telnet or ssh over local network

telnet or ssh over local network

Post by Mar » Thu, 21 Feb 2002 01:41:36



I need some help getting telnet and/or ssh servers configured on my
Redhat 7.1 box.  I have the following installed:

openssh2.5.2p2-5
telnet 0.17-10

I seem to be able to logon using telnet or ssh when using my 'linux'
box (telnet 127.0.0.1) .  I cannot logon using my windows box and a
network connection, though.

I can ping the linux box from my windows 98 box without difficulty.

When I attempt a telnet session over my network, I get the error
message: 'could not open a connection to 192.168.x.x'

When I attempt a ssh session over my network, I get the message: "the
host '192.168.x.x' is unreachable.  the host may be down, or there may
be a problem with the network connection.  sometimes such problems can
also be caused by a misconfigured firewall.

I've spent the last three hours reading man pages and posts.  I've
followed suggestions concerning changes to:
/etc/hosts.allow: telnet:all
/etc/xinet.d/telnet:
service telnet
{
   protocol = tcp
   flags = resue
   socket_type = stream
   wait = no
   user = root
   server = /usr/sbin/in.telnetd
   log_on_failure += USERID
   disable = no
   prot = 23

Quote:}

I changed the ListenAddress in sshd_config to the local IP of my win98
machine (198.168.x.x).

These changes had no impact.

One message I read suggested 'naming' the computers on the network
within the 'hosts' file, but I couldn't figure out what that meant.

any help would be appreciated.

Mark

 
 
 

telnet or ssh over local network

Post by Jonathan Klin » Thu, 21 Feb 2002 02:44:21


Mark:
Make sure you have both ssh-server and telnet-server installed. Next verify
that the services are actually run... 'ps aux|grep sshd', if sshd is not
running you need to start it using your systems init scripts or execute
/usr/local/sbin/sshd from a comnmand line. Also make sure you sent a HUP or
restarted xinetd after you editted the telnet config.

As far as naming the hosts........ Open /etc/hosts in an editor (aka vi
/etc/hosts)
Scroll to the end and add as an example, box 192.168.1.5 whose name is doej
and domain is localdomain

add the following entry:
192.168.1.5     doej.localdomain        doej

Hope this helps,


> I need some help getting telnet and/or ssh servers configured on my
> Redhat 7.1 box.  I have the following installed:

> openssh2.5.2p2-5
> telnet 0.17-10

> I seem to be able to logon using telnet or ssh when using my 'linux'
> box (telnet 127.0.0.1) .  I cannot logon using my windows box and a
> network connection, though.

> I can ping the linux box from my windows 98 box without difficulty.

> When I attempt a telnet session over my network, I get the error
> message: 'could not open a connection to 192.168.x.x'

> When I attempt a ssh session over my network, I get the message: "the
> host '192.168.x.x' is unreachable.  the host may be down, or there may
> be a problem with the network connection.  sometimes such problems can
> also be caused by a misconfigured firewall.

> I've spent the last three hours reading man pages and posts.  I've
> followed suggestions concerning changes to:
> /etc/hosts.allow: telnet:all
> /etc/xinet.d/telnet:
> service telnet
> {
>    protocol = tcp
>    flags = resue
>    socket_type = stream
>    wait = no
>    user = root
>    server = /usr/sbin/in.telnetd
>    log_on_failure += USERID
>    disable = no
>    prot = 23
> }

> I changed the ListenAddress in sshd_config to the local IP of my win98
> machine (198.168.x.x).

> These changes had no impact.

> One message I read suggested 'naming' the computers on the network
> within the 'hosts' file, but I couldn't figure out what that meant.

> any help would be appreciated.

> Mark

--
Jonathan Kline
Unix and Network Technician
Milwaukee School of Engineering

 
 
 

telnet or ssh over local network

Post by Mr. I.M. Kitt » Thu, 21 Feb 2002 03:30:37



> Mark:
> Make sure you have both ssh-server and telnet-server installed. Next
> verify that the services are actually run... 'ps aux|grep sshd', if sshd
> is not running you need to start it using your systems init scripts or
> execute /usr/local/sbin/sshd from a comnmand line. Also make sure you sent
> a HUP or restarted xinetd after you editted the telnet config.

> As far as naming the hosts........ Open /etc/hosts in an editor (aka vi
> /etc/hosts)
> Scroll to the end and add as an example, box 192.168.1.5 whose name is
> doej and domain is localdomain

> add the following entry:
> 192.168.1.5     doej.localdomain        doej

I didn't think the servers show up when you run them through inetd or
xinetd.  I thought the inetd's handled the listening of the ports and then
ran the daemon allocated to them when a request for a connection is made.

If this is true, then if he runs ps -aux, he won't get the services that
are running as listed.

He can check in netstat to see if xinetd is listening on the ports or he
can check /var/log/messages to see if xinetd is running the services
without problems.

--
-----------------------------------------------------------
From the Linux Box of WarpKat

Download my public key from:

                            (Public Key expires 01/08/2003)
-----------------------------------------------------------

 
 
 

telnet or ssh over local network

Post by Marc Green » Thu, 21 Feb 2002 05:29:49



Quote:> I need some help getting telnet and/or ssh servers configured on my
> Redhat 7.1 box.  I have the following installed:

> openssh2.5.2p2-5
> telnet 0.17-10

> I seem to be able to logon using telnet or ssh when using my 'linux'
> box (telnet 127.0.0.1) .  I cannot logon using my windows box and a
> network connection, though.

Ok, so the services are running.

Quote:> I can ping the linux box from my windows 98 box without difficulty.

Then network is functioning.

Quote:> When I attempt a telnet session over my network, I get the error
> message: 'could not open a connection to 192.168.x.x'

> When I attempt a ssh session over my network, I get the message: "the
> host '192.168.x.x' is unreachable.  the host may be down, or there may
> be a problem with the network connection.  sometimes such problems can
> also be caused by a misconfigured firewall.

Just how is your firewall configured? I would suspect this is the
culprit, my guess is /etc/sysconfig/ipchains has some rule in it to
block the ssh and telnet ports.

Quote:> I've spent the last three hours reading man pages and posts.  I've
> followed suggestions concerning changes to:
> /etc/hosts.allow: telnet:all
> /etc/xinet.d/telnet:
> service telnet
> {
>    protocol = tcp
>    flags = resue
>    socket_type = stream
>    wait = no
>    user = root
>    server = /usr/sbin/in.telnetd
>    log_on_failure += USERID
>    disable = no
>    prot = 23
> }

> I changed the ListenAddress in sshd_config to the local IP of my win98
> machine (198.168.x.x).

That's not right. Change it back to the default.

Quote:> These changes had no impact.

> One message I read suggested 'naming' the computers on the network
> within the 'hosts' file, but I couldn't figure out what that meant.

Use ip addresses until you get it working, then if you want to use
names instead of numbers, set up the /etc/hosts file.

HTH,

Marc

 
 
 

telnet or ssh over local network

Post by willp007u » Thu, 21 Feb 2002 06:33:33


Make sure you don't have an entry that is denying traffic on
/etc/hosts.deny.

Verify that there isn't a rule denying or dropping packets in the
installed firewall (if any)

iptables -L (I may be wrong on this one.  Just type man iptables)
ipchains --list

Of course look over your sshd_config and xinetd configuraiton files.



>> I need some help getting telnet and/or ssh servers configured on my
>> Redhat 7.1 box.  I have the following installed:

>> openssh2.5.2p2-5
>> telnet 0.17-10

>> I seem to be able to logon using telnet or ssh when using my 'linux'
>> box (telnet 127.0.0.1) .  I cannot logon using my windows box and a
>> network connection, though.

> Ok, so the services are running.

>> I can ping the linux box from my windows 98 box without difficulty.

> Then network is functioning.

>> When I attempt a telnet session over my network, I get the error
>> message: 'could not open a connection to 192.168.x.x'

>> When I attempt a ssh session over my network, I get the message: "the
>> host '192.168.x.x' is unreachable.  the host may be down, or there may
>> be a problem with the network connection.  sometimes such problems can
>> also be caused by a misconfigured firewall.

> Just how is your firewall configured? I would suspect this is the
> culprit, my guess is /etc/sysconfig/ipchains has some rule in it to
> block the ssh and telnet ports.

>> I've spent the last three hours reading man pages and posts.  I've
>> followed suggestions concerning changes to: /etc/hosts.allow:
>> telnet:all
>> /etc/xinet.d/telnet:
>> service telnet
>> {
>>    protocol = tcp
>>    flags = resue
>>    socket_type = stream
>>    wait = no
>>    user = root
>>    server = /usr/sbin/in.telnetd
>>    log_on_failure += USERID
>>    disable = no
>>    prot = 23
>> }

>> I changed the ListenAddress in sshd_config to the local IP of my win98
>> machine (198.168.x.x).

> That's not right. Change it back to the default.

>> These changes had no impact.

>> One message I read suggested 'naming' the computers on the network
>> within the 'hosts' file, but I couldn't figure out what that meant.

> Use ip addresses until you get it working, then if you want to use names
> instead of numbers, set up the /etc/hosts file.

> HTH,

> Marc

 
 
 

telnet or ssh over local network

Post by Hal Burgis » Thu, 21 Feb 2002 07:00:23



Quote:

> I've spent the last three hours reading man pages and posts.  I've
> followed suggestions concerning changes to:
> /etc/hosts.allow: telnet:all

This should be: in.telnetd: ALL

You have to use the full server name. 'telnet' is a client application,
not a server.

Quote:> /etc/xinet.d/telnet:
> service telnet
> {
>    protocol = tcp
>    flags = resue
>    socket_type = stream
>    wait = no
>    user = root
>    server = /usr/sbin/in.telnetd
>    log_on_failure += USERID
>    disable = no
>    prot = 23
> }

prot? Try this, from a working system:

service telnet
{
     flags          = REUSE
     socket_type    = stream        
     wait      = no
     user      = root
     server         = /usr/sbin/in.telnetd
     log_on_failure += USERID
     disable        = yes

Quote:}

I am not sure if those directives are case sensitive or not. I suspect
they are.

--
Hal Burgiss

 
 
 

telnet or ssh over local network

Post by Mar » Thu, 21 Feb 2002 10:10:24


Jonathan,

Thanks for the reply


> Mark:
> Make sure you have both ssh-server and telnet-server installed. Next verify
> that the services are actually run... 'ps aux|grep sshd',

I don't see sshd listed.

xinetd is listed as 'xinetd -stayalive'

Quote:>if sshd is not running you need to start it using your
>systems init scripts or execute
> /usr/local/sbin/sshd from a comnmand line.

I issued the command /usr/sbin/sshd since that was where sshd happened
to be.  I didn't get any message back, so I guess it ran. When I
issued the ps -aux command, sshd still didn't appear.

Quote:> Also make sure you sent a HUP or
> restarted xinetd after you editted the telnet config.

Not sure what a HUP might be.

Quote:> As far as naming the hosts........ Open /etc/hosts in an editor (aka vi
> /etc/hosts)
> Scroll to the end and add as an example, box 192.168.1.5 whose name is doej
> and domain is localdomain

> add the following entry:
> 192.168.1.5     doej.localdomain        doej

Thanks for this hint.  I've updated the host file.

Unfortunately, still no successful external telnet session

Mark

 
 
 

telnet or ssh over local network

Post by Mar » Thu, 21 Feb 2002 10:38:41



Quote:> I didn't think the servers show up when you run them through inetd or
> xinetd.  I thought the inetd's handled the listening of the ports and then
> ran the daemon allocated to them when a request for a connection is made.

> If this is true, then if he runs ps -aux, he won't get the services that
> are running as listed.

> He can check in netstat to see if xinetd is listening on the ports or he
> can check /var/log/messages to see if xinetd is running the services
> without problems.

Thanks for the reply.

Here is what I get after issuing 'netstat -ta

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address        
State
tcp        0      0 *:1024                  *:*                    
LISTEN
tcp        0      0 *:sunrpc                *:*                    
LISTEN
tcp        0      0 *:x11                   *:*                    
LISTEN
tcp        0      0 *:telnet                *:*                    
LISTEN
tcp        0      0 localhost.localdom:smtp *:*                    
LISTEN
tcp        1      0 192.168.yyy.xxx:zzzz    www.google.com:http    
CLOSE_WAIT
tcp        1      0 192.168.yyy.xxx:zzzz    216.239.35.119:http    
CLOSE_WAIT
tcp        1      0 192.168.yyy.xxx:zzzz    216.239.35.119:http    
CLOSE_WAIT

I guess this means telnet is listening.  No sign of sshd.

I grep'd /var/log/messages for sshd comments. I guess this is showing
sshd starting up and shutting down when I reboot. Here is what I
found:

Feb 19 08:05:41 localhost sshd: sshd -TERM succeeded
Feb 19 08:08:15 localhost sshd: Starting sshd:
Feb 19 08:08:15 localhost sshd:  succeeded
Feb 19 08:08:15 localhost sshd:
Feb 19 08:08:15 localhost rc: Starting sshd:  succeeded
Feb 19 08:33:10 localhost sshd(pam_unix)[1152]: session opened for
user mmills by (uid=0)
Feb 19 08:33:18 localhost sshd(pam_unix)[1152]: session closed for
user mmills
Feb 19 09:24:23 localhost sshd(pam_unix)[1266]: session opened for
user mmills by (uid=0)
Feb 19 09:24:43 localhost sshd(pam_unix)[1266]: session closed for
user mmills
Feb 19 09:45:37 localhost sshd(pam_unix)[1324]: session opened for
user mmills by (uid=0)
Feb 19 09:46:43 localhost sshd(pam_unix)[1324]: session closed for
user mmills
Feb 19 09:46:50 localhost sshd(pam_unix)[1361]: session opened for
user mmills by (uid=0)
Feb 19 09:46:55 localhost sshd(pam_unix)[1361]: session closed for
user mmills
Feb 19 09:50:08 localhost sshd: sshd -TERM succeeded
Feb 19 09:52:55 localhost sshd: Starting sshd:
Feb 19 09:52:56 localhost sshd:  succeeded
Feb 19 09:52:56 localhost sshd:
Feb 19 09:52:56 localhost rc: Starting sshd:  succeeded
Feb 19 17:19:44 localhost sshd: sshd shutdown failed
Feb 19 17:22:45 localhost sshd: Starting sshd:
Feb 19 17:22:45 localhost sshd:  succeeded
Feb 19 17:22:45 localhost sshd:
Feb 19 17:22:45 localhost rc: Starting sshd:  succeeded

 
 
 

telnet or ssh over local network

Post by Doug Holt » Thu, 21 Feb 2002 11:50:55


Mark;
I use putty to log in to my SSH box over the Internet.  Do a google search
for PuTTy.
To start SSH from the command line, type /etc/rc.d/init.d/sshd start and you
should get an OK response.
Then you need a private key on your remote machine to authenticate to your
ssh machine.  Read man sshd or something along this line, I forgot.
Good luck.
Doug


Quote:> I need some help getting telnet and/or ssh servers configured on my
> Redhat 7.1 box.  I have the following installed:

> openssh2.5.2p2-5
> telnet 0.17-10

> I seem to be able to logon using telnet or ssh when using my 'linux'
> box (telnet 127.0.0.1) .  I cannot logon using my windows box and a
> network connection, though.

> I can ping the linux box from my windows 98 box without difficulty.

> When I attempt a telnet session over my network, I get the error
> message: 'could not open a connection to 192.168.x.x'

> When I attempt a ssh session over my network, I get the message: "the
> host '192.168.x.x' is unreachable.  the host may be down, or there may
> be a problem with the network connection.  sometimes such problems can
> also be caused by a misconfigured firewall.

> I've spent the last three hours reading man pages and posts.  I've
> followed suggestions concerning changes to:
> /etc/hosts.allow: telnet:all
> /etc/xinet.d/telnet:
> service telnet
> {
>    protocol = tcp
>    flags = resue
>    socket_type = stream
>    wait = no
>    user = root
>    server = /usr/sbin/in.telnetd
>    log_on_failure += USERID
>    disable = no
>    prot = 23
> }

> I changed the ListenAddress in sshd_config to the local IP of my win98
> machine (198.168.x.x).

> These changes had no impact.

> One message I read suggested 'naming' the computers on the network
> within the 'hosts' file, but I couldn't figure out what that meant.

> any help would be appreciated.

> Mark

 
 
 

telnet or ssh over local network

Post by Mar » Thu, 21 Feb 2002 13:15:36


Hal,

Thanks for the reply.



> > I've spent the last three hours reading man pages and posts.  I've
> > followed suggestions concerning changes to:
> > /etc/hosts.allow: telnet:all

> This should be: in.telnetd: ALL

OK.  I've made that correction.

Try this, from a working system:

Quote:

> service telnet
> {
>      flags          = REUSE
>      socket_type    = stream        
>      wait      = no
>      user      = root
>      server         = /usr/sbin/in.telnetd
>      log_on_failure += USERID
>      disable        = yes
> }

Ok.  I've that's what my /etc/xinetd.d/telnet file now has.  There is
also what looks like comments in the first three lines.  The first is
"#default : on".  I've assumed that everything past the # sign was
simply a comment.

Still no luck getting into my linux box from my win98 box.  Ping still
works fine, though.  I'm a bit concerned that all my changes are
making things worse.  Earlier today, I could log in within the same
machine (via 127.0.0.1).  Now, that won't work.

Mark

 
 
 

telnet or ssh over local network

Post by Hal Burgis » Thu, 21 Feb 2002 14:45:03






> Try this, from a working system:

>> service telnet
>> {
>>      flags          = REUSE
>>      socket_type    = stream        
>>      wait      = no
>>      user      = root
>>      server         = /usr/sbin/in.telnetd
>>      log_on_failure += USERID
>>      disable        = yes
>> }

> Ok.  I've that's what my /etc/xinetd.d/telnet file now has.  There is

Sorry there Mark, I hope you noticed that had 'disable = yes' :(
Obvisoulsy should be 'no'. Toggle with 'chkconfig telnet on' which also
reloads xinetd (needs to be done).

Quote:> also what looks like comments in the first three lines.  The first is
> "#default : on".  I've assumed that everything past the # sign was
> simply a comment.

Yes.

Quote:> Still no luck getting into my linux box from my win98 box.  Ping still
> works fine, though.  I'm a bit concerned that all my changes are
> making things worse.  Earlier today, I could log in within the same
> machine (via 127.0.0.1).  Now, that won't work.

See above!!

--
Hal Burgiss

 
 
 

telnet or ssh over local network

Post by .Saphy » Thu, 21 Feb 2002 16:15:51


Quote:> I changed the ListenAddress in sshd_config to the local IP of my win98
> machine (198.168.x.x).

Hey,

The "listen adress" in many config files is not the adress your server
is to be answering requests to, but from! It should be set to All or
0.0.0.0 (check the man to be sure) if you only have one NIC on your
server.

This parameter is only to be set when you have many NICs in your
box and you want to specify which of them (by ipadress) will answer
requests (this option is for security reasons).

So, for sure, don't set it to your win98 box, your linux box does not
have that IP on it. ; )

That's also why your server is not listen in your netstats anymore
since you changed that parameter.

.antoine

 
 
 

telnet or ssh over local network

Post by Mar » Thu, 21 Feb 2002 23:32:17



> Make sure you don't have an entry that is denying traffic on
> /etc/hosts.deny.

> Verify that there isn't a rule denying or dropping packets in the
> installed firewall (if any)

> iptables -L (I may be wrong on this one.  Just type man iptables)
> ipchains --list

> Of course look over your sshd_config and xinetd configuraiton files.

Thanks for the reply.

I checked the hosts.deny file.  It had nothing but comments (#...).

I don't have a fire wall.

Here is the result of ipchains -L

Chain input (policy ACCEPT):
target     prot opt     source                destination          
ports
ACCEPT     udp  ------  ns2.HTCOMP.NET       anywhere            
domain ->   any
ACCEPT     udp  ------  ns1.htcomp.net       anywhere            
domain ->   any
ACCEPT     all  ------  anywhere             anywhere              n/a
REJECT     tcp  -y----  anywhere             anywhere              any
->   0:1023
REJECT     tcp  -y----  anywhere             anywhere              any
->   nfs
REJECT     udp  ------  anywhere             anywhere              any
->   0:1023
REJECT     udp  ------  anywhere             anywhere              any
->   nfs
REJECT     tcp  -y----  anywhere             anywhere              any
->   x11:6009
REJECT     tcp  -y----  anywhere             anywhere              any
->   xfs
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

The iptable -L command produces:

Hint: insmod errors can be caused by incorrect module parameters,
including invalid IO or IRQ parameters
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o:
init_module: Devise or resource busy
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod
ip_tables failed
iptables v1.2.1a: can't initialize iptables table 'filter': iptables
who? (do you need insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Thanks for the assistance.

Mark

 
 
 

telnet or ssh over local network

Post by Mar » Thu, 21 Feb 2002 23:34:49


Hal,

Thanks for the update.  I had not caught the 'disable = yes'.

I've now got it back to 'disable = no' and can again log in from this
box to itself via 127.0.0.1.

Mark


> Sorry there Mark, I hope you noticed that had 'disable = yes' :(
> Obvisoulsy should be 'no'. Toggle with 'chkconfig telnet on' which also
> reloads xinetd (needs to be done).

 
 
 

telnet or ssh over local network

Post by Amit Muth » Fri, 22 Feb 2002 00:27:00


[snip rest of input chain]

Quote:> REJECT     tcp  -y----  anywhere             anywhere              any
> ->   0:1023

this rule is preventing any tcp packets from your win98 box from reaching
port 22 (ssh) or port 23 (telnet) on your RH server. you need to ACCEPT
these packets using a rule higher up in the chain.