Q: SSH to Linux behind Linksys router
S.V. Proff
I am trying to ssh to my Linux Redhat 7.2 computer behind a Linksys
router. The ssh software is not able to connect. It says something to
the effect that the "remote computer is not available".
I have the port 22 open for the computer on the Linksys router. Some
weeks ago a different computer that I had on the net was accessible
via telnet without any problems.
Also, I am able to ssh to the Linux computer within my internal
network without any problem. In other words, ssh client software and
ssh services on Linux are working properly.
If it matters, I am on attbi cable modem.
What could be the other issues that I should check into?
Thanks!
Sam
S.V. Proff
The only thing I did was to take out port 22 references to other
computers on the Linksys configuration. The other computers were all
off when I tried to access it before, but who knows Linksys may have
been trying to route the request to them...
Sam
ffi...@onebox.com (S.V. Proff) wrote in message news:<e97fba5e.02051...@posting.google.com>...
Pierre Asselin
>I am trying to ssh to my Linux Redhat 7.2 computer behind a Linksys
>router.
I do that here. You have to tell the linksys to forward incoming
port-22 connections to your Linux box. Browse to the linksys,
select "Advanced" and then "Forwarding", fill in the port range,
protocol and destination IP address.
Your Linux box has to be on a fixed IP address, or be prepared to
changed the forwarding destination every time you turn it on.
>If it matters, I am on attbi cable modem.
Same here.
S.V. Proff
I did manage to get the SSH working...
However, as you may see from my other postings, I got hacked the same
day!
I don't know how the hacker was able to manage to sniff my password...
I accessed the computer for less than 10 minutes from work. I cannot
understand how he was able to target my SSH comunications...
I am being advised that I now have to reformat the harddrive and
reinstall everything...
I discovered that I was hacked when I started scrolling through the
shell command history to pick one of my previous lenghthy commands. I
noticed a bunch of commands and activity I did not recognize.
You may wish to look through your command history once in a while.
Sam
Pierre Asselin <p...@panix.com> wrote in message news:<abhv2u$5uk$3...@reader1.panix.com>...
Jorey Bump
> I don't know how the hacker was able to manage to sniff my password...
>
> I accessed the computer for less than 10 minutes from work. I cannot
> understand how he was able to target my SSH comunications...
Well, you did say you've used telnet in the past. And there might be a
keystroke recorder on your work computer. Are there any other ports open on
your home network?
Pierre Asselin
>Hello Pierre:
>I did manage to get the SSH working...
>However, as you may see from my other postings, I got hacked the same
>day!
Ouch.
>You may wish to look through your command history once in a while.
Yes. You can also configure your ssh server to firewall itself on
port 22 and accept connections only from your workplace's IP range.
(The Linksys router can't do that for you, it forwards all or
nothing.) The ipchains HOWTO is a good place to start.
David Efflandt
> Hello Pierre:
>
> I did manage to get the SSH working...
>
> However, as you may see from my other postings, I got hacked the same
> day!
>
> I don't know how the hacker was able to manage to sniff my password...
>
> I accessed the computer for less than 10 minutes from work. I cannot
> understand how he was able to target my SSH comunications...
The first thing I did before opening ssh was set hosts.allow/hosts.deny to
only allow it from set IPs or hosts. The next thing I did was configure
sshd to allow keys only (no passwords allowed). The former would refuse
unknown hosts from connecting at all, and the latter would make password
guessing futile from known hosts. Ah-ha, here is another as I type this
(I tail -f /var/log/messages):
May 15 20:09:26 realhost sshd[9555]: refused connect from
::ffff:211.155.224.76 (::ffff:211.155.224.76)
inetnum: 211.155.224.0 - 211.155.239.255
descr: Hangzhou Silk Road Information Technologies Co.,Ltd.
country: CN
changed: ip...@cnnic.net.cn 20010117
source: APNIC
--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/
S.V. Proff
computer. Only the ports 21, 22 and 23 were open to the Linux
computer.
Linux is now pulled off the network. And all ports leading to the
Windows 2000 machine are closed.
If the Linksys is doing what it is supposed to do nobody should be
able to get in now.
However, I am a bit worried:
- I am not sure if Linksys is really secure.
- I also don't know if somebody can get into a Windows 2000 machine in
a manner.
Any comments on these two issues?
As for a keystroke recorder at work, I doubt it. However, who knows?
How would I find out if there is one? I use, by the way, a Windows
2000 computer at work.
Sam
Jorey Bump <dev...@joreybump.com> wrote in message news:<kNgE8.3603$8M5....@nwrddc01.gnilink.net>...
S.V. Proff
How would I handle access from an Internet cafe when I'm on the road?
I was getting ready to use the computer when I'm traveling. Although I
will have a laptop, in some places it is difficult to find telephone
access, so I was planning on simply dropping by an Internet cafe.
Sam
(To prevent spam my one box account is disabled, please post your
reply to be Usenet group.)
Pierre Asselin <p...@panix.com> wrote in message news:<abskdp$5mf$1...@reader1.panix.com>...
S.V. Proff
How about if I were to have only key access allowed and delicate
restricted to certain IPS and hosts, can an intruder intercept the
key?
Sam
(To prevent spam my one box address is disabled. Please post your
reply to the Usenet group.)
effl...@xnet.com (David Efflandt) wrote in message news:<slrnae621a....@typhoon.xnet.com>...