Complete idiot needs help setting up sshd

The idiot in question is me, of course.

I'm running debian stable on this ancient-ass ibm box that connects to the
net via a craptacular RetailPlus broadband router (and Bell Sympatico
DSL). I'd really like to be able to ssh into my home machine, but so far
my caveman techniques of starting sshd at the command line and trying to
ssh in from a different client have failed miserably: ssh just hangs there
and doesn't do anything. If I start sshd and then ssh localhost from my home
machine, it works fine.

In another fit of brutishness, I dropped the firewall on my router to see
if that was causing problems, with similar results. I realize that this
isn't much info to go on, but I'm a complete twat when it comes to
networking and so I don't even know what else to tell :/ Advice and/or
links to useful information would be appreciated.

Thanks!

-Debo


Debo

Debo <(E-Mail Removed)> writes:

]The idiot in question is me, of course.

]I'm running debian stable on this ancient-ass ibm box that connects to the
]net via a craptacular RetailPlus broadband router (and Bell Sympatico
]DSL). I'd really like to be able to ssh into my home machine, but so far
]my caveman techniques of starting sshd at the command line and trying to
]ssh in from a different client have failed miserably: ssh just hangs there
]and doesn't do anything. If I start sshd and then ssh localhost from my home
]machine, it works fine.

]In another fit of brutishness, I dropped the firewall on my router to see
]if that was causing problems, with similar results. I realize that this
]isn't much info to go on, but I'm a complete twat when it comes to
]networking and so I don't even know what else to tell :/ Advice and/or
]links to useful information would be appreciated.

Information would be userful. If you are on a dsl, it is possible that you
are on a private network (10.x.x.x, 192.168.x.x) in which case there is no
way that you can connect to your home machines. It is impossible.
If not, then we need more information.
Is the ssh request getting through at all
Look in the logs in /var/log

Is your /etc/hosts.allow set up to allow sshd requests from anywhere
sshd sshd1 ssh X11 sshdfwd-X11:ALL

In comp.os.linux.networking Debo <(E-Mail Removed)>:
> The idiot in question is me, of course.

> I'm running debian stable on this ancient-ass ibm box that connects to the
> net via a craptacular RetailPlus broadband router (and Bell Sympatico
> DSL). I'd really like to be able to ssh into my home machine, but so far

You are sure ssh works from this system to another over the
internet? Tried some other system?

> my caveman techniques of starting sshd at the command line and trying to
> ssh in from a different client have failed miserably: ssh just hangs there
> and doesn't do anything. If I start sshd and then ssh localhost from my home
> machine, it works fine.

Might be just compiled with tcp_wrapper support, check
/etc/hosts.{allow|deny}, put in hosts.allow:

sshd: ALL

> In another fit of brutishness, I dropped the firewall on my router to see
> if that was causing problems, with similar results. I realize that this
> isn't much info to go on, but I'm a complete twat when it comes to
> networking and so I don't even know what else to tell :/ Advice and/or
> links to useful information would be appreciated.

Is there anything logged in /var/log/* concerning sshd? If you
start it?

Show us the output of (presuming "sshd_config" is in this dir):

awk '!/^#/&&NF>0' /etc/ssh/sshd_config

On the other hand one ISP might block port 22, which you need to
rule out. Or your router isn't port-forwarding probably, there are
too much unknown facts for really helpful advice.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 268: Neutrino overload on the nameserver

On Thu, 25 Nov 2004 12:55:13 -0500, Debo wrote:

> The idiot in question is me, of course.
>
> I'm running debian stable on this ancient-ass ibm box that connects to the
> net via a craptacular RetailPlus broadband router (and Bell Sympatico
> DSL). I'd really like to be able to ssh into my home machine, but so far
> my caveman techniques of starting sshd at the command line and trying to
> ssh in from a different client have failed miserably: ssh just hangs there
> and doesn't do anything. If I start sshd and then ssh localhost from my home
> machine, it works fine.
>
> In another fit of brutishness, I dropped the firewall on my router to see
> if that was causing problems, with similar results. I realize that this
> isn't much info to go on, but I'm a complete twat when it comes to
> networking and so I don't even know what else to tell :/ Advice and/or
> links to useful information would be appreciated.
>
> Thanks!
>
> -Debo

Have you tried using webmin to configure SSH? Webmin has a great ssh
module that makes setting up ssh trivial. As for your router, all you have
to do is forward port 22 (or what ever port you designated as you ssh
port) to your machine.

BU> Information would be userful. If you are on a dsl, it is possible that you
BU> are on a private network (10.x.x.x, 192.168.x.x) in which case there is no
BU> way that you can connect to your home machines. It is impossible.

Crap-o. My internal ip is somethin like 192.168.0.x... when I connect to
sites on the web though, I guess it's my WAN IP that's showing up? That
comes out as 74.65.x.x or something along those lines.

BU> If not, then we need more information.
BU> Is the ssh request getting through at all
BU> Look in the logs in /var/log

I looked in auth.log and it doesn't appear as if the external requests
are getting through at all. I can see the instances of when I've run the
ssh client from my home machine, and I can see the instances of when I've
ssh'ed localhost as well, but nothing else.

BU> Is your /etc/hosts.allow set up to allow sshd requests from anywhere
BU> sshd sshd1 ssh X11 sshdfwd-X11:ALL

It wasn't before, but it is now. That didn't seem to help. I'm guessing
that I'm screwed, given your earlier DSL comment...

Thanks for the help.

-Debo

MH> You are sure ssh works from this system to another over the
MH> internet? Tried some other system?

Yep, I do this all the time.

MH> Might be just compiled with tcp_wrapper support, check
MH> /etc/hosts.{allow|deny}, put in hosts.allow:
MH> sshd: ALL

Donesville. (I didn't notice a change when I did this).

MH> > In another fit of brutishness, I dropped the firewall on my router to see
MH> > if that was causing problems, with similar results. I realize that this
MH> > isn't much info to go on, but I'm a complete twat when it comes to
MH> > networking and so I don't even know what else to tell :/ Advice and/or
MH> > links to useful information would be appreciated.

MH> Is there anything logged in /var/log/* concerning sshd? If you
MH> start it?

Yeah, (I discussed this in the previous message). I can see when I ssh
localhost, but that's about it.

MH> Show us the output of (presuming "sshd_config" is in this dir):
MH>
MH> awk '!/^#/&&NF>0' /etc/ssh/sshd_config

sshd_config is where you predicted, and when I throw that regexp at it,
awk spits out '/: Event not found'. If you just tell me what you're
looking for I could probably figure it out

MH> On the other hand one ISP might block port 22, which you need to
MH> rule out. Or your router isn't port-forwarding probably, there are
MH> too much unknown facts for really helpful advice.

Forwarding port 22 was my first thought too, but the bogus web-interface
the router uses doesn't seem to have any menu options for port-forwarding.
I'll take another look.

Thanks!

I managed to get it running, thanks to various pointers from you guys.
Thanks so much!

-Debo

In comp.os.linux.networking Debo <(E-Mail Removed)>:
[..]

> MH> awk '!/^#/&&NF>0' /etc/ssh/sshd_config

> sshd_config is where you predicted, and when I throw that regexp at it,
> awk spits out '/: Event not found'. If you just tell me what you're
> looking for I could probably figure it out

Strange, pretty old awk? Should work with almost any version of
GNU awk, which comes standard on most if not all Linux distro.
Sure you used cut&paste and there was no typo?

Anyway, it should show the config without comments/empty lines.

Port 22
Protocol 2
[ and more ]

> MH> On the other hand one ISP might block port 22, which you need to
> MH> rule out. Or your router isn't port-forwarding probably, there are
> MH> too much unknown facts for really helpful advice.

> Forwarding port 22 was my first thought too, but the bogus web-interface
> the router uses doesn't seem to have any menu options for port-forwarding.
> I'll take another look.

Ah this sounds like a possible reason, you need to double-check
first to get things working.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 94: Internet outage

Debo <(E-Mail Removed)> writes:


]BU> Information would be userful. If you are on a dsl, it is possible that you
]BU> are on a private network (10.x.x.x, 192.168.x.x) in which case there is no
]BU> way that you can connect to your home machines. It is impossible.

]Crap-o. My internal ip is somethin like 192.168.0.x... when I connect to
]sites on the web though, I guess it's my WAN IP that's showing up? That
]comes out as 74.65.x.x or something along those lines.

What does ifconfig -a say? If it says 192.168.x.x then yes, you are in
trouble.



]BU> If not, then we need more information.
]BU> Is the ssh request getting through at all
]BU> Look in the logs in /var/log

]I looked in auth.log and it doesn't appear as if the external requests
]are getting through at all. I can see the instances of when I've run the
]ssh client from my home machine, and I can see the instances of when I've
]ssh'ed localhost as well, but nothing else.

]BU> Is your /etc/hosts.allow set up to allow sshd requests from anywhere
]BU> sshd sshd1 ssh X11 sshdfwd-X11:ALL

]It wasn't before, but it is now. That didn't seem to help. I'm guessing

If you go out (ssh to some external machine) what is the port number that
your machine reports as.

(Ie, if you have another machine that you have control of, run tcpdump and
look at th eport number reported when the ssh from your machine tries to
ssh into that other machine. If it is a very high port number, then you
have masquarading going on and you will not be able to get back to your
machine, unless you get your provider to punch a hole in the firewall to
give the outside world access to your machine. )

> Crap-o. My internal ip is somethin like 192.168.0.x... when I connect to
> sites on the web though, I guess it's my WAN IP that's showing up? That
> comes out as 74.65.x.x or something along those lines.

so go back to your DSL modem / router and have port 22 forwarded back to
your IP of the system you are trying to ssh into.

What's happening is your external ssh requests come to your public IP which
is on your modem/router and it doesn't know what to do about it, so it just
ignores it.

If you have an external firewall that has your public IP, that would be a
place to do it as well.