You are not logged in.

#1 2010-09-10 03:31:52

hadso
Member
Registered: 2010-09-03
Posts: 14

[SOLVED] SSH port 22

Hi people. I'm tring to learn how to acces from another PC to mine.
I downloaded Putty and I think, I undertood how to do that.
The problem is that I'm not able to open the port 22.
How can I do that?

Thanks a lot!

Last edited by hadso (2010-09-13 02:45:08)

Offline

#2 2010-09-10 03:47:56

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,740

Re: [SOLVED] SSH port 22

Do you have the sshd daemon running on the host?  Once you do, use putty on the client to connect to the address of your host.
Be sure you modify the /etc/hosts.allow file to include the line

sshd: ALL

http://wiki.archlinux.org/index.php/SSH


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#3 2010-09-10 04:45:39

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: [SOLVED] SSH port 22

+1
Everything you should need is there.

Last edited by fukawi2 (2010-09-10 04:45:55)

Offline

#4 2010-09-11 22:09:34

hadso
Member
Registered: 2010-09-03
Posts: 14

Re: [SOLVED] SSH port 22

fukawi2 wrote:

+1
Everything you should need is there.

I did everything that it saids, but I can't have the 22 port opened...
Where is the problem?

What can I do?

Thanks a lot!!

Offline

#5 2010-09-11 22:19:22

Gusar
Member
Registered: 2009-08-25
Posts: 3,605

Re: [SOLVED] SSH port 22

hadso wrote:

What can I do?

Configure sshd to use another port?

Offline

#6 2010-09-11 23:18:04

hadso
Member
Registered: 2010-09-03
Posts: 14

Re: [SOLVED] SSH port 22

I have chatted with a friend how has configurated SSH in the past.
We remake all the configuration.
But when I tried to do ssh USER@127.0.0.1 I have the following message:

Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
Permission denied (publickey).

What is this?
Thanks!

Offline

#7 2010-09-11 23:32:41

Barrucadu
Member
From: York, England
Registered: 2008-03-30
Posts: 1,158
Website

Re: [SOLVED] SSH port 22

Firstly, why are you trying to SSH into yourself?

Secondly, that means that the public key has been rejected. Did you configure sshd to accept key-based authentication only?

Offline

#8 2010-09-11 23:49:21

hadso
Member
Registered: 2010-09-03
Posts: 14

Re: [SOLVED] SSH port 22

Barrucadu wrote:

Firstly, why are you trying to SSH into yourself?

Secondly, that means that the public key has been rejected. Did you configure sshd to accept key-based authentication only?

Because a friend of mine told me that this is a way to make a test.
Second, wich is the subject of this opcion that you said? HostbasedAuthentication?

Thanks!

Offline

#9 2010-09-12 07:16:12

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Re: [SOLVED] SSH port 22

Here is an example /etc/ssh/sshd_config

#    $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 55022
#AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile    .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem    sftp    /usr/lib/ssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#    X11Forwarding no
#    AllowTcpForwarding no
#    ForceCommand cvs server

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#10 2010-09-12 07:22:55

hatten
Arch Linux f@h Team Member
From: Sweden, Borlange
Registered: 2009-02-23
Posts: 736

Re: [SOLVED] SSH port 22

Make sure you port-forward it in your router.

Offline

#11 2010-09-12 15:40:56

hadso
Member
Registered: 2010-09-03
Posts: 14

Re: [SOLVED] SSH port 22

hatten wrote:

Make sure you port-forward it in your router.

I done.

Offline

#12 2010-09-12 15:42:42

hadso
Member
Registered: 2010-09-03
Posts: 14

Re: [SOLVED] SSH port 22

graysky wrote:

Here is an example /etc/ssh/sshd_config

I have the same file. But, I use 22 port. I have opened in my router, everything.
A friend of mine, says that my problem is "Permission denied.(publickey)", all my configuration is Ok. What means this message?

Thanks!

Offline

#13 2010-09-12 16:54:50

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,740

Re: [SOLVED] SSH port 22

please post the output of ssh -v localhost
and ls -l /etc/ssh


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#14 2010-09-12 17:00:39

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,740

Re: [SOLVED] SSH port 22

Oh, and also the output of ls -l ~/.ssh
Thanks.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#15 2010-09-12 17:01:10

hadso
Member
Registered: 2010-09-03
Posts: 14

Re: [SOLVED] SSH port 22

ewaller wrote:

please post the output of ssh -v localhost
and ls -l /etc/ssh

$ ssh -v localhost

OpenSSH_5.6p1, OpenSSL 1.0.0a 1 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/adso/.ssh/id_rsa type -1
debug1: identity file /home/adso/.ssh/id_rsa-cert type -1
debug1: identity file /home/adso/.ssh/id_dsa type -1
debug1: identity file /home/adso/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6
debug1: match: OpenSSH_5.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/adso/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/adso/.ssh/id_rsa
debug1: Trying private key: /home/adso/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).

$ ls -l /etc/ssh

total 164
-rw-r--r-- 1 root root     10 Sep 11 20:13 hosts.allow
-rw-r--r-- 1 root root 125811 Aug 30 18:35 moduli
-rw-r--r-- 1 root root   1594 Sep 11 20:06 ssh_config
-rw------- 1 root root    668 Sep  9 23:46 ssh_host_dsa_key
-rw-r--r-- 1 root root    601 Sep  9 23:46 ssh_host_dsa_key.pub
-rw------- 1 root root    976 Sep  9 23:46 ssh_host_key
-rw-r--r-- 1 root root    641 Sep  9 23:46 ssh_host_key.pub
-rw------- 1 root root   1675 Sep  9 23:46 ssh_host_rsa_key
-rw-r--r-- 1 root root    393 Sep  9 23:46 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root   3247 Sep 12 12:40 sshd_config

Thanks a lot!

Offline

#16 2010-09-12 17:02:24

hadso
Member
Registered: 2010-09-03
Posts: 14

Re: [SOLVED] SSH port 22

ewaller wrote:

Oh, and also the output of ls -l ~/.ssh
Thanks.

ls -l ~/.ssh

total 4
-rw-r--r-- 1 adso users 884 Sep 11 19:57 known_hosts

Thanks!

Offline

#17 2010-09-12 17:33:15

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,740

Re: [SOLVED] SSH port 22

Okay, I think we are getting close.  Here is an excerpt of ssh -v localhost on this machine

...
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ewaller/.ssh/id_rsa
debug1: Trying private key: /home/ewaller/.ssh/id_dsa
debug1: Next authentication method: password
ewaller@localhost's password: 

  See where yours says

debug1: Authentications that can continue: publickey

whereas mine says

debug1: Authentications that can continue: publickey,password

Both our systems go on to try rsa and dsa keys.  When those fail, mine continues on to password.  Yours does not.

So, port 22 is open.
If you had put the public dsa or rsa keys in ~/.ssh/ it would probably work (but that is not the point, you want password)
Trying to connect to localhost is perfectly valid and eliminates things like router settings from the equation.
All of the keys exist and the permissions look rational (root owns them and can read / write them , public can read (only) the public keys,

So...  Lets take a closer look at /etc/ssh/sshd_config
I diff'ed graysky's config against mine.  We differ on port number, root login [Note to self: turn that off], and X11 forwarding.
You said yours was the same except the port number.  I think we need to take a closer look.  Could you post the sshd_config, or diff it against graysky's and post the diff?

If it is not a sshd_config problem, I am running out of ideas.  It could, I guess be a PAM problem -- but that is out of my league.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#18 2010-09-12 18:00:47

hadso
Member
Registered: 2010-09-03
Posts: 14

Re: [SOLVED] SSH port 22

ewaller wrote:

Okay, I think we are getting close.  Here is an excerpt of ssh -v localhost on this machine

...
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ewaller/.ssh/id_rsa
debug1: Trying private key: /home/ewaller/.ssh/id_dsa
debug1: Next authentication method: password
ewaller@localhost's password: 

  See where yours says

debug1: Authentications that can continue: publickey

whereas mine says

debug1: Authentications that can continue: publickey,password

Both our systems go on to try rsa and dsa keys.  When those fail, mine continues on to password.  Yours does not.

So, port 22 is open.
If you had put the public dsa or rsa keys in ~/.ssh/ it would probably work (but that is not the point, you want password)
Trying to connect to localhost is perfectly valid and eliminates things like router settings from the equation.
All of the keys exist and the permissions look rational (root owns them and can read / write them , public can read (only) the public keys,

So...  Lets take a closer look at /etc/ssh/sshd_config
I diff'ed graysky's config against mine.  We differ on port number, root login [Note to self: turn that off], and X11 forwarding.
You said yours was the same except the port number.  I think we need to take a closer look.  Could you post the sshd_config, or diff it against graysky's and post the diff?

If it is not a sshd_config problem, I am running out of ideas.  It could, I guess be a PAM problem -- but that is out of my league.

Here is my sshd_config:

#    $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 22
#Port 55022


#AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

LoginGraceTime 120
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile    .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding no
X11DisplayOffset 10
X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem    sftp    /usr/lib/ssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#    X11Forwarding no
#    AllowTcpForwarding no
#    ForceCommand cvs server

AllowUsers    adso

#Subsystem       sftp    /usr/lib/ssh/sftp-server

Offline

#19 2010-09-12 18:24:52

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,740

Re: [SOLVED] SSH port 22

change this line

PasswordAuthentication no

to

PasswordAuthentication yes

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#20 2010-09-12 18:34:27

hadso
Member
Registered: 2010-09-03
Posts: 14

Re: [SOLVED] SSH port 22

ewaller wrote:

change this line

PasswordAuthentication no

to

PasswordAuthentication yes

Done... but it did not work sad

[adso@myhost ~]$ ssh -v adso@127.0.0.1
OpenSSH_5.6p1, OpenSSL 1.0.0a 1 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/adso/.ssh/id_rsa type -1
debug1: identity file /home/adso/.ssh/id_rsa-cert type -1
debug1: identity file /home/adso/.ssh/id_dsa type -1
debug1: identity file /home/adso/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6
debug1: match: OpenSSH_5.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '127.0.0.1' is known and matches the RSA host key.
debug1: Found key in /home/adso/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/adso/.ssh/id_rsa
debug1: Trying private key: /home/adso/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).

Offline

#21 2010-09-12 18:38:36

loafer
Member
From: the pub
Registered: 2009-04-14
Posts: 1,772

Re: [SOLVED] SSH port 22

Did you restart ssh?


All men have stood for freedom...
For freedom is the man that will turn the world upside down.
Gerrard Winstanley.

Offline

#22 2010-09-12 18:42:44

hadso
Member
Registered: 2010-09-03
Posts: 14

Re: [SOLVED] SSH port 22

loafer wrote:

Did you restart ssh?

No I didn't... so sorry tongue.
Now the ping worked, it means that I can connect to my PC from every where trought SSH, isn't it?

Thanks!

Offline

#23 2010-09-12 18:59:08

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,740

Re: [SOLVED] SSH port 22

Don't forget to edit the original post and add [Solved] to the subject.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#24 2010-09-12 19:10:11

hadso
Member
Registered: 2010-09-03
Posts: 14

Re: [SOLVED] SSH port 22

Thank you people! Thanks a lot!
Now I am able to conect trought SSH!

Thanks a lot!

[SOLVED]

Offline

#25 2010-09-13 02:23:04

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,354

Re: [SOLVED] SSH port 22

YOu need to edit the FIRST post, and change the title of the thread.


Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

Board footer

Powered by FluxBB