Fedora's SSH

Patrick O'Brien padric at hotmail.com
Tue Feb 24 13:12:58 UTC 2004 

I wouldn't concern myself with the xinitd yet...

run netstat -tupan to see what port sshd is listening on on your home 
system.
/etct/ssh/ssh_conf ...needs
# Port 22
remove # and insert
Port 21
service sshd restart
run ssh -v to.home (gives verbose out put on client end)
check /var/log/messages and /var/log/secure (on server [to.home]) to see if 
there is a love connection and you can add
iptables -A INPUT -p tcp --dport 21 -j LOG --log-prefix "MY_SSH: "
to log to your /var/log/messages

also of note, your IT dept probably blocks 21 (ftp) and 23 (telnet) if they 
block 22 out.
try a port above 1023 as a last restort I usuually have sshd on port 2222
Port 2222


>On Mon, 2004-02-23 at 23:02, Vincent wrote:
> > On Mon, 23 Feb 2004 22:12:20 -0500
> > James Drabb <JDrabb at tampabay.rr.com> wrote:
> > > > Do I need to do anything special to allow hosts outside of my home
> > > network to SSH in?  I am running SSH on port 21 and have opened port 
>21
> > > on my Linksys router/firewall.  However, I cannot connect from my work
> > > to home.  I am using port 21 because the silly MS Admins where I work
> > > have port 22 blocked, yet they allow telnet.
> > > > > I can ssh on my home computer using my public IP and it connects 
>just
> > > fine.  Do I need to add entries to /etc/hosts.allow?
> > > Maybe. append > sshd: 168.1.1.1.1 sect.mydomain.com > or sshd: ALL
> > to your hosts.allow file, plus double check iptables.
> > If when you try to connect the response is 'connection refused' most 
>likely
> > its a tcp wrap problem.
>
>I though tcp wrappers was only used on xinetd started apps?  I run SSH
>standalone on startup.

Not exactly, xinitd has its own host based access controls so applications
need not worry about compiling in support. xinitd.conf is where AC's are put 
in.
libwrap (tcpwrappers) is a library that can be compiled into any 
application.
#ifdef USE_LIBWRAP
#include <tcpd.h>

so the equivilant to ALL:ALL in /etc/hosts.deny is 'no_access = 0.0.0.0' in
/etc/xinitd.conf

>
>I put the sshd: ALL entry into hosts.all and will give it a shot
>tomorrow.
>
>Thanks,
>
>Jim Drabb

_________________________________________________________________
Take off on a romantic weekend or a family adventure to these great U.S. 
locations. http://special.msn.com/local/hotdestinations.armx

More information about the fedora-list mailing list