ssh

[flori2]

Ciao ho un pc router con mandrake 10 sopra.Abilitando server ssh,telnet ecc non riesco a connettermi tramite ssh dalle altre macchine della rete interna dicendomi :

ssh: connect to host 192.168.1.1 port 22: Connection refused

invece con ssh su server esterni non mi crea problemi.
Premetto che in fase di installazione ho disabilitato il firewall ed ho fatto la condivisione internet in automatico.Invece se faccio ssh dalla macchina router a se stessa funziona.Grazie

[PiloZ]

fai una scansione sul pc al quale non riesci a connetterti e vedi prima di tutto se la porta 22 è aperta.
ciao

[flori2]

Quote:

Originariamente inviato da PiloZ
fai una scansione sul pc al quale non riesci a connetterti e vedi prima di tutto se la porta 22 è aperta.
ciao

Scusa ignoranza ma come si fa?Grazie

[l.golinelli]

nmap

/etc/hosts.allow come è messo?

[flori2]

etc/host.allow c'è solo la descrizione ma niente dati.

[l.golinelli]

Consenti solo il protocollo 2? Su che interfacce è in ascolto? iptables?

[l.golinelli]

/etc/hosts.deny?

[flori2]

etc/hosts.deny è come .allow!

"Consenti solo il protocollo 2? Su che interfacce è in ascolto? iptables?"
Puoi spiegarmelo meglio per favore?Non sono cosi esperto,grazie.

[kingv]

se digiti
netstat -na |grep 22
ti stampa una riga con scritto in fondo LISTEN ?

[flori2]

con#netstat localhost mi dice porta 22 open

[flori2]

Quote:

Originariamente inviato da kingv
se digiti
netstat -na |grep 22
ti stampa una riga con scritto in fondo LISTEN ?

Si c'è!

[kingv]

Quote:

Originariamente inviato da flori2
Si c'è!

sei sicuro che il firewall sia giu'? posta l'output di
iptables -L

[flori2]

Ciao ecco l'output:

[root@localhost root]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP !icmp -- anywhere anywhere state INVALID
eth1_in all -- anywhere anywhere
eth0_in all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
DROP !icmp -- anywhere anywhere state INVALID
eth1_fwd all -- anywhere anywhere
eth0_fwd all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP !icmp -- anywhere anywhere state INVALID
fw2net all -- anywhere anywhere
all2all all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `ShorewallUTPUT:REJECT:'
reject all -- anywhere anywhere

Chain all2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject all -- anywhere anywhere

Chain common (5 references)
target prot opt source destination
icmpdef icmp -- anywhere anywhere
reject udp -- anywhere anywhere udp dpt:135
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp dpt:microsoft-ds
reject tcp -- anywhere anywhere tcp dpt:netbios-ssn
reject tcp -- anywhere anywhere tcp dpt:microsoft-ds
reject tcp -- anywhere anywhere tcp dpt:135
DROP udp -- anywhere anywhere udp dpt:1900
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
reject tcp -- anywhere anywhere tcp dpt:auth
DROP udp -- anywhere anywhere udp spt:domain state NEW
DROP all -- anywhere 29.244.111.255
DROP all -- anywhere 192.168.1.255

Chain dynamic (4 references)
target prot opt source destination

Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state NEW
loc2net all -- anywhere anywhere

Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state NEW
loc2fw all -- anywhere anywhere

Chain eth1_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state NEW
net2all all -- anywhere anywhere

Chain eth1_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state NEW
net2all all -- anywhere anywhere

Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT all -- anywhere anywhere

Chain icmpdef (1 references)
target prot opt source destination

Chain loc2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:squid
all2all all -- anywhere anywhere

Chain loc2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere

Chain net2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2allROP:'
DROP all -- anywhere anywhere

Chain newnotsyn (5 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:newnotsynROP:'
DROP all -- anywhere anywhere

Chain reject (11 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain shorewall (0 references)
target prot opt source destination
[root@localhost root]#

[kingv]

ammazza che casino, fortuna che non era attivo.
disabilitalo momentaneamente con:

iptables -F

e fai una prova se tisi connette in ssh.

[flori2]

Ma sto zozzo di firewall chi lo aveva abilitato?!Ho notato che la voce "disabilita" non era selezionata e l'ho selezionata (no firewall)...risultato ho perso la connessione internet della rete interna.Sono andato di nuovo al centro di controllo e l'ho fatto il contrario...con firewall la connessione va,poi ho abilitato solo ssh e ping ed ora mi connetto tramite ssh e riesco anche a pingare.Si era colpa del firewall.Avra fatto tutto mandrake in auto perchè io l'avevo disabilitato in partenza il firewall.
Ciao e grazie a tutti.