114 replies to this topic

[securitybreach]

CODE

╔═ comhack@Cerberus 12:53 PM
╚═══ ~-> ls -l remote/
total 0

╔═ comhack@Cerberus 12:53 PM
╚═══ ~-> sshfs -p xxxx comhack@xx.xxx.xxx.xxx:/home/comhack/ remote/
comhack@69.164.210.120's password:

╔═ comhack@Cerberus 12:53 PM
╚═══ ~-> ls -l remote/
total 1756
drwxr-xr-x 1 comhack users    4096 Jan  6 10:38 akismet
-rw-r--r-- 1 comhack users   30342 Jan  7 09:38 akismet.zip
drwxr-xr-x 1 comhack users    4096 Feb 18 22:40 byob
-rw-r--r-- 1 comhack users      19 Aug 17  2011 cacheclean
-rw------- 1 comhack users 1586440 Sep  2  2010 comhack site.zip
-rw-r--r-- 1 comhack users  109944 Mar  9 00:05 DarkStar_120309_0035.nmon
-rw-r--r-- 1 comhack users    4392 Feb 11  2010 downloads.html
-rw-r--r-- 1 comhack users    7093 Dec  3 23:55 hardcopy.0
-rwxr-xr-x 1 comhack users    5477 Sep  2  2010 index.html
-rw-r--r-- 1 comhack users     527 Oct 17  2010 installed_packages.txt
drwxrwxrwx 1 root    root     4096 Dec  9  2010 php
dr-x------ 1 comhack users    4096 Jun 27  2011 Private
-rw-r--r-- 1 comhack users      37 Jul  5  2011 users
-rw-r--r-- 1 comhack users      13 Nov  3  2010 users~
drwxrwxrwx 1 root    root     4096 Jan  4 12:21 wordpress
drwxr-xr-x 1 comhack users    4096 Sep  5  2010 wordpress stuff

╔═ comhack@Cerberus 12:53 PM
╚═══ ~->

Granted that was a remote session so you will change it to suite a local machine (IP/port #).

[V.T. Eric Layton]

Man! I can't even figure out how to set a static IP addy for my devices. I remember now how frustrating this was a year ago when I first tried it.

[securitybreach]

Man! I can't even figure out how to set a static IP addy for my devices. I remember now how frustrating this was a year ago when I first tried it.

It is simple, first set the ip you want to use on your router's config page. Then open up your network settings and fill in the appropriate IP, subnet, etc.

[securitybreach]

Here is what I use in my /etc/rc.conf:

interface=eth0
address=192.168.1.2
netmask=255.255.255.0
broadcast=192.168.1.254
gateway=192.168.1.1

192.168.1.2 being my computer and 192.168.1.1 is the router.

[V.T. Eric Layton]

OK, I think I get all three systems (four, if you count both Ethernet and wireless for the laptop) assigned static IPs in the router config area. I can ssh into the shop system, which is WAAAAAAAY COOL, but I'm getting this error going both ways to or from the laptop (Ethernet or wireless):

CODE

vtel57_Slackware~:$ ssh ericslaptop01
ssh: connect to host ericslaptop01 port 22: Connection refused

What gives?

[securitybreach]

OK, I think I get all three systems (four, if you count both Ethernet and wireless for the laptop) assigned static IPs in the router config area. I can ssh into the shop system, which is WAAAAAAAY COOL, but I'm getting this error going both ways to or from the laptop (Ethernet or wireless):

CODE

vtel57_Slackware~:$ ssh ericslaptop01
ssh: connect to host ericslaptop01 port 22: Connection refused

What gives?

Did you change the default port from 22? If not, I would advise doing that. I know that does not explain your error but better to not use the default port.

To use a different port, you need to use the -p switch.

EX: ssh -p 6666 ericslaptop01

[V.T. Eric Layton]

Couldn't I change the default port in the ssh.conf file?

Anyway, I'm out in the shop now. I can't ssh into the lappy or the main system from here. Same port 22 error as lappy inside. I'm sure it's something simple.

Thanks for the help, by the way.

No matter what port I choose, "connection refused.

[securitybreach]

I know it sounds goofy, but is ssh running on the system you are trying to connect to?

You need the daemon running on the remote machine (server) that you are trying to connect to.

[V.T. Eric Layton]

HAHAHA! I was one step ahead of you, little brother! And you were right, it was not a goofy suggestion. The ssh daemon was not running on the laptop or the shop system. Once I enabled execution of the /etc/rc.d/rc.sshd script and rebooted, it WORKS! YAY! YIPPEE! I can access via command line between all three systems for file editing and manipulation purposes. To actually transfer folders/files, I can use gFTP. Works like a champ! YAY!

Thanks for all the help, Josh. By the way, I called you a few minutes ago using the number that I've had for you for a while now. I got Jennifer (nice sounding young lady ) instead of you. I think I have an old number for you. Email me with your super-secret new number please.

Later...

[securitybreach]

PMd ya Eric

[securitybreach]

BTW I am about to go to work so you will have to call some other time.  I am usually available during the daytime or after 2200 cst (UTC−06)

[V.T. Eric Layton]

10-4. I was just calling to thank you, anyway. I don't have a voice today. I've been battling a sore throat for 5 days now. I'm fighting off some crud, I guess. I'm actually starting to feel better today, though.

Anyway, when you get home later you can tell me what the advantages of:

1. changing my default port for ssh - security by obscurity, I assume. Right?

2. using ssh key pairs rather than passwords - more security so my passwords aren't bouncing all over the neighborhood via my wifi. Right?

Thanks again... I have to go set this up in Arch now. I imagine that should be simpler than it was in Slackware... usually is.

Later...

[amenditman]

Eric

I am really impressed!
How the heck did you even remember that this thread existed from way back when!

Great to hear you finally got this up and running the way you wanted.
Next time I decide to set this up, there's one more person to help me figure it out.

[V.T. Eric Layton]

I woke up this morning thinking about it because I realized that it's silly of me, being a technical wizard and all, to be running back and forth between these systems with my little thumb drive or my handful of cds trying to transfer files from one machine to another. I mean MAN!, this is the new millennium, dude. I really need to get with the program here. It's Linux. I can do it (with a little help ).

It's all working now. I'm really not too worried about changing the default port for ssh. I think I would have to forward the new port in my router to make it work, anyway. On my little home network, where 2 of the three systems are usually powered down, I doubt some hacker in the neighborhood is going to break my WPA2 encryption and my system user passwords also. I guess it could be done, though, if someone really wanted all of uncle Bob's tinfoil hat designs that I keep on my local machines because I'm too paranoid about cloud computing.

Off I go...

[V.T. Eric Layton]

It's like playing with new toys on Sunday morning. I just found out that I can remotely shutdown my ssh'd machines. Isn't that COOL! Yeah, I'm new to this remote access thing. Can you tell?

And about reviving the old thread... I used the board search function. It works well when you know what you're looking for.

[securitybreach]

10-4. I was just calling to thank you, anyway. I don't have a voice today. I've been battling a sore throat for 5 days now. I'm fighting off some crud, I guess. I'm actually starting to feel better today, though.

Anyway, when you get home later you can tell me what the advantages of:

1. changing my default port for ssh - security by obscurity, I assume. Right?

2. using ssh key pairs rather than passwords - more security so my passwords aren't bouncing all over the neighborhood via my wifi. Right?

Thanks again... I have to go set this up in Arch now. I imagine that should be simpler than it was in Slackware... usually is.

Later...

1. Well as far as the port, I use an obscure port for the simple reason that most ip scanners search for common ports like 22 (ssh), 21 (ftp), 139(netbios), etc. on various servers. It is just another way to keep yourself off the radar.

2. Pretty much. I use it as a another security as I regularly connect to a remote session (my linode) so it is not just my neighborhood I have to worry about.
http://serverfault.com/questions/203613/is...-authentication

No problem!! Also, make sure you are running protocol 2 as protocol 1 was the one that had the vulnerability last year: https://wiki.archlinux.org/index.php/Secure_Shell#Client

[V.T. Eric Layton]

MattDM's explanation in that first link is excellent. I'm running ssh-agent by default, and I see keys generated in my .ssh/known_hosts file, so I'm assuming that my passwords are not being flung around the neighborhood randomly each time I ssh into one of my machines.

I'm still trying to figure out how to change my default port. I can change it in /etc/ssh/ssh_config, but then ssh fails (connection denied errors). I'm assuming that my router is blocking the port I've chosen to use. Sound reasonable? How do I fix this? Do I need to FWD the port in the router control panel?

I'm such a dim-bulb when it comes to this networking carp. I really have neglected that part of my education.

[securitybreach]

I'm still trying to figure out how to change my default port. I can change it in /etc/ssh/ssh_config, but then ssh fails (connection denied errors). I'm assuming that my router is blocking the port I've chosen to use. Sound reasonable? How do I fix this? Do I need to FWD the port in the router control panel?

I'm such a dim-bulb when it comes to this networking carp. I really have neglected that part of my education.

That is because you are editing the wrong file. The file /etc/ssh/ssh_config is for the client  and /etc/ssh/sshd_config is for the server: https://wiki.archlinux.org/index.php/Secure_Shell#Daemon

Change the port in sshd_config, restart sshd and you should be good to go  

[V.T. Eric Layton]

I edited them both. I changed the port and I changed to Protocol 2 in both. It wasn't working before because... DUH! I had only made the changes on the main system... not the remotes. HA! All's working now, though.

Thanks!

[securitybreach]

I personally leave the default port on /etc/ssh/ssh.conf as I always specify the port when I connect to a host anyway. That part does not really matter as that is not for the server anyway. The only things I have uncommented on /etc/ssh/ssh_config is:

Protocol 2
HashKnownHosts yes
StrictHostKeyChecking yes
ServerAliveInterval 60

Glad that you got everything working now!!

[securitybreach]

You can also have a banner for each client by editing /etc/issue and uncommenting this line in /etc/ssh/sshd_config:
Banner /etc/issue

Then you can have a nice graphic/banner when you ssh into the machines. Here is the one I use on my Linode:


(I had to take a screenshot of it as the ascii was not lining up correctly)

There are some more here: https://bbs.archlinux.org/viewtopic.php?pid=1039917

[V.T. Eric Layton]

Pretty spiffy!

I'm headed out to the shop to edit the ssh setup on that machine now. I also need to sync my FF and TB data. Haven't done that in a while. It'll be easier and faster via ftp/ssh than it was using thumb drives and walking back and forth from the main system out to the shop.

[V.T. Eric Layton]

SSH In Slackware and Arch - A Brief How-To

[securitybreach]

SSH In Slackware and Arch - A Brief How-To

[V.T. Eric Layton]

We're long overdue for a new Comhack article. What's up with that?