# SSHD to install

## dpfletch

Hi all

I'm taking my first steps at installing Gentoo and fancy having a go at a remote install which I can monitor from work due to the time taken to compile all the source packages and install them.

I've not had any problems with the local install (apart from cancelling it during the package compile prior to the kernel compile due to time restrictions) and would like to "slogin" to compile packages and kernel remotely.

I've set up network card (eth0) with static IP and can ping out fine.  My network consists of two boxes, one running Mandrake 9.1 as the outfacing box plugged into a cable modem and one running XP.  I'm dual booting the windoze box with Gentoo before ripping the Mandrake box apart and installing Gentoo on that.  I can ping the gentoo box from the Mandrake box ok, but cannot slogin even though SSHD is running and I can slogin from the gentoo box to the Gentoo box (and slogin to the Mandrake box from the Gentoo box).

When I try to slogin to the Gentoo box, I get:

"Connection refused on port 22".

Anybody seen this and know if all incoming connections are blocked during install for security purposes?  If so, how can I open the port to allow SSH incoming connection?

Thanks in advance.

Paul

----------

## linux_weenie

use nmap to see what ports are open on the target host, if they're not there's one problem. also check to see if Mandrake is passing the connection correctly so that the SSHD can talk to the outside world. you'll probably have to setup the packet fowarding so that the target machine can respond with a service when connections are incoming. also check to make sure what port your sshd is running on. maybe it did something and is running on the non standard port which is what your client is going to default. like in telnet you can specify the port like this 

```
telnet 192.168.x.x [Port Num]
```

----------

## dpfletch

Hi

Yeah, tried nmapping but didn't come up with any results ... I think my nmap on the 'Drake box install may be screwed   :Confused: 

I think the SSHD is running on the correct port because if I:

bash# slogin root@192.168.0.36                      - the IP of the Gentoo box

FROM the Gentoo box (ie. slogin to localhost) then it connects fine and I can login.

I've also tried telnetting on port 22 and 23 to the Gentoo box from the Drake box, but box connections were refused.

I'm not trying any natting from the Drake box as I intend to slogin to that and then slogin to the gentoo box from there to monitor the install.

I'll try the Nmap again later to see if any ports are actually open.

Any other ideas in the meantime?

----------

## linux_weenie

if the nmap is messed up you can download the newest version from http://www.insecure.org and other network goodies. well at least you know the service is running since you can loopback to yourself. is the mandrake the router and is it running a firewall of any sort?

----------

## puggy

are you remembering to try and login to the Gentoo box as root? i.e.

```
ssh root@gentooboxIP
```

Also remember to set the password before you try and login.

Puggy

----------

## dpfletch

 *puggy wrote:*   

> are you remembering to try and login to the Gentoo box as root? i.e.
> 
> ```
> ssh root@gentooboxIP
> ```
> ...

 

Yeah, set password:

```
passwd root
```

Then CAN login locally on same machine:

```
slogin root@192.168.0.36
```

enter Password and then  get a new terminal.

The problem I'm having is logging in to the Gentoo box from the Mandrake box.  Getting connection refused this way.[/code]

----------

## rizzo

Be sure that PermitRootLogin is set to "yes" in /etc/ssh/sshd_config.

----------

## mpsii

Just making sure you typed: 

```
# /etc/init.d/sshd start
```

 on the gentoo box...

----------

## dpfletch

 *linux_weenie wrote:*   

> if the nmap is messed up you can download the newest version from http://www.insecure.org and other network goodies. well at least you know the service is running since you can loopback to yourself. is the mandrake the router and is it running a firewall of any sort?

 

Got Nmap sorted now on Drake box, but Gentoo box is off (and at home) so I can't test it at the mo   :Mad: 

----------

## puggy

 *dpfletch wrote:*   

>  *puggy wrote:*   are you remembering to try and login to the Gentoo box as root? i.e.
> 
> ```
> ssh root@gentooboxIP
> ```
> ...

 

This doesn't change my point. If you try and login to a sshd server with a username that isn't valid you'll get denied obviously. So say your logged on as dpfletch on your Mandrake box, if you just do 

```
ssh gentooboxIP
```

, it will try and log you in as dpfletch, which obviously won't work.

The fact that it works locally is because your logging from root, into root. If locally you did 

```
ssh dpfletch@localhost
```

 it wouldn't work as there is no dpfletch on the gentoo livecd.

Puggy

----------

## dpfletch

 *puggy wrote:*   

>  *dpfletch wrote:*    *puggy wrote:*   are you remembering to try and login to the Gentoo box as root? i.e.
> 
> ```
> ssh root@gentooboxIP
> ```
> ...

 

agreed.

Tried

```
slogin root@locahost
```

and set up a user "fletch" and then tried:

```
slogin fletch@localhost
```

set up passwords for both, but the connection from the other box into the Gentoo box then I get a refused connection before I even get asked the password so I guess that the incoming connection is being blocked by something in the Gentoo box but the internal connection works and pings come back from the Gentoo box ok, so the NIC is up and running .... and I can ping out of the Gentoo box and get responses from other domains (one I recall which did work was bbc.co.uk).

Could it be something to do with the SSHD not opening the port on eth0 - do I need to edit /etc/sshd/sshd_conf ?

----------

## rizzo

Please post the command, and any subsequent errors, that you are seeing.  I recommend ssh -v

```
ssh -v root@yourboxIPhere
```

----------

## dpfletch

Hi guys,

OK I have the readouts from ssh -v and nmapping and they read as follows:

ssh:

```

[fletch@thebaccytin fletch]$ ssh -v root@192.168.0.36

OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Rhosts Authentication disabled, originating port will not be trusted.

debug1: ssh_connect: needpriv 0

debug1: Connecting to 192.168.0.36 [192.168.0.36] port 22.

debug1: connect to address 192.168.0.36 port 22: Connection refused

ssh: connect to host 192.168.0.36 port 22: Connection refused

```

and nmap:

```

[fletch@thebaccytin fletch]$ nmap -v 192.168.0.36

 

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )

No tcp,udp, or ICMP scantype specified, assuming vanilla tcp connect() scan. Use -sP if you really don't want to portscan (and just want to see what hosts are up).

Host  (192.168.0.36) appears to be up ... good.

Initiating Connect() Scan against  (192.168.0.36)

The Connect() Scan took 0 seconds to scan 1601 ports.

All 1601 scanned ports on  (192.168.0.36) are: closed

 

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

```

so, although sshd is running on the Gentoo box, and I can login locally to it with:

```

slogin root@localhost

```

I can't get into the box from outside because the port is closed.

Is there some kind of firewall software included in the Live CD?  I've checkd for ipchains and iptables but can't find them so I'm assuming they're not there.  But the fact that the port is showing as closed when the deamon is running makes me think that the deamon config file needs hacking ...

----------

## puggy

Have you tried exiting the livecd in case something has got screwed up.

Boot is afresh

Do net-setup and make sure it worked with ifconfig

set the password on the livecd with passwd

start sshd with /etc/init.d/sshd start

Try and login again as root.

Puggy

----------

## dpfletch

 *puggy wrote:*   

> Have you tried exiting the livecd in case something has got screwed up.
> 
> 

 

Hi Puggy

Sorry, I don't follow the exiting livecd part.

The net-setup works fine.  eth0 is up and I can ping out, slogin to my Mandrake box and ping into the Gentoo box.

I can even slogin locally.  Another thought as I don't think iptables is running - do I have to bind the SSHD to eth0?

----------

## gibson3659

Try manually setting the listening address and port in /etc/ssh/sshd_conf and restarting sshd.

----------

## BradN

Maybe something got messed up in that livecd... try an older one if possible?  I know ssh works from at least some of the livecd's as I've done it myself.

----------

## puggy

 *dpfletch wrote:*   

>  *puggy wrote:*   Have you tried exiting the livecd in case something has got screwed up.
> 
>  
> 
> Hi Puggy
> ...

 

By exiting I mean't a reboot, and booting back onto the livecd.

Puggy

----------

## dpfletch

Ahhh!  Sorry misunderstanding.

Yeah tried that several times.  Even managed to reformat my windoze partition today in a moment of frustration   :Embarassed: 

The SSH deamon is running, it's just not opening the port on eth0.

Does anyone know if I have to bind sshd to eth0?

----------

## Moled

netstat --tcp -pl

gives what?

----------

## Hoff

Yo yo --

I was just reading through this thread, because I was having pretty much the same problem.  Well, I think, anyway.  I could ssh to myself if I did "ssh localhost", although I would get a "connection refused" if I tried to ssh to a domain that (correctly) maps to my IP.  After a couple minutes, though, the problem went away and everything worked.

My problem was probably related to some weird routing caching; perhaps yours is too?

-- John

----------

## dpfletch

 *Moled wrote:*   

> netstat --tcp -pl
> 
> gives what?

 

```
Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   

tcp        0      0 *:ssh                   *:*                     LISTEN      5061/sshd   

```

So the server is running and I can login locally, but not remotely.

I've also set the listen address and port so that netstat returns:

```

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   

tcp        0      0  192.168.0.36:ssh                   *:*                     LISTEN      5061/sshd           

```

but Nmapping the box still gives:

```

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )

All 1601 scanned ports on  (192.168.0.36) are: closed

 

Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

```

I have also tried 1.4rc3 but that would not even boot on my system - 'spect it has something to do with the fact my drives are plugged into the Promise RAID IDE rather than the VIA IDE chain.

Guess I'm gonna have to settle for a local install only   :Sad: 

----------

## dpfletch

Ok, things have gotten a bit weirder -> or maybe clearer??

I've now got my gentoo system up and running.  Installed locally and dual-booting with Windows.

Network card is up and I can see out, but the SSHD is still not allowing access into the box.  As before, ssh is running and I can

```

slogin root@localhost

```

without any probs, but try and go from the Mandrake box into the Gentoo box and it doesn't want to know.

All the same tests carried out as above, with exactly the same results.

Any more ideas??

----------

## Anime_Fan

 *dpfletch wrote:*   

> Ok, things have gotten a bit weirder -> or maybe clearer??
> 
> I've now got my gentoo system up and running.  Installed locally and dual-booting with Windows.
> 
> Network card is up and I can see out, but the SSHD is still not allowing access into the box.  As before, ssh is running and I can
> ...

 

```

nano -w /etc/ssh/sshd_config ##Find and edit these lines:

Port 22 ## Maybe add port 80 if you're behind corporate firewalls, like me

Protocol 2,1 ## Maybe remove Protocol #1

ListenAddress 0.0.0.0 ## Not *, will not work for remote connections. At least not for me in newer versions

/etc/init.d/ssh restart ## Update settings.

fuser -n tcp 22 ##Check that SSH is up.

ssh -l root 127.0.0.1 ##Check that you can connect locally.

ssh -l root $ip ##Check from another box

```

----------

## dpfletch

Hi Anime_Fan

Thanks for your reply.

Unfortunately, editing the /etc/ssh_config file has not helped.  I can still login locally, but not remotely.  Similarly when I nmap the box, it comes up with all ports closed.  I'm now inclined to think that something is blocking all ports by default and I have to open port 22 before the deamon will be able to accept connections ...

----------

## puggy

 *dpfletch wrote:*   

> Hi Anime_Fan
> 
> Thanks for your reply.
> 
> Unfortunately, editing the /etc/ssh_config file has not helped.  I can still login locally, but not remotely.  Similarly when I nmap the box, it comes up with all ports closed.  I'm now inclined to think that something is blocking all ports by default and I have to open port 22 before the deamon will be able to accept connections ...

 

Try opening up another port and see what happens. I can't imagine what would do this on both the livecd and the install.

Puggy

----------

## pengi

What's the output from the following code on both of your boxes?

```
# ifconfig

# route -n
```

I think it sounds like a routing problem...

----------

## dpfletch

 *pengi wrote:*   

> What's the output from the following code on both of your boxes?
> 
> ```
> # ifconfig
> 
> ...

 

Ok, for the Gentoo box (the one I am having trouble ssh-ing into),

route -n gives:

```

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

127.0.0.0       127.0.0.1       255.0.0.0       UG    0      0        0 lo

0.0.0.0         192.168.0.101   0.0.0.0         UG    1      0        0 eth0

```

and ifconfig gives:

```

eth0      Link encap:Ethernet  HWaddr 00:02:E3:20:0C:30

          inet addr:192.168.0.36  Bcast:192.168.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:8 errors:0 dropped:0 overruns:0 frame:0

          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:1045 (1.0 Kb)  TX bytes:1083 (1.0 Kb)

          Interrupt:11 Base address:0xc000

                                                                                

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

                                                         

```

For the Mandrake box (the one I have no trouble ssh-ing into),

route -n gives:

```

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

81.107.19.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         81.107.19.254  0.0.0.0         UG    0      0        0 eth0

```

and ifconfig gives:

```

eth0      Link encap:Ethernet  HWaddr 00:03:CE:88:65:1F

          inet addr:81.107.19.224  Bcast:255.255.255.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:3108525 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2254853 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:2560895164 (2442.2 Mb)  TX bytes:240234959 (229.1 Mb)

          Interrupt:11 Base address:0xef00

 

eth1      Link encap:Ethernet  HWaddr 00:A0:CC:D0:1C:40

          inet addr:192.168.0.101  Bcast:192.168.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:482380 errors:1 dropped:0 overruns:0 frame:0

          TX packets:590175 errors:4 dropped:0 overruns:0 carrier:8

          collisions:0 txqueuelen:100

          RX bytes:188903346 (180.1 Mb)  TX bytes:656052725 (625.6 Mb)

          Interrupt:11 Base address:0xd000

 

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:214433 errors:0 dropped:0 overruns:0 frame:0

          TX packets:214433 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:22174768 (21.1 Mb)  TX bytes:22174768 (21.1 Mb)

```

----------

## dpfletch

 *puggy wrote:*   

>  *dpfletch wrote:*   Hi Anime_Fan
> 
> Thanks for your reply.
> 
> Unfortunately, editing the /etc/ssh_config file has not helped.  I can still login locally, but not remotely.  Similarly when I nmap the box, it comes up with all ports closed.  I'm now inclined to think that something is blocking all ports by default and I have to open port 22 before the deamon will be able to accept connections ... 
> ...

 

Hi Puggy

I've edited /etc/sshd_config and bound the ssh daemon to port 80 and to port 2700 and I can connect locally on the Gentoo box on both of these ports, but nmapping and using:

```

ssh -p 80 root@192.168.0.36

```

from the Mandrake box gives connection refused   :Confused: 

----------

## puggy

This is a shot in the dark, but what happens if you use a different network card in the trouble machine?

Puggy

----------

## dpfletch

 *puggy wrote:*   

> This is a shot in the dark, but what happens if you use a different network card in the trouble machine?
> 
> Puggy

 

Food for thought indeed!

I don't have a spare NIC to test, but your post made me think about my home-made hack job cross-over cable.  Although I have not trouble seeing out of the windows box and pulling files onto it, I have never tried connecting to it externally.

I've just enabled FTP on IIS on winXP and can ftp in locally, but, not from the Mandrake box.  Again the NMAP comes back with all ports closed so I think all my head-banging has been because of a duff lead or dodgy NIC.

Thanks to all for you assistance!!   :Very Happy: 

----------

## puggy

 *dpfletch wrote:*   

>  *puggy wrote:*   This is a shot in the dark, but what happens if you use a different network card in the trouble machine?
> 
> Puggy 
> 
> Food for thought indeed!
> ...

 

That's a weird hardware problem, but it's the only conclusion I can think of.

Puggy

----------

## dpfletch

Guys,

I can't believe how stupid I've been.  I was just sitting here and one of those "inspiration" atoms that Pratchett keeps talking about must have finally struck home.

I've checked the wiring of my cross-over cable and all is correct.

When I nmap the windoze box I get all ports closed ..... this can't be right, we are talking about windoze after all.

I thne thought about my Mandrake box which is running Shorewall.  Stopped shorewall, nmapped the windoze box, and guess what.  All the most exploitable ports are open!!

I then added a line into Shorewall to allow traffic through on specific ports and these ports came up as open whereas all other ports came up closed.

So all this and it was bl**dy Shorewall on the 'drake box causing the problems.

I feel   :Embarassed: 

Still, we live and learn   :Smile: 

Thanks again for all your help!!!!

Fletch

----------

## puggy

Aw man! If you'd told me that days ago....  :Very Happy: 

Moving to Networking & Security as this thread's more relevant there.

Puggy

----------

## jonfr

are you behind an firewall or NAT connection of anytype..?

----------

## puggy

 *jonfr wrote:*   

> are you behind an firewall or NAT connection of anytype..?

 

Your a bit late to this party dude.  :Very Happy: 

----------

