Creating a File and Print Server

[securitybreach]

Here is my server /etc/ssh/sshd_config:

# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 6666
#AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
Banner /etc/issue

# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

 

and the client /etc/ssh/ssh_config:

# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
  Protocol 2
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
HashKnownHosts yes
StrictHostKeyChecking ask

 

Normally you do not have to do anything on the client (/etc/ssh/ssh_config) except change the protocol to 2, just the server config (/etc/ssh/sshd_config)

[ichase]

Well that certainly helps knowing that there is only really a hand full of options within the config files that have to be setup. I had already set my ssh_config file with the protocal set to 2 based on the Wiki. But that was about as much as I was able to understand within the wiki.

[securitybreach]

Yes, there are a ton of options with ssh but with normal operation, you only need a few enabled.

[ichase]

Now according to the Wiki, once the config files are properly set up on both the client and the server you simply:

$ ssh -p port server @ address 

 

Now is that saying in my situation

 $ ssh -p 22 HomeServer @ 192.168.X.XX 

 

If so, does this bring up a new terminal window displaying my server?

 

Thanks for being patient in my 101 questions sessions. LOL

Edited October 10, 2012 by ichase

[securitybreach]

Now according to the Wiki, once the config files are properly set up on both the client and the server you simply:

$ ssh -p port server @ address 

 

Now is that saying in my situation

 $ ssh -p 22 HomeServer @ 192.168.X.XX 

 

If so, does this bring up a new terminal window displaying my server?

 

Thanks for being patient in my 101 questions sessions. LOL

 

That is incorrect. It should be:

ssh -p portnumber username@ipaddress

 

For instance,

ssh -p 6666 comhack@xx.xxx.xxx.xxx

[ichase]

Ahhh, the picture is becoming more clear. Now does this open up a new terminal window?

[securitybreach]

Ahhh, the picture is becoming more clear. Now does this open up a new terminal window?

 

Nope, you connect via the terminal you are already in:

 

 

Note that I did not have to enter the username as it is the same as the one I am logged onto the local machine as.

[ichase]

Well, set up the config files on both machines but I am obviously missing something. It is bound to be small and easy.

When I attempt to ssh into the server from the laptop I get:

 # ssh -p 5555 HomeServer @ 192.168.0.10
ssh: connect to host 192.168.0.10 port 5555: No route to host 

 

I have my host name set in /etc/hostname and /etc/hosts and have a static IP of 192.168.0.10 in my /etc/rc.conf. May need to check router settings to see if port forwarding is disabled?

[securitybreach]

Well, set up the config files on both machines but I am obviously missing something. It is bound to be small and easy.

When I attempt to ssh into the server from the laptop I get:

 # ssh -p 5555 HomeServer @ 192.168.0.10
ssh: connect to host 192.168.0.10 port 5555: No route to host 

 

I have my host name set in /etc/hostname and /etc/hosts and have a static IP of 192.168.0.10 in my /etc/rc.conf. May need to check router settings to see if port forwarding is disabled?

 

The HomeServer part is what is messing up. You should have the username before @, not the hostname.

 

It should be:

ssh -p 5555 <username>@192.168.0.10

 

Replace username with the username on the file server. Like:

ssh -p 5555 ichase@192.168.0.10

[securitybreach]

Also, if you decide to access this server or any machine running ssh from outside your home network, you need to specify the internal ip/port number on the Port Forwarding section of your router. Here is a screenshot of my router's section with the ssh line (removed the subset of my internal IP for security reasons)

 

 

Then you just use:

 

ssh -p 5555 ichase@real-IP

 

then your router will forward the connection to the machine with that port open.

 

 

Make sense?

 

[ichase]

The HomeServer part is what is messing up. You should have the username before @, not the hostname.

 

It should be:

ssh -p 5555 <username>@192.168.0.10

 

Replace username with the username on the file server. Like:

ssh -p 5555 ichase@192.168.0.10

Well I actually tried it with ichase@192.168.0.10 and got the same error

[securitybreach]

Well I actually tried it with ichase@192.168.0.10 and got the same error

 

Is ichase the username on the server?

 

You need a username on the server as it is better to su to root over ssh versus connecting as root.

[ichase]

Yes, just like my two other arch computers, ichase is the non-root username and of course I always su to root from my ichase user.

[securitybreach]

Did you restart sshd after configuring it? Also, are you certain that is the ip address of the server?

[ichase]

No, I did not restart sshd. That is the IP I put into the Network section of my rc.conf on the server. From what I understand, if you don't want DHCP to renew an IP address and you want a static IP address, then you uncomment the network portion of the rc.conf and add the IP in the address column.

 

interface=eth0
address=192.168.0.10
netmask=255.255.255.0
broadcast=192.168.1.255
gateway=192.168.0.1

Edited October 11, 2012 by ichase

[securitybreach]

Here is my rc.conf section (even though I use systemd):

interface=eth0
address=192.168.1.2
netmask=255.255.255.0
broadcast=192.168.1.254
gateway=192.168.1.1

 

No, I did not restart sshd. That is the IP I put into the Network section of my rc.conf on the server. From what I understand, if you don't want DHCP to renew an IP address and you want a static IP address, then you uncomment the network portion of the rc.conf and add the IP in the address column.

 

interface=eth0

address=192.168.0.10

netmask=255.255.255.0

broadcast=192.168.1.255

gateway=192.168.0.1

 

That should be 192.168.0.255

[securitybreach]

No, I did not restart sshd.

 

If you make any change whatsoever to /etc/ssh/sshd_config, you have to restart sshd.

[ichase]

I will give that a try and try re-starting sshd on the server. Hopefully then I can connect. Thanks for all the help Josh, I am keeping good notes as I always do.

[securitybreach]

I will give that a try and try re-starting sshd on the server. Hopefully then I can connect. Thanks for all the help Josh, I am keeping good notes as I always do.

 

Sounds good

 

I go to work in about an hour so will not respond back till later tonight.

[ichase]

Why would the broadcast IP address have to be 192.168.0.255 and not 192.168.1.255?

I actually got that from the Configuring Network Wiki

[securitybreach]

Why would the broadcast IP address have to be 192.168.0.255 and not 192.168.1.255?

I actually got that from the Configuring Network Wiki

 

Because your IP, netmask and gateway use the 192.168.0.x prefix so your broadcast would be 0.255 not 1.255.

[ichase]

I'm in

Edited October 11, 2012 by ichase

[securitybreach]

Good deal

[ichase]

Thanks for the guidance Josh. You taught me a lot. Just installed samba so now off to do more reading to set that up and get this file and print server working.

[securitybreach]

Thanks for the guidance Josh. You taught me a lot. Just installed samba so now off to do more reading to set that up and get this file and print server working.

 

Sounds good and no problem

[ichase]

This is strange. I am ssh'd into my server upstairs. I attempted to create a test file on the 2nd hard drive that is mounted to /mnt/storage. I attempted to create a file called test.txt (as root) and I got a permission denied when trying to save it? Why would root not have permission to write a file to sdb2?

 

sdb2 is formatted to NTFS so it can be utilized from the Windows computers in the house. Could that be the issue?

 

More info, I have ntfs-3g installed and the ntfs hard drive is added to my fstab as such:

#
# /etc/fstab: static file system information
#
# <file system> <dir>   <type>  <options>	   <dump>  <pass>
tmpfs		   /tmp	tmpfs   nodev,nosuid	0	   0

/dev/sda1		/	   ext3	 defaults	  0	   1
/dev/sda2	   none	 swap	 defaults	  0	   0
/dev/sdb1  /mnt/storage  ntfs-3g  defaults	  0	   0

But when I try to mount it with:

 # mount -t ntfs-3g /dev/ /mnt/storage

I get

mount: can't find /dev//mnt/storage in /etc/fstab 

 

Never mind, when I removed "/dev/" from the action as such

mount -t ntfs-3g /mnt/windows

it worked and I was able to write a file to it as root.

 

Worked through that huh?

Edited October 13, 2012 by ichase

[securitybreach]

Good deal

[burninbush]

This is strange. I am ssh'd into my server upstairs. I attempted to create a test file on the 2nd hard drive that is mounted to /mnt/storage. I attempted to create a file called test.txt (as root) and I got a permission denied when trying to save it? Why would root not have permission to write a file to sdb2?

 

sdb2 is formatted to NTFS so it can be utilized from the Windows computers in the house. Could that be the issue?

 

More info, I have ntfs-3g installed and the ntfs hard drive is added to my fstab as such:

#
# /etc/fstab: static file system information
#
# <file system> <dir>   <type>  <options>	   <dump>  <pass>
tmpfs		   /tmp	tmpfs   nodev,nosuid	0	   0

/dev/sda1		/	   ext3	 defaults	  0	   1
/dev/sda2	   none	 swap	 defaults	  0	   0
/dev/sdb1  /mnt/storage  ntfs-3g  defaults	  0	   0

But when I try to mount it with:

 # mount -t ntfs-3g /dev/ /mnt/storage

I get

mount: can't find /dev//mnt/storage in /etc/fstab 

 

Never mind, when I removed "/dev/" from the action as such

mount -t ntfs-3g /mnt/windows

it worked and I was able to write a file to it as root.

 

Worked through that huh?

 

 

As long as /dev/sdb1 has an entry in /etc/fstab then I think you can mount it with just #mount /dev/sdb1 -- fstab already knows where to mount it and to use ntfs-3g. Trying to mount anything on /dev is just bad syntax for the mount command, wouldn't work on any box.

 

On a server box I would just put 'auto' in the options field [where you have 'defaults'] so it would be mounted at bootup.

[sunrat]

Worked through that huh?

Glad we could help.

 

This is my ntfs mount line in fstab:-

UUID=677EE28C54F5FC0F	    /media/disk1part1	ntfs   auto,users,ro,dmask=0022,fmask=0133,nls=utf8  0	0

I never write to it from Linux, so you may need to put rw instead of ro, and the masks may be different. The users argument is handy though.

[securitybreach]

Hmm, I only have these as my ntfs entries in /etc/fstab:

/dev/sda1 /windows ntfs-3g id=users,fmask=113,dmask=002	0  0
/dev/sdb2 /ntfs  ntfs-3g uid=comhack,gid=users 0  0