ssh and port 22 problem, cont.
by Gerhard Magnus
Greetings!
I've made some progress on troubleshooting this "ssh & port 22 problem".
Here was my original post:
When I try to connect from a remote machine to my one at home
using ssh I get the error message "ssh: connect to host 64.146.133.1 port
22: Connection refused" -- but using ssh in the outgoing direction (i.e.
from home to the remote location) works fine.
Here's what's happened since:
I have two machines (PuteA and PuteB) sharing an ActionTec DSL modem. The IP
I was using was that of my "Gateway" ISP (64.146.133.1) -- an error. But
when I used the correct, static IP address of the ActionTec
(64.146.133.52) I got this message:
ssh: connect to host 64.146.133.52 port22: Connection refused
I thought I had port forwarding (for port 22) set correctly on the modem. For
troubleshooting, my ISP advised me to run "tcpdump -n host 192.168.0.2" on
PuteA, where 192.168.0.2 is the "internal" IP of PuteA. Then I logged on
to the remote location from PuteB and tried to ssh from there to PuteA
using the static IP address. The ssh from the remote location timed out
with the same "port 22: connection refused" message. The tcpdump on Pute
A gave this message:
> tcpdump: listening on eth0
> 17:27:33.662753 arp who-has 192.168.0.2 tell 192.168.0.1
where 182.168.0.1 is the "internal" IP of the modem. (Sorry if I have
this terminology wrong.)
My ISP says the problem is the firewall on PuteA and that he doesn't do linux
firewalls.
Here are my replies to the people who responded to my first post:
(1) "Do you have the firewall configured to deny incoming packets to port
22?"
How do I check this?
(2) "You need to check that sshd is running on your system."
Yes. I comes up with each boot. Also "service sshd status" gives
"sshd (pid 787) is running".
(3) "sshd uses /etc/hosts.allow and /etc/hosts.deny. Check that they are
configured to allow your remote machine in."
Both files have only commented lines.
(4) "Also, if your /etc/ssh/sshd_config file has VerifyReverseMapping
turned on, you will get kicked out if your remote address does not work
with a reverse dns lookup."
There's a "VerifyReverseMapping no" line in the file but it's been commented
out.
(5) "Just to be sure: when you are at home machine, try 'ssh localhost'.
If this works, you probably need to check your firewall."
It seems to work -- I ssh to the machine itself.
(6) "This is common on every system I have ever loaded with FC2. Your
iptables are blocking the connection. You can do one of the following:
iptables -A INPUT -m tcp -p tcp --dport 22 - j ACCEPT"
I tried this. The ssh to PuteA from the remote location still times out.
(7) "Oh yes I also took out the REDHAT firewall entrie as I dont have a
clue as to how to work with it."
I've fiddled endlessly with this "system tool" at each of the three levels
of security as well as using the "customize" option to set eth0 as a
trusted device and to allow incoming ssh. It doesn't show the settings
that actually exist.
(8) "If your fedora box is connected directly to a DSL modem, you should
be able to find your IP address by running ifconfig from the command
line and looking for 'inet addr:' (probably under 'eth0')."
eth0 Link encap:Ethernet HWaddr 00:40:05:81:60:8E
inet addr:192.168.0.4 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2184 errors:0 dropped:0 overruns:0 frame:0
TX packets:2005 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1122075 (1.0 Mb) TX bytes:190214 (185.7 Kb)
Interrupt:5 Base address:0x3000
Could this be the problem -- the "inet addr" of 192.168.0.4? As far as I
can tell, the modem is 192.168.0.1, PuteA is 192.168.0.2, and PuteB is
192.168.0.3. I haven't set anything as 192.168.0.4.
(9) "nmap 64.146.133.52"
(The 1598 ports scanned but not shown below are in state: closed)
Port State Service
23/tcp open telnet
53/tcp open domain
80/tcp open http
Shouldn't ssh be here? And what's telnet doing open? The books have me
scared to death of this... hackers, crackers, script kiddies, etc.
Thanks for the help!
Jerry Magnus
16 years, 2 months
Kernel 115 Doesn't Like iwl4965
by Christopher A. Williams
Since upgrading to kernel 2.6.23.14-115.fc8, my Intel iwl4965 wireless
card refuses to connect. It seems to think my hardware kill switch is
enabled, which is not true. The hardware radio switch is most certainly
on. Output from dmesg is at the end of this message.
If I roll back to kernel 2.6.23.14-107.fc8 (the previous one),
everything works as it should.
Laptop is an HP/Compaq 8510w with 4GB RAM and running F8 (64-bit).
Has anyone else run into this?
Cheers,
Chris
======================================
Here's the relevant output from dmesg:
ACPI: PCI Interrupt 0000:10:00.0[A] -> GSI 17 (level, low) -> IRQ 17
iwl4965: Radio disabled by HW RF Kill switch
ACPI: PCI interrupt for device 0000:10:00.0 disabled
ACPI: PCI Interrupt 0000:10:00.0[A] -> GSI 17 (level, low) -> IRQ 17
iwl4965: Radio disabled by HW RF Kill switch
ACPI: PCI interrupt for device 0000:10:00.0 disabled
irq 17: nobody cared (try booting with the "irqpoll" option)
Call Trace:
<IRQ> [<ffffffff8106aa87>] __report_bad_irq+0x30/0x72
[<ffffffff8106acd8>] note_interrupt+0x20f/0x253
[<ffffffff8106b5c4>] handle_fasteoi_irq+0xa9/0xd1
[<ffffffff8100e0fc>] do_IRQ+0xf1/0x161
[<ffffffff8100c0e1>] ret_from_intr+0x0/0xa
<EOI> [<ffffffff8125b7f9>] thread_return+0x5c/0xd8
[<ffffffff8101bdf7>] lapic_next_event+0x0/0xa
[<ffffffff8105064c>] tick_nohz_restart_sched_tick+0x12b/0x12f
[<ffffffff811d5a6a>] cpuidle_idle_call+0x0/0xa6
[<ffffffff8100aeb1>] cpu_idle+0xba/0xbc
[<ffffffff81431baa>] start_kernel+0x2cf/0x2db
[<ffffffff81431140>] _sinittext+0x140/0x144
handlers:
[<ffffffff811a69e9>] (yenta_interrupt+0x0/0xb9)
[<ffffffff811abe2f>] (usb_hcd_irq+0x0/0x52)
[<ffffffff88b13de3>] (azx_interrupt+0x0/0xc3 [snd_hda_intel])
Disabling IRQ #17
--
====================================================
In theory there is no difference between theory and practice.
In practice there is.
--Yogi Berra
16 years, 2 months
What's Happened at fcp.surfsite.org
by Robert McBroom
What has happened to the Fedora Community Portal at fcp.surfsite.org? There haven't seemed to be updates since the 21st of January. It was very nice to keep track of the lists in a manner that wasn't obvious to IT.
Robert McBroom
16 years, 2 months
Yum repair
by Timothy Murphy
I upgraded FC-6 to F-7 on an Athlon64 machine,
and the process hung several (3 I think) times during installation.
Each time I re-started the machine,
the number of packages was greatly reduced: 950 ... 400 ... 50.
The system works fine,
but it is pretty clear all the packages were not properly installed.
Eg when I ran "yum update" after the installation
only 30 or so packages were downloaded,
while on other systems the number was 300-400.
Is there any way of checking that everything has been downloaded?
Or is there even a command like "yum --force install"
to force a re-installation of a particular package?
--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
16 years, 2 months
Burning CDs
by Phil Bass
First, apologies if this has been asked before. I did look at the
fedora-list archives, but they're arranged by date and I don't know
which month(s) to look at. (Is there a search facility somewhere?)
I'm using Fedora 7 with all updates applied (except for a very recent
Perl update that the update program couldn't find).
I have been using xcdroast to save photos onto CDs. I always write
multi-session CDs so that I can keep adding photos until the disk is
nearly full. Some time over the past 5 months xcdroast seems to have
stopped working. After some Googling I found that a kernel update was
(probably) responsible and that it works when run as root. That would be
an acceptable temporary solution, but for me it doesn't work. xcdroast
starts up but never sees a CD in the CD-writer. Asking xcdroast to scan
for devices causes it to hang. This is true for both ordinary users and
root.
After further investigation I found an alternative CD burning program
called graveman and tried it. It hangs on startup for both ordinary
users and root.
Finally I tried to use the CD burning facility built in to Nautilus. The
trouble now is that I can't find out whether Nautilus will write a new
session to a multi-session CD. There's no option to control that AFAICS.
So I haven't clicked the write-to-disc button to see if it works.
If necessary I could learn how to use cdrecord (or is it wodim now?),
but that's far more complicated than I need and I'm fast losing the will
to live. ;-) Any suggestions?
--
Phil Bass (phil(a)stoneymanor.demon.co.uk)
16 years, 3 months
Cups doesn't end print jobs.
by John Thompson
I'm running Fedora8 x86-64 with cups-1.3.6-2fc8 and print to an Epson
C88 printer attached to an EpsonNet print server. Other machines on my
home network (Vista, slackware, FreeBSD) can print just fine with this
setup, but for some reason on the Fedora8 machine print jobs are never
removed from the queue after the print job completes. The job just sits
there as "active" (even though the entire document has printed), and
blocks subsequent print jobs until I manually "lprm" the job. Then the
next job prints, and again sits there until I lprm that job, and so on.
Cups is configured identically on my slackware machine but on that
machine the jobs are removed properly.
What should I be looking for to fix this?
--
John (john(a)os2.dhs.org)
16 years, 3 months
quicker updates - use presto
by Valent Turkovic
Hi,
how many of you use presto plugin for yum that does deltarpms
downloads and now whole rpms while updating?
How do you find it? I find it excellent! I have a fast internet
connection and I still find it really helpful - I can't imagine how is
it to update on a slow internet connections without presto.
If you look at the link:
http://fedoraproject.org/wiki/Releases/FeaturePresto
you can see that it will be on by default on Fedora 9 - nice :)
Valent.
--
http://kernelreloaded.blog385.com/
linux, blog, anime, spirituality, windsurf, wireless
registered as user #367004 with the Linux Counter, http://counter.li.org.
ICQ: 2125241, Skype: valent.turkovic
16 years, 3 months