Dear forum members,
after installing Suse Tumbleweed on my new laptop, I can sftp from this laptop to the desktop, but not from the desktop to the laptop. It works with the old laptop. What am I doing wrong?
Firewall??
Two questions:
(1) is âsshdâ running?
check with:
systemctl status sshd
(2) Did you open the firewall for the sshd service?
Thereâs actually a place in the installer summary screen where you can enable the sshd service and open the firewall. I always do that, and I never have the problem you are describing.
Die Firewall ist an, aber unter Yast ist in der Zone âHomeâ der Dienst âsshâ erlaubt.
This is what I get if I enter âsystemctl status sshdâ:
sshd.service - OpenSSH Daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: disabled)
Active: active (running) since Thu 2023-12-21 15:30:22 NST; 1h 34min ago
Process: 1294 ExecStartPre=/usr/sbin/sshd-gen-keys-start (code=exited, status=0/SUCCESS)
Process: 1307 ExecStartPre=/usr/sbin/sshd -t $SSHD_OPTS (code=exited, status=0/SUCCESS)
Main PID: 1320 (sshd)
Tasks: 1
CPU: 23ms
CGroup: /system.slice/sshd.service
ââ1320 âsshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startupsâ
Do you get any errors or is just nothing happening?
If nothing happens, do you maybe have ssh configured to only accept pubkey authentication and not password authentication?
More information about your setup would be great.
I think I enabled ssh in the installer screen: It was a few weeks ago, though.
I can ping the laptop, but if I sftp it, it says âno route to hostâ.
run an nmap scan against the IP of the laptop from the desktop to see if the port for ssh is open.
sudo nmap -sV IP-of-your-laptop
if nmap cannot connect to the IP either, then maybe thereâs an issue in your network.
Are you using your home router as your DNS server?
The response to the nmap command is:
âAll 1000 scanned ports on 192.168.2.22 are in ignored states.â
run âsudo systemctl disable firewalldâ on the laptop and then run the nmap scan again and see if the port is now listed as open.
I did that, and the nmap result changed from
Not shown: 990 filtered tcp ports
to 989 filtered tcp ports.
I still cannot sftp to the laptop, though.
So port 22 is listed as open but sftp still does not work? I assume you cannot ssh into the laptop either?
Can you paste the content of your /etc/ssh/sshd_config from the laptop please
There is no such file. There is a directory /etc/ssh/sshd_conf.d, in fact two of these, but they are empty.
Sorry, one directory is ssh_config.d, the other is sshd_config.d.
Weird. Can you run âsudo zypper in -y openssh-serverâ and see if the file exists afterwards? If it does, run âsudo systemctl restart sshdâ to reinitialize the ssh server and try to sftp into the laptop again.
According to Yast, openssh-server is installed. Shall I do the zypper command nonetheless?
No /etc/ssh/sshd_config just means theyâre using the default one in /usr/etc/ssh/ssh_config
Oh yes, this file exists. Here it is:
$OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $
This is the ssh client system-wide configuration file. See
ssh_config(5) for more information. This file provides defaults for
users, and the values can be changed in per-user configuration files
or on the command line.
Configuration data is parsed as follows:
1. command line options
2. user-specific file
3. system-wide file
Any configuration value is only changed the first time it is set.
Thus, host-specific definitions should be at the beginning of the
configuration file, and defaults at the end.
Site-wide defaults for some commonly used options. For a comprehensive
list of available options, their meanings and defaults, please see the
ssh_config(5) man page.
To modify the system-wide ssh configuration, create a â*.confâ file under
â/etc/ssh/ssh_config.d/â which will be automatically included below.
Donât edit this configuration file itself if possible to avoid update
problems.
Include /etc/ssh/ssh_config.d/.conf
Include /usr/etc/ssh/ssh_config.d/.conf
Host *
ForwardAgent no
ForwardX11 no
If you do not trust your remote host (or its administrator), you
should not forward X11 connections to your local X11-display for
security reasons: Someone stealing the authentification data on the
remote side (the âspoofedâ X-server by the remote sshd) can read your
keystrokes as you type, just like any other X11 client could do.
Set this to ânoâ here for global effect or in your own ~/.ssh/config
file if you want to have the remote X11 authentification data to
expire after twenty minutes after remote login.
ForwardX11Trusted yes
This enables sending locale enviroment variables LC_* LANG, see ssh_config(5).
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL
PasswordAuthentication yes
HostbasedAuthentication no
GSSAPIAuthentication no
GSSAPIDelegateCredentials no
GSSAPIKeyExchange no
GSSAPITrustDNS no
BatchMode no
CheckHostIP yes
AddressFamily any
ConnectTimeout 0
StrictHostKeyChecking ask
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
IdentityFile ~/.ssh/id_ecdsa
IdentityFile ~/.ssh/id_ed25519
Port 22
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,umac-64@openssh.com
EscapeChar ~
Tunnel no
TunnelDevice any:any
PermitLocalCommand no
VisualHostKey no
ProxyCommand ssh -q -W %h:%p gateway.example.com
RekeyLimit 1G 1h
UserKnownHostsFile ~/.ssh/known_hosts.d/%k
Sorry, this seems to be one of the things tumbleweed does differently from leap.
However, after installing openssh-server and starting the service with âsudo systemctl start sshdâ I was able to âsshâ into the VM from the VM itself. Try restarting the service and see if you can ssh into the laptop from the laptop. If that doesnât work either, then maybe one of the more experienced users here can help you.