problems with ssh
When I try to log in to my machine at home (from work) it fails. Checking the SuSEfirewall log (on my machine at home) it says SFW2-INext-DROP . . . PROTO=TCP SPT=7643 DPT=3506 Does anyone know why ssh is using port 3506 and not 22? I think this is why the firewall is blocking it. Does anyone know how to fix it? Using SuSE 9.2, Kernel 2.6.8-24.11-default, openssh-3.9p1-3.2. I'm behind a LinkSys router which is set to forward ssh to my home machine. My machine at work doesn't seem to suffer from this problem. Thanks for any help Eddie
On Monday 14 March 2005 14:59, eddie.howson@dsl.pipex.com wrote:
When I try to log in to my machine at home (from work) it fails. Checking the SuSEfirewall log (on my machine at home) it says
SFW2-INext-DROP . . . PROTO=TCP SPT=7643 DPT=3506
Does anyone know why ssh is using port 3506 and not 22? I think this is why the firewall is blocking it. Does anyone know how to fix it?
Using SuSE 9.2, Kernel 2.6.8-24.11-default, openssh-3.9p1-3.2. I'm behind a LinkSys router which is set to forward ssh to my home machine. My machine at work doesn't seem to suffer from this problem.
Obvious ;) question when firewall is involved: Can you login *without* the firewall? Cheers, Leen
On Monday 14 Mar 2005 14:13, Leendert Meyer wrote:
On Monday 14 March 2005 14:59, eddie.howson@dsl.pipex.com wrote:
When I try to log in to my machine at home (from work) it fails. Checking the SuSEfirewall log (on my machine at home) it says
SFW2-INext-DROP . . . PROTO=TCP SPT=7643 DPT=3506
Does anyone know why ssh is using port 3506 and not 22? I think this is why the firewall is blocking it. Does anyone know how to fix it?
Using SuSE 9.2, Kernel 2.6.8-24.11-default, openssh-3.9p1-3.2. I'm behind a LinkSys router which is set to forward ssh to my home machine. My machine at work doesn't seem to suffer from this problem.
Obvious ;) question when firewall is involved:
Can you login *without* the firewall?
Cheers,
Leen
Just tested it. I can log in with the firewall on the router switched off and SuSEfirewall on. So I guess my problem is with the Linksys router. Of course, any help with sorting out the router would be good. But I understand it that is beyond the scope of this list. Thanks Eddie
On Monday 14 March 2005 10:38 am, eddie.howson@dsl.pipex.com wrote: <SNIP>
Using SuSE 9.2, Kernel 2.6.8-24.11-default, openssh-3.9p1-3.2. I'm behind a LinkSys router which is set to forward ssh to my home machine. My machine at work doesn't seem to suffer from this problem.
Your LinkSys at work should NAT outgoing traffic. While it would be necessary to forward incoming port 22 to your work PC to access it from home, no forwarding should be needed in the other direction. This is how I am using my home PC from work right now. -- Louis Richards
On Monday 14 Mar 2005 15:56, Louis Richards wrote:
On Monday 14 March 2005 10:38 am, eddie.howson@dsl.pipex.com wrote: <SNIP>
Using SuSE 9.2, Kernel 2.6.8-24.11-default, openssh-3.9p1-3.2. I'm behind a LinkSys router which is set to forward ssh to my home machine. My machine at work doesn't seem to suffer from this problem.
Your LinkSys at work should NAT outgoing traffic. While it would be necessary to forward incoming port 22 to your work PC to access it from home, no forwarding should be needed in the other direction.
This is how I am using my home PC from work right now.
-- Louis Richards
Maybe I didn't say that quite right. The LinkSys is at home and set to forward port 22 to my home computer (I have more than one but the linksys is set to forward to the main machine). Interestingly enough sometimes I can get through sometimes I can't. I think I need some method of ensuring that the LinkSys forwards to the correct port, I'm stuck at that point. Maybe the solution is not to use the firewall on the LinkSys and only use the SuSEFirewall. Thanks for all the responses. Its giving me some good info. Eddie
On Mon, 2005-03-14 at 12:37, eddie.howson@dsl.pipex.com wrote:
On Monday 14 Mar 2005 15:56, Louis Richards wrote: Maybe I didn't say that quite right. The LinkSys is at home and set to forward port 22 to my home computer (I have more than one but the linksys is set to forward to the main machine). Interestingly enough sometimes I can get through sometimes I can't. I think I need some method of ensuring that the LinkSys forwards to the correct port, I'm stuck at that point. Maybe the solution is not to use the firewall on the LinkSys and only use the SuSEFirewall.
Maybe you would be better off by starting -with- the linksys firewall first and then use the SuSEfirewall. This way you can figure out if it is a port forwarding issue on the linksys and then fine turn your internal firewall. When I was working I only used the linksys port forwarding (at home) and never had problems. It does a good job when you run it in stealth mode for keeping critters out. But you will always have port scanners looking no matter what you use for a firewall. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 * Only reply to the list please* "The day Microsoft makes something that doesn't suck is probably the day they start making vacuum cleaners." -Ernst Jan Plugge
On Monday 14 March 2005 16:38, eddie.howson@dsl.pipex.com wrote:
On Monday 14 Mar 2005 14:13, Leendert Meyer wrote:
On Monday 14 March 2005 14:59, eddie.howson@dsl.pipex.com wrote:
When I try to log in to my machine at home (from work) it fails. Checking the SuSEfirewall log (on my machine at home) it says
SFW2-INext-DROP . . . PROTO=TCP SPT=7643 DPT=3506
Does anyone know why ssh is using port 3506 and not 22? I think this is why the firewall is blocking it. Does anyone know how to fix it?
Using SuSE 9.2, Kernel 2.6.8-24.11-default, openssh-3.9p1-3.2. I'm behind a LinkSys router which is set to forward ssh to my home machine. My machine at work doesn't seem to suffer from this problem.
Obvious ;) question when firewall is involved:
Can you login *without* the firewall?
Just tested it. I can log in with the firewall on the router switched off and SuSEfirewall on.
Why a second firewall? That make things (IMO) unnecessarily complicated. You have proven that. ;) But it is possible that I am completely wrong about this... ;)
So I guess my problem is with the Linksys router. Of course, any help with sorting out the router would be good. But I understand it that is beyond the scope of this list.
Uhm, perhaps, but as this is a technical question I don't mind. And let's not forget the occasional aunties tea-circles (dutch: theekransjes)... ;P Indeed, as this is far less serious, the aunties might object... ;> It could help if port 22 (guess: the ssh port) is open on the router. Does the router have a similar logging as SuSEfirewall? Have a look at them, if you can, to see what ports are blocked at a ssh login attempt. Port 22 should be enough. Some pc's have only port 22 open. Cheers, Leen
On Monday 14 March 2005 10:01 am, Leendert Meyer wrote:
Why a second firewall? That make things (IMO) unnecessarily complicated. You have proven that. ;) But it is possible that I am completely wrong about this... ;)
Leen
Layered security approach. The small SOHO/home firewall/routers can help deflect curious crackers and malicious bots. Bad stuff doesn't see a Windows machine, they move on. NEVER rely on it but it does help. Then setup your iptables firewall for the real internal work with external/internal facing NICs, etc taht all your client machines must go through. This is just another layer in your overall security strategy. Almost all of these small SOHO/home firewall/routers need to be setup to port forward (I think that's Linksys's term for what they do) ssh, www, tcp, whatever to specific machine's IP:port. Specify the port on the Linksys that listens externally and which internal LAN IP address:port it 'forwards' to. Linksys supports port ranges to listen to externally also. Others have you specify a public port and a private IP:port. For ssh ALWAYS (and probably most other basic services) choose a different external port than 22 and greater than 1024. Its amazing how many hits you get on that once you open it up from automated cracker bots testing what they hope are common UserIDs and if that works, common passwords. Stan
On Monday 14 March 2005 17:25, Stan Glasoe wrote:
On Monday 14 March 2005 10:01 am, Leendert Meyer wrote:
Why a second firewall? That make things (IMO) unnecessarily complicated. You have proven that. ;) But it is possible that I am completely wrong about this... ;)
Layered security approach. The small SOHO/home firewall/routers can help deflect curious crackers and malicious bots. Bad stuff doesn't see a Windows machine, they move on. NEVER rely on it but it does help. ... port forward ... For ssh ALWAYS (and probably most other basic services) choose a different external port than 22 and greater than 1024. Its amazing how many hits you get on that once you open it up from automated cracker bots testing what they hope are common UserIDs and if that works, common passwords.
Yup, I know. But never thought of changing the default port (although I knew the possibility). Actually I thought of giving the perpetrators the tarpit treatment.
Stan
Thanks, Stan, much appreciated. Cheers, Leen
On Monday 14 March 2005 01:54 pm, Leendert Meyer wrote:
Yup, I know. But never thought of changing the default port (although I knew the possibility). Actually I thought of giving the perpetrators the tarpit treatment.
Leen
in /etc/ssh/sshd_config: PermitRootLogin no -- Louis Richards
On Monday 14 March 2005 11:01 am, Leendert Meyer wrote: <SNIP>
Why a second firewall? That make things (IMO) unnecessarily complicated. You have proven that. ;) But it is possible that I am completely wrong about this... ;)
One firewall protecting the work network from the internet and another protecting the home network. I would consider two to be the minimum requirement ;-) -- Louis Richards
On Monday 14 March 2005 08:59 am, eddie.howson@dsl.pipex.com wrote:
When I try to log in to my machine at home (from work) it fails. Checking the SuSEfirewall log (on my machine at home) it says
SFW2-INext-DROP . . . PROTO=TCP SPT=7643 DPT=3506
Does anyone know why ssh is using port 3506 and not 22? I think this is why the firewall is blocking it. Does anyone know how to fix it?
Using SuSE 9.2, Kernel 2.6.8-24.11-default, openssh-3.9p1-3.2. I'm behind a LinkSys router which is set to forward ssh to my home machine. My machine at work doesn't seem to suffer from this problem.
Thanks for any help
Eddie
Are you sure that at work they are using port 22?? I don't use port 22 for my setup. Try using: ssh -p 22 <name of your machine> to login. That will use port 22.
participants (6)
-
Bruce Marshall -
eddie.howson@dsl.pipex.com -
Ken Schneider -
Leendert Meyer -
Louis Richards -
Stan Glasoe