Help - Search - Members - Calendar
Full Version: Help With Ssh
Linuxhelp > Support > Technical Support
jdklusman
Okies, I was trying to setup SSH server on my linux box. I had it working on the last install, just the way i liked it. I would iniate a connection with putty from my windows machine, a screen would pop up saying "blah blah key retrieved blah blah" and every time after that i was able to just log in like a telnet session.
Well, I was hacked into about a week ago, i have spent this week going over my security setup, and decided it needed some major work. I over hauled it and using shorewall, i set every connection in the policy to drop (loc, net, fw) and for all to all to reject. I then set some rules up for each IP in my rules for each port i wanted them to use. I set my windows machine's access to the ssh server on the linux box using this:

ACCEPT loc:192.168.0.2 fw tcp 22
ACCEPT loc:192.168.0.2 fw udp 22

I opened a log monitor and watched the messeges come in when i was trying to connect with putty. Normally I get alot of messages from droped hits on my WAN nic, but i never saw a single drop or reject from shorewall on the connection attempts. This lead me to believe that shorewall wasn't my problem. Putty never pops up the key accept window like it did with the old setup, instead it sits there and pops up a "connection refused" and then in the message log i am monitoring i see sshd: refused 192.168.0.2
I have a feeling it has something to do with the key's, but i don't know what. I followed each guide on the web with no luck. I su to root and then change to /etc directory and issue the ssh_keygen -b 1024 -t (rsa1, rsa, dsa.... i do them all) -f /etc/ssh_host_key -N ". I have mixed and matched using a little from each guide and following each guide completely with no luck. When i connect on the linux box to test it i can't connect on the LAN nic's ip, but i can on the loop-back. I changed the listening address in the config to the LAN nic's ip, still no luck. Im wondering if i should format and start with a clean slate.
Sorry if this is disjointed and hard to understand been hammering on this all night real tired, and the percocet is kicking in ... yay for that, but also means im done for the night lol.
hughesjr
I know this is obvious ... but, did you try:

/etc/init.d/sshd start
jdklusman
PercOcet is fun, but not that fun. sshd was running. I did fix my prob. tho. Just in case anybody else is having problems with mandrake and services behind shorewall (iptables) check your hosts.denny for a entry ALL : ALL. It will more than likely be there go into the hosts.allow and put in the xindent name of the service you are trying to gain access to.
In my case i had to add

sshd : ALL

after doing this and seeing that if fixed my problem i narrowed down who could hit this service (even tho the firewall should stop all but the 1 ip i set in the rules) I changed the entry to

sshd : 192.168.0.3

Only that ip can access sshd smile.gif if you wanted to allow certian number of computers, say your entire lan but not any one with a public ip you could use

sshd : 192.168.0.0/24

I didn't do this because im extremely paranoid and it is possible for a hacker to spoof a private IP but chances of it happening are slim to none.
hughesjr
Hey, I didn't want to ask about sshd ... but you want to start with the easy stuff first. biggrin.gif

Shorewall is a good product, but the IP MASQ HowTo's script is also good ... just info for the future.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.