ssh problem

satimis · 2008-02-08 16:47:04

Hi folks,

PC-1
Archlinux 86-64 2007-08-2
Router IP - 192.168.0.2

PC-2
Ubuntu 7.04 server amd64
Router IP - 192.168.0.10

On PC-1
$ ssh 192.168.0.10
can connect PC-2

On PC-2
$ ssh 192.168.0.2

ssh: connect to host 192.168.0.2 port 22: Connection refused

On PC-1

$ cat /etc/hosts.allow

ALL: ALL

$ cat /etc/hosts.deny

#ALL: ALL: DENY

already comment out

$ pacman -Qs iptables
No printout (not installed yet)

Please advise where to check and how to fix the problem. TIA

B.R.
satimis

thayer · 2008-02-08 17:26:08

Might be a silly question, but do you have the sshd daemon running on 192.168.0.2?

The server likely has this service running already, but Arch requires you to explicitly start it in the /etc/rc.conf DAEMONS array.

Also, I understand if you've opened up your hosts.allow file just for testing the connection, but once you get it working you should definitely lock it down again with something like this:

# /etc/hosts.allow
#
sshd: 192.168.0.10

or to specify the entire LAN:

sshd: 192.168.0.

But I wouldn't open the entire LAN if you're using a wireless router, unless there are a number of other precautions in place.

Last edited by thayer (2008-02-08 17:47:18)

satimis · 2008-02-09 03:50:22

thayer wrote:

Might be a silly question, but do you have the sshd daemon running on 192.168.0.2?
The server likely has this service running already, but Arch requires you to explicitly start it in the /etc/rc.conf DAEMONS array.
Also, I understand if you've opened up your hosts.allow file just for testing the connection, but once you get it working you should definitely lock it down again with something like this:
# /etc/hosts.allow
#
sshd: 192.168.0.10
or to specify the entire LAN:
sshd: 192.168.0.
But I wouldn't open the entire LAN if you're using a wireless router, unless there are a number of other precautions in place.

Hi thayer,

Thanks for your advice.

I solved the problem, sshd NOT running. After running;

# /etc/rc.d/sshd start

Now PC-2 can ssh connect PC-1, Archlinux.

Where shall I add the line "exec sshd" so it would start at boot? On /etc/modprobe.conf ? TIA

I'll delete "ALL: ALL" on /etc/hosts.allow and add "sshd: 192.168.0.10" on it instead. Thanks

What about /etc/hosts.deny? To deny all only allowing sshd? If YES please advise how to achieve it.

B.R.
satimis

bender02 · 2008-02-09 04:33:13

thayer already told you how to make it start at boot:

thayer wrote:

The server likely has this service running already, but Arch requires you to explicitly start it in the /etc/rc.conf DAEMONS array.

So add "sshd" into DAEMONS=(...) in the file /etc/rc.conf.

thayer · 2008-02-09 04:39:29

Hi satimis, no problem and glad to help... as for the sshd daemon, you can simply add it to the daemons array in /etc/rc.conf, like so:

DAEMONS=(syslog-ng @cpufreq @net-profiles @hal @alsa @crond @cups @mpd @sshd)

It will now start at boot.

Leave hosts.deny alone; it will deny ALL connections from anyone , EXCEPT for what's allowed in hosts.allow.

Also, you might want to have a read through the wiki when working with stuff like this... you might be surprised how much information is already available via a quick search.

Cheers!

Last edited by thayer (2008-02-09 04:39:45)

satimis · 2008-02-09 06:27:42

bender02 wrote:

thayer already told you how to make it start at boot:
thayer wrote:
The server likely has this service running already, but Arch requires you to explicitly start it in the /etc/rc.conf DAEMONS array.
So add "sshd" into DAEMONS=(...) in the file /etc/rc.conf.

Noted and thanks

satimis

satimis · 2008-02-09 06:32:53

thayer wrote:

Hi satimis, no problem and glad to help... as for the sshd daemon, you can simply add it to the daemons array in /etc/rc.conf, like so:
DAEMONS=(syslog-ng @cpufreq @net-profiles @hal @alsa @crond @cups @mpd @sshd)
It will now start at boot.
Leave hosts.deny alone; it will deny ALL connections from anyone , EXCEPT for what's allowed in hosts.allow.

Noted and thanks. Problem is now completely solved.

What will be the difference with "@" added at the beggining of each daemon? Without it doemon also starts at boot.

Also, you might want to have a read through the wiki when working with stuff like this... you might be surprised how much information is already available via a quick search.

I suppose you meant following URL
http://wiki.archlinux.org/index.php/Main_Page

thanks

satimis

bender02 · 2008-02-09 15:40:06

For the '@' thing: without it, the init process waits until the daemon is started; with it, the init process starts the daemon "in the background", ie. it doesn't wait until it successfully starts. For most daemons, the background running is fine, but sometimes you might need to make sure that a daemon is running before you run another one (for example, if you'd want to run 'nfsd', the daemons 'nfslock' and 'portmap' must be already running). For those, backgrounding is not a good idea. You can take a look at the scripts in /etc/rc.d/...

satimis · 2008-02-10 14:32:40

bender02 wrote:

For the '@' thing: without it, the init process waits until the daemon is started; with it, the init process starts the daemon "in the background", ie. it doesn't wait until it successfully starts. For most daemons, the background running is fine, but sometimes you might need to make sure that a daemon is running before you run another one (for example, if you'd want to run 'nfsd', the daemons 'nfslock' and 'portmap' must be already running). For those, backgrounding is not a good idea. You can take a look at the scripts in /etc/rc.d/...

Thanks for your advice.

$ ls /etc/rc.d/ | grep nfsd
No printout

$ sudo pacman -Qs nfs
No printout

$ sudo pacman -Ss nfs | grep nfs

core/nfs-utils 1.1.0-3
core/nfsidmap 0.20-2
    Another Unionfs Implementation that supports NFS branches
    Another Unionfs Implementation that supports NFS branches
extra/unionfs-utils 200611041820-1
community/perl-file-nfslock 1.20-4

I don't have nfs-utils and nfsidmap installed.

satimis

bender02 · 2008-02-10 14:44:40

Eh, sorry, 'nfsd' was just an example. What I meant is that all the files in /etc/rc.d/ are just shell scripts, which get run if you list them in your DAEMONS array in /etc/rc.conf. I think none of the daemons which you start actually depend on other daemons, so it is safe to run them in the background (with @). Using @ of course speeds up the booting process.

I was just trying to give an example of a situation which might occur in the future, when you'd add some other daemon to your DAEMONS array. I tried to point you where you can take a look if something goes wrong.

satimis · 2008-02-10 15:12:07

bender02 wrote:

Eh, sorry, 'nfsd' was just an example. What I meant is that all the files in /etc/rc.d/ are just shell scripts, which get run if you list them in your DAEMONS array in /etc/rc.conf. I think none of the daemons which you start actually depend on other daemons, so it is safe to run them in the background (with @). Using @ of course speeds up the booting process.

Noted and thanks

I was just trying to give an example of a situation which might occur in the future, when you'd add some other daemon to your DAEMONS array. I tried to point you where you can take a look if something goes wrong.

Could you please suggest me a package to install. I'm interested to learn the difference w and w/o @ at the beginning of a daemon.

This is my second round on Archlinux. I run this box for test only. My first round running Archlinux was about a year ago also a test. I shall run Arch as the Host on VMware server on this box building a LAMP server. Again I'll run Arch as Guest for testing R-project .

satimis

bender02 · 2008-02-10 16:38:39

Out of those which I have installed, only nfsd and fam depend on other daemons.

As far as playing around goes, for example starting hal tends to take approx 2 seconds. With your current config, during the boot you probably see something like "Starting hal ... [BKGD]" and the process immediately moves on. Try to remove that @ in front of hal, and then you should see "Starting hal ... [WAIT]" (it waits until hal succesfully starts, approx 2 sec) and then it changes to "Starting hal ... [DONE]" and moves on.

In a hypotetical situation, when a daemon *evildaemon* (made up name) would depend on hal and you would have DAEMONS=(... @hal evildaemon ...), the init process wouldn't wait until hal actually starts and would try to start evildaemon probably *before* hal succesfully starts, which would result in a failure of starting evildaemon. On the other hand, if you'd have DAEMONS=( ... hal evildaemon ...) the init process wouldn't move on until hal is started, and so evildaemon would start succesfully.

Arch Linux

#1 2008-02-08 16:47:04

ssh problem

#2 2008-02-08 17:26:08

Re: ssh problem

#3 2008-02-09 03:50:22

Re: ssh problem

#4 2008-02-09 04:33:13

Re: ssh problem

#5 2008-02-09 04:39:29

Re: ssh problem

#6 2008-02-09 06:27:42

Re: ssh problem

#7 2008-02-09 06:32:53

Re: ssh problem

#8 2008-02-09 15:40:06

Re: ssh problem

#9 2008-02-10 14:32:40

Re: ssh problem

#10 2008-02-10 14:44:40

Re: ssh problem

#11 2008-02-10 15:12:07

Re: ssh problem

#12 2008-02-10 16:38:39

Re: ssh problem

Board footer