[opensuse] ssh problems
Hi All, I have installed openSuSE 13.2 on a new computer. Even though I can reach any of the three old computers of my home network, my new computer is unreachable from outside. On the new computer, I have activated and started sshd using the Services Manager in YaST. Now, when I look for ssh with "ps ax | grep ssh | grep -v grep", the following lines appear: 1369 ? Ss 0:00 /usr/sbin/sshd -D 1602 ? S 0:00 /usr/bin/dbus-launch --sh-syntax --exit-with-session /usr/bin/ssh-agent /usr/bin/gpg-agent --sh --daemon --keep-display --write-env-file /home/wolfgang/.gnupg/agent.info-asus:0 /etc/X11/xinit/xinitrc 1604 ? Ss 0:00 /usr/bin/ssh-agent /usr/bin/gpg-agent --sh --daemon --keep-display --write-env-file /home/wolfgang/.gnupg/agent.info-asus:0 /etc/X11/xinit/xinitrc ["asus" is my new computer's name] How can I force my new computer to accept ssh from outside? Any help is welcome. Thanks in advance, Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/27/2016 11:06 AM, Wolfgang Mueller wrote:
Check your sshd_config to be sure it is listening on all interfaces. (or use netstat -anp ) Check that your suse firewall is allowing access. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* John Andersen <jsamyth@gmail.com> [04-27-16 14:29]: [...]
Check your sshd_config to be sure it is listening on all interfaces. (or use netstat -anp ) Check that your suse firewall is allowing access.
and that your routing device allows/passes access to subj computer. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2016-04-27 20:06, Wolfgang Mueller wrote:
Outside is Internet, the World? Or is it /inside/ your home, ie, from other computers in your LAN? A bit confused here.
How can I force my new computer to accept ssh from outside? Any help is welcome.
If it is your LAN, inside your home, most probably is the firewall. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlchGIAACgkQja8UbcUWM1zuuwEAjVxlfk5YpkwSoZf2udzXW9rw bN4Z+Z64NFVDt+lnmmoA/3QF4VjlFc7cfNBHpRIM0Q9baBPrs6kHQM2f4waG0vOJ =uDzK -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/27/16 20:06, I wrote:
Your diagnosis was perfect: Indeed, it was the SuSE firewall that caused the problems. Having stopped and disabled it, everything works o.k. Muchas gracias, Carlos! Merci bien, Jean-Daniel! Thank you very much, John, Nick and Patrick! Bye, Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne čtvrtek 28. dubna 2016 10:02:14 CEST, Wolfgang Mueller napsal(a):
Ehm, I'd rather recommend to open SSH port and start firewall again... -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2016-04-28 10:02, Wolfgang Mueller wrote:
I hope that is just temporary. Rather open the ssh port and leave the firewall up.
Muchas gracias, Carlos! Merci bien, Jean-Daniel! Thank you very much, John, Nick and Patrick!
Welcome :-) - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlch8Z4ACgkQja8UbcUWM1xeYAEAm5HqoLTCKm+pJmxT95IlsjSi l8JdERGIYE7xNmFAu+MBAInsag+tp1HKehU/d5H+tJmpYtRo6IQXNjuTPy3nliA6 =n7FD -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/28/16 13:18, Carlos E. R. wrote:
I fear it's rather permanent, because in my internal network, consisting of four computers, I want to do on one of them all things I can do on any other of them, i.e. open all kinds of windows and perform all kinds of programs. Therefore I have connected them by nfs, each of them simultaneously acting as a server and as a client. I think that such an excessive usage of a computer network does not tolerate any restriction imposed by a firewall (but maybe I'm wrong?) For my security, I rely on my router AVM FRITZ!Box 3270, being AVM the most common producer of routers and having the highest reputation in Germany (https://en.avm.de/). Moreover, I do not use WLAN at all, which is disabled in my router. For a remote connection in my house between different rooms and/or stories, I use Netgear Powerline (http://www.netgear.com/), which uses the existing electrical wiring and is much faster than WLAN. If I like, I can see the names of all my neighbors' WLAN connections, but mine is not among them. It's now for about 15 years I use the network described above, without ever experiencing any damage caused by hackers, worms, Trojan horses and other antipathetic people or animals, respectively. Regards, Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-04-29 12:28, Wolfgang Mueller wrote:
I do the same with the firewall up, and very strict one. You can simply tell the firewall configuration that it is the internal interface. It makes things easy, but arguably not that safe.
How often do they produce updates?
IMHO, powerline networking should be forbidden. It causes radio interference. >:-) I trust that powerline thing uses strong encryption, otherwise neighbours could have a peek. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 04/29/2016 03:28 AM, Wolfgang Mueller wrote:
Yes, you can run cross-mounted NFS with host-based firewalls. You just open ports 111 and 2049, if memory serves. You can even limit what gets exported and to which IP's by using /etc/exports. Do you have encryption enabled on your power-line network? It might be risky if you don't. You also might find the need to run wifi in the future with the Internet Of Things (IOT) becoming more popular. As an example, I've got a Fitbit scale that weighs me and calculates my percentage of body blubber, then sends the data to the "cloud" via wifi. Just this morning I saw it "updating" its own firmware. These devices can possibly be remotely compromised and used as a toehold into a local home network if not firewalled properly. Default-deny host-based firewalls are a good thing! Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/27/2016 11:06 AM, Wolfgang Mueller wrote:
Check your sshd_config to be sure it is listening on all interfaces. (or use netstat -anp ) Check that your suse firewall is allowing access. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* John Andersen <jsamyth@gmail.com> [04-27-16 14:29]: [...]
Check your sshd_config to be sure it is listening on all interfaces. (or use netstat -anp ) Check that your suse firewall is allowing access.
and that your routing device allows/passes access to subj computer. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2016-04-27 20:06, Wolfgang Mueller wrote:
Outside is Internet, the World? Or is it /inside/ your home, ie, from other computers in your LAN? A bit confused here.
How can I force my new computer to accept ssh from outside? Any help is welcome.
If it is your LAN, inside your home, most probably is the firewall. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlchGIAACgkQja8UbcUWM1zuuwEAjVxlfk5YpkwSoZf2udzXW9rw bN4Z+Z64NFVDt+lnmmoA/3QF4VjlFc7cfNBHpRIM0Q9baBPrs6kHQM2f4waG0vOJ =uDzK -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/27/16 20:06, I wrote:
Your diagnosis was perfect: Indeed, it was the SuSE firewall that caused the problems. Having stopped and disabled it, everything works o.k. Muchas gracias, Carlos! Merci bien, Jean-Daniel! Thank you very much, John, Nick and Patrick! Bye, Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne čtvrtek 28. dubna 2016 10:02:14 CEST, Wolfgang Mueller napsal(a):
Ehm, I'd rather recommend to open SSH port and start firewall again... -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
participants (7)
-
Carlos E. R. -
jdd -
John Andersen -
Lew Wolfgang -
Patrick Shanahan -
Vojtěch Zeisek -
Wolfgang Mueller