Results 1 to 9 of 9

Thread: Enabling Basic SSH on SUSE 12.1

  1. #1

    Default Enabling Basic SSH on SUSE 12.1

    Dear All,

    My brain is dying on me but I wanted to setup SSHD so I can log into my computer remotely. I downloaded the fancy GUI yast2 SSHD manager and I have configured it so it seems to have everything that I need: it starts automagically on system startup, it has a port number (for now 22 but I plan on changing it), I allow TCP forwarding, X forwarding, compression, firewall is disabled, I permit public key usage, etc.

    So, when I try to log into my shiny new linux box using my Macbook I get an error saying that the connection was refused. I have tried to use this link:

    SDB:Configure openSSH - openSUSE

    But since I am using the GUI SSHD manager I am a little confused what steps I am missing and which ones I have successfully bypassed. I think I need to configure my ssh_config files, but I don't want to mess anything up. My settings look like this:

    Code:
    #	$OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $
    
    # This is the ssh client system-wide configuration file.  See
    # ssh_config(5) for more information.  This file provides defaults for
    # users, and the values can be changed in per-user configuration files
    # or on the command line.
    
    # Configuration data is parsed as follows:
    #  1. command line options
    #  2. user-specific file
    #  3. system-wide file
    # Any configuration value is only changed the first time it is set.
    # Thus, host-specific definitions should be at the beginning of the
    # configuration file, and defaults at the end.
    
    # Site-wide defaults for some commonly used options.  For a comprehensive
    # list of available options, their meanings and defaults, please see the
    # ssh_config(5) man page.
    
    Host *
    #   ForwardAgent no
    #   ForwardX11 no
    
    # If you do not trust your remote host (or its administrator), you
    # should not forward X11 connections to your local X11-display for
    # security reasons: Someone stealing the authentification data on the
    # remote side (the "spoofed" X-server by the remote sshd) can read your
    # keystrokes as you type, just like any other X11 client could do.
    # Set this to "no" here for global effect or in your own ~/.ssh/config
    # file if you want to have the remote X11 authentification data to
    # expire after two minutes after remote login.
    ForwardX11Trusted yes
    
    #   RhostsRSAAuthentication no
    #   RSAAuthentication yes
    #   PasswordAuthentication yes
    #   HostbasedAuthentication no
    #   GSSAPIAuthentication no
    #   GSSAPIDelegateCredentials no
    #   BatchMode no
    #   CheckHostIP yes
    #   AddressFamily any
    #   ConnectTimeout 0
    #   StrictHostKeyChecking ask
    #   IdentityFile ~/.ssh/identity
    #   IdentityFile ~/.ssh/id_rsa
    #   IdentityFile ~/.ssh/id_dsa
    #   Port 22
        Protocol 2
    #   Cipher 3des
    #   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
    #   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
    #   EscapeChar ~
    #   Tunnel no
    #   TunnelDevice any:any
    #   PermitLocalCommand no
    #   GSSAPIAuthentication no
    #   GSSAPIDelegateCredentials no
    
    # Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
    # mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
    # in this release. The use of 'gssapi' is deprecated due to the presence of
    # potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
    #   GSSAPIEnableMITMAttack no
    
    # This enables sending locale enviroment variables LC_* LANG, see ssh_config(5).
    SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    SendEnv LC_IDENTIFICATION LC_ALL
    
    # This will print the fingerprint of the host key in "visual" form
    # this should make it easier to also recognize bad things
    VisualHostKey no
    
    # This will hash new host keys and make them so unusable for malicious
    # people or software trying to use known_hosts to find further hops.
    HashKnownHosts yes
    
    #   ProxyCommand ssh -q -W %h:%p gateway.example.com
    Can you help guide me in the right direction?
    Thanks.

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,357
    Blog Entries
    3

    Default Re: Enabling Basic SSH on SUSE 12.1

    Quote Originally Posted by mylesbaker View Post
    I downloaded the fancy GUI yast2 SSHD manager
    I didn't know that existed. But then, I cannot imagine what I would use it for.

    The first thing to check is that sshd is running.
    Code:
    % netstat -an | grep :22
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      
    tcp        0      0 :::22                   :::*                    LISTEN
    In my case, those lines indicate that it is. A "connection refused" often means that the server is not running.

    Next, you have to allow port 22 through the firewall. I doubt that is your problem, for if the firewall is blocking connections then you would get a timeout trying to connect instead of a connection refused.

    If your computer is behind a home router, and you want access from outside the local LAN, then you will need to setup port forwarding on your router. Check the router documentation for details on that.
    openSUSE Leap 15.1; KDE Plasma 5;

  3. #3

    Default Re: Enabling Basic SSH on SUSE 12.1

    Quote Originally Posted by nrickert View Post
    I didn't know that existed. But then, I cannot imagine what I would use it for.

    The first thing to check is that sshd is running.
    Code:
    % netstat -an | grep :22
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      
    tcp        0      0 :::22                   :::*                    LISTEN
    In my case, those lines indicate that it is. A "connection refused" often means that the server is not running.

    Next, you have to allow port 22 through the firewall. I doubt that is your problem, for if the firewall is blocking connections then you would get a timeout trying to connect instead of a connection refused.

    If your computer is behind a home router, and you want access from outside the local LAN, then you will need to setup port forwarding on your router. Check the router documentation for details on that.
    Mine is running. I think it might be because I am trying to access it through the same router. I am going to ssh into my school's computers and try again from there.

  4. #4

    Default Re: Enabling Basic SSH on SUSE 12.1

    Still no luck. If I plan to do this occasionally should I set up a static ip address for this computer?

  5. #5
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,357
    Blog Entries
    3

    Default Re: Enabling Basic SSH on SUSE 12.1

    First things first.

    Are you behind a home router (or NAT router)?

    If you are behind a router, then your computer should have an IP address something like 192.168.1.20

    That is, it probably begins 192.168 or sometimes 172.x or 10.x

    If you are behind a router, then try connecting using the LAN IP. That is, from the Macbook, try connecting to 192.168.1.20 (or whatever that LAN ip is).

    I'll comment further after you reply about that.
    openSUSE Leap 15.1; KDE Plasma 5;

  6. #6

    Default Re: Enabling Basic SSH on SUSE 12.1

    I'm not familiar with the GUI utility but what do you have in /etc/ssh/sshd_config? Specifically for 'ListenAddress 0.0.0.0' ? Is that IP appearing there the one you want it to be (or 0.0.0.0 which basically means to bind to all available IPs on all interfaces)?

    From what I understand you want to do this:

    OpenSUSE <-----> Router <----------------> Your ISP <-------------> Internet

    Also with another computer (Your Macbook) connected behind your router.

    From what I know then you probably want to use the the Local NAT IP address and bind to that interface (for example, 192.168.1.45). Then from there you configure your router to forward all connections coming from the internet on the ssh port (usually 22) to go to that local machine assuming you want to accept connections from over the internet to your OpenSUSE SSH port (This is actually somewhat dangerous, you don't need to do this just to connect from your macbook when also behind the router). So usually this means you do want to configure the local machine to use a static IP address behind the router (so that you know where to forward port 22 traffic). Then also for your Macbook to connect you would simply have it connect to the local IP address (such as 192.168.1.45) and it would do so to the other machine all behind the router.

  7. #7
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,649
    Blog Entries
    14

    Default Re: Enabling Basic SSH on SUSE 12.1

    I do use the GUI. Did you set it to start at boottime? This is in the first Tab. They option to open the firewallport is there too. If you change ports, go there too to apply changes and reload the service. Works fine here with defaults except for portno.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  8. #8

    Default Re: Enabling Basic SSH on SUSE 12.1

    You don't need to change anything in /etc/ssh/sshd_config, unless you have special needs. All you need is to have the sshd service running, which you can check with this command:

    Code:
    systemctl status sshd.service
    and start/stop with:
    Code:
    systemctl start sshd.service
    systemctl stop sshd.service
    Further you need to open port 22 or the port on which you're running sshd. It is a little bit safer to use a higher port, since your router is permanently port scanned by potential intruders. To use an alternate port, you would add it in /etc/sshd_config. Example:

    Code:
    Port 22
    Port 9422
    Athough what matters is not the port on your computer but the port on your router. You can also open a higher port on your router. You can run sshd on several ports. I highly recommend to use fail2ban if you intend to connect from outside your lan. It is available in the standard repo:

    Code:
    zypper info fail2ban
    On your router you need to forward the ssh port to your computer, as already said. From the outside world, you connect to your router IP. If it changes to often, you need to set up a DDNS account. There are some for free. Use the blip script to find out your external IP or ask a site such as Current IP Check.

  9. #9
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Enabling Basic SSH on SUSE 12.1

    On 2012-02-09 16:56, davidmfl wrote:
    > OpenSUSE <-----> Router <----------------> Your ISP <------------->
    > Internet


    Forget that. Concentrate first in making it work from a computer to another
    computer in the same local network.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •