Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
ProscribereOffline
Post subject: Port 22 after reboot closed  PostPosted: 17.01.2011, 17:42



Joined: 2011-01-17
Posts: 7
Location: Pa
Status: Offline
Hi,

i have a big problem. I opened port 22 with this:
      Code:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

and the same with OUTPUT.

After opening it, i can connect with ssh from archlinux to aptosid. But if aptosid is getting rebooted the setting for the port will get deleted.

nmap from archlinux to aptosid says:
      Code:

[ferdl@sweetarch ~]$ nmap 192.168.2.105 -p 22

Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-17 18:34 CET
Nmap scan report for aptosidbox.localdomain (192.168.2.105)
Host is up (0.0036s latency).
PORT   STATE  SERVICE
22/tcp closed ssh

Nmap done: 1 IP address (1 host up) scanned in 0.24 seconds


The same problem i had with ubuntu and debian.

There is a other strange problem too:
If my pc with arch is running and i activate the printer, so aptosid could print -> aptosid doesn't find the printer. Only if i reboot arch it will be found. The same problem i had with other debian based distributions too. But this is a small problem which has time...

Thank you for your time. If someone needs more information i will give it. Smile

Greetings
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
SephiOffline
Post subject:   PostPosted: 17.01.2011, 18:41



Joined: 2010-09-29
Posts: 5

Status: Offline
This behaviour is normal, iptables rules get reset if you restart your system. You can simply export your rules with iptables-save and restore them at each boot with iptables-restore.
 
 View user's profile Send private message  
Reply with quote Back to top
ProscribereOffline
Post subject:   PostPosted: 20.01.2011, 17:10



Joined: 2011-01-17
Posts: 7
Location: Pa
Status: Offline
Ok, iptables-save will work. But iptables-restore doesn't really work. If i type it in nothing happens. It looks more like it's running but can't complete.

I installed iptables-persitent from apt and configured it but this doesn't change anything. I don't understand why it is so hard to set up on debian based systems.. Sad
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
finottiOffline
Post subject:   PostPosted: 20.01.2011, 19:12



Joined: 2010-09-12
Posts: 315

Status: Offline
Did you do it with

      Code:

iptables-save > iptabels_config_file
iptables-restore < iptables_config_file
 
 View user's profile Send private message  
Reply with quote Back to top
ProscribereOffline
Post subject:   PostPosted: 20.01.2011, 19:49



Joined: 2011-01-17
Posts: 7
Location: Pa
Status: Offline
Seems like iptables-persitent should do exactly the same.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
ProscribereOffline
Post subject:   PostPosted: 30.01.2011, 11:12



Joined: 2011-01-17
Posts: 7
Location: Pa
Status: Offline
I found out, why this stupid thing don't connect: ssh doesn't start at bootup. I activated it with rcconf and now it's in rc5.d. But it don't want to start. So i tried to put it into rc.local and make rc.local executable -> Nothing happens...

I don't understand why this thing doesn't start. Sad

At bootup it says it's starting. But if i ask with "/etc/init.d/ssh status" it says ssh is not running.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
ToZOffline
Post subject:   PostPosted: 30.01.2011, 14:02



Joined: 2010-09-11
Posts: 26
Location: Toronto, Ontario, Canada
Status: Offline
By issuing the command:

      Code:
update-rc.d ssh enable 2 3 4 5


I was able to create the necessary startup links in the /etc/rc?.d directories. Upon restart, the ssh service started automatically for me.
 
 View user's profile Send private message  
Reply with quote Back to top
ToZOffline
Post subject:   PostPosted: 30.01.2011, 14:09



Joined: 2010-09-11
Posts: 26
Location: Toronto, Ontario, Canada
Status: Offline
Did you make any changes to the /etc/ssh/sshd_config file? If so please post.

Also, any relevant error messages in dmesg, /var/log/daemon.log, /var/log/messages, /var/log/syslog?
 
 View user's profile Send private message  
Reply with quote Back to top
ProscribereOffline
Post subject:   PostPosted: 30.01.2011, 14:59



Joined: 2011-01-17
Posts: 7
Location: Pa
Status: Offline
sshd_config

      Code:
# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
ListenAddress 192.168.2.105
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile   %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes


dmesg | grep ssh:

      Code:
[   18.557207] sshd (1762): /proc/1762/oom_adj is deprecated, please use /proc/1762/oom_score_adj instead.


cat /var/log/messages | grep ssh:
      Code:
Jan 30 11:30:26 localhost kernel: [   18.337255] sshd (1791): /proc/1791/oom_adj is deprecated, please use /proc/1791/oom_score_adj instead.
Jan 30 11:43:07 localhost kernel: [   18.947159] sshd (1760): /proc/1760/oom_adj is deprecated, please use /proc/1760/oom_score_adj instead.
Jan 30 11:47:23 localhost kernel: [   18.774970] sshd (1764): /proc/1764/oom_adj is deprecated, please use /proc/1764/oom_score_adj instead.
Jan 30 11:50:03 localhost kernel: [   20.608448] sshd (1819): /proc/1819/oom_adj is deprecated, please use /proc/1819/oom_score_adj instead.
Jan 30 11:51:48 localhost kernel: [   19.226774] sshd (1797): /proc/1797/oom_adj is deprecated, please use /proc/1797/oom_score_adj instead.
Jan 30 11:55:55 localhost kernel: [   18.048727] sshd (1752): /proc/1752/oom_adj is deprecated, please use /proc/1752/oom_score_adj instead.
Jan 30 12:02:43 localhost kernel: [   20.742245] sshd (1801): /proc/1801/oom_adj is deprecated, please use /proc/1801/oom_score_adj instead.
Jan 30 13:57:20 localhost kernel: [   18.557207] sshd (1762): /proc/1762/oom_adj is deprecated, please use /proc/1762/oom_score_adj instead.


      Code:
Jan 30 11:30:26 localhost kernel: [   18.337255] sshd (1791): /proc/1791/oom_adj is deprecated, please use /proc/1791/oom_score_adj instead.
Jan 30 11:43:07 localhost kernel: [   18.947159] sshd (1760): /proc/1760/oom_adj is deprecated, please use /proc/1760/oom_score_adj instead.
Jan 30 11:47:23 localhost kernel: [   18.774970] sshd (1764): /proc/1764/oom_adj is deprecated, please use /proc/1764/oom_score_adj instead.
Jan 30 11:50:03 localhost kernel: [   20.608448] sshd (1819): /proc/1819/oom_adj is deprecated, please use /proc/1819/oom_score_adj instead.
Jan 30 11:51:48 localhost kernel: [   19.226774] sshd (1797): /proc/1797/oom_adj is deprecated, please use /proc/1797/oom_score_adj instead.
Jan 30 11:55:55 localhost kernel: [   18.048727] sshd (1752): /proc/1752/oom_adj is deprecated, please use /proc/1752/oom_score_adj instead.
Jan 30 12:02:43 localhost kernel: [   20.742245] sshd (1801): /proc/1801/oom_adj is deprecated, please use /proc/1801/oom_score_adj instead.
Jan 30 13:57:20 localhost kernel: [   18.557207] sshd (1762): /proc/1762/oom_adj is deprecated, please use /proc/1762/oom_score_adj instead.


Can't see anything special. Maybe i'm blind. Confused

EDIT:
Oh, and i have 2 computer in the network. One is with ip 192.168.2.105 (aptosid / aptosidbox) and the other is 192.168.2.102 (Arch Linux / sweetarch)
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
ToZOffline
Post subject:   PostPosted: 30.01.2011, 21:52



Joined: 2010-09-11
Posts: 26
Location: Toronto, Ontario, Canada
Status: Offline
What happens when you try:
      Code:
ssh localhost

from the machine right after reboot, before you need to restart ssh.

Also, try commenting out the:
      Code:
ListenAddress 192.168.2.105

from /etc/ssh/sshd_config, restarting sshd, and trying again.

What does:
      Code:
ls -l /etc/rc5.d/*ssh*

return?
 
 View user's profile Send private message  
Reply with quote Back to top
ProscribereOffline
Post subject:   PostPosted: 31.01.2011, 06:39



Joined: 2011-01-17
Posts: 7
Location: Pa
Status: Offline
      ToZ wrote:

Also, try commenting out the:
      Code:
ListenAddress 192.168.2.105

from /etc/ssh/sshd_config, restarting sshd, and trying again.


That solved the problem. But why? Shocked
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
ToZOffline
Post subject:   PostPosted: 31.01.2011, 11:57



Joined: 2010-09-11
Posts: 26
Location: Toronto, Ontario, Canada
Status: Offline
      Code:
man sshd_config
for an explanation.

What does your network look like with ip addresses?
 
 View user's profile Send private message  
Reply with quote Back to top
ProscribereOffline
Post subject:   PostPosted: 31.01.2011, 13:01



Joined: 2011-01-17
Posts: 7
Location: Pa
Status: Offline
Like said before:
Aptosid = 192.168.2.105 - aptosidbox
Arch Linux = 192.168.2.102 - sweetarch
Router Speedport = 192.168.2.5
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
ToZOffline
Post subject:   PostPosted: 01.02.2011, 03:46



Joined: 2010-09-11
Posts: 26
Location: Toronto, Ontario, Canada
Status: Offline
Hmmm, should work. I just did some testing and found that I couldn't get the ListenAddress parameter to work on boot either. I wonder if it has something to do with the possibility that the ssh server is starting before the network interface is configured and thus can't bind to the address (speculating). Something similar is here: http://www.mail-archive.com/ubuntu-serv ... 2767.html.
 
 View user's profile Send private message  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT - 12 Hours
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Powered by Zafenio