
[...]For some reason your sshd listens only on the IPv6 address. Does the coffee shop use IPv6? Try adding one of the following lines to your sshd_config:
"ListenAddress 192.168.20.x" "ListenAddress 0.0.0.0" "AddressFamily inet" "AddressFamily any"
Does your server actually *have* an IPv4 address? What does "ifconfig" say?
I don't have experience with IPv6, but your router forwarding to an IPv4 address, whereas the server listens on an IPv6 address, may (or may not) have something to do with your problem.
BTW, obfuscating private addresses like 192.168.20.x is pretty pointless.
I doubt it.
cu
59cobaltAlas I found the problem thanks for the help.
Using one of those port scanners like shields up etc. I could see that the port was open or closed.
It turned out the following was happening.
I used port 443 instead of port 2200 or 22 or 22000. Yes I know it is https.
It turns out that coffeeshipIp was blocking outbound connections to certain port ranges.
So all I had to do was change my port to one that wasn't being blocked and it solved the issue.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.