I am trying to set up SSH between my desktop and wireless laptop, both running Suse 11. I have done ssh-keygen on both machines and copied rsa pub keys to both machines authorized_keys via scp. I am able to SSH from both machines with Suse firewall turned off. When I enable firewall I cannot connect to either machine. I went into Firewall>allowed services and allowed secure shell server by dropdown box for internal zone on both machines, but still no luck. I am able to SCP with firewall turned on. If I disable firewall and start an SSH connection, then turn on firewall I am able to continue my session. I’m pretty sure this is a firewall setting but I’m not sure where to look. Can someone point me in the right direction?
Thanks
If you are able to scp with the firewall turned on, then it’s not a firewall issue, because scp uses ssh. You’re sure about that observation?
To find out more about what’s happening, use -v with ssh to see the protocol exchanges.
You’re right ken_yap, I must have forgotten I turned off firewall for scp. I just tried now and no connection, so I turned off firewall and scp went through. Sorry about that:shame:
ssh with -v (and firewall turned on) shows:
ssh -v mark@xxx.xxx.x.xxx
OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to xxx.xxx.x.xxx [xxx.xxx.x.xxx] port 22.
debug1: connect to address xxx.xxx.x.xxx port 22: Connection timed out
ssh: connect to host xxx.xxx.x.xxx port 22: Connection timed out
I also poked around in /etc/ssh/ssh_config as that is referenced in debug out put and found the line
#AuthorizedKeysFile .ssh/authorized_keys.
Should that be on two lines? such as:
#AuthorizedKeysFile
.ssh/authorized_keys
I meant I found “#AuthorizedKeysFile .ssh/authorized_keys” in /etc/ssh/sshd_config.
Well, I tried some tips from here but no luck. Same thing, I can’t connect until I turn off firewall on machine I am trying to connect to. Under Suse firewall, all I did is select “secure shell server” from the dropdown box under internal zone and entered 22 under UDP ports. I did not enter anything under “IP protocals” from the advanced menu. Is there any other setting for Suse firewall in order to enable SSH?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Try the external zone.
Good luck.
msjones wrote:
> Well, I tried some tips from ‘here’
> (http://en.opensuse.org/Public_Key_Authentication) but no luck. Same
> thing, I can’t connect until I turn off firewall on machine I am trying
> to connect to. Under Suse firewall, all I did is select “secure shell
> server” from the dropdown box under internal zone and entered 22 under
> UDP ports. I did not enter anything under “IP protocals” from the
> advanced menu. Is there any other setting for Suse firewall in order to
> enable SSH?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJXuYT3s42bA80+9kRAjbUAJ0X7oYsDHs889WnWLbdrEHNiach3ACdED+4
tv/iukX5JYFBxowaepOmE2k=
=nl9p
-----END PGP SIGNATURE-----
Yes, setting firewall to external zone for ssh worked. I was mistakingly thinking that since I was connecting via my network that I would be using internal setting of firewall. Thank you.
Yeah, that can be confusing. On systems with a single network interface, it would be helpful if the firewall configuration would just gray out those choices. With a single network card, everything is “external” to your computer – whether it’s your friend’s PC across the room or a server in another country.
The only time the “internal” and “external” selections really mean anything is (a), when you have at least two network interfaces and (b), the machine is being used to route and/or forward packets from one network to another. In that case, “external” is typically the interface that’s looking toward the Internet, and “internal” is the one looking at the LAN inside your building.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Well put all around… and thank-you (msjones) for posting back the
solution.
Good luck.
smpoole7 wrote:
> msjones;1920533 Wrote:
>> Yes, setting firewall to external zone for ssh worked. I was mistakingly
>> thinking that since I was connecting via my network that I would be
>> using internal setting of firewall. Thank you.
>> Yes, setting firewall to external zone for ssh worked. I was
>> mistakingly thinking that since I was connecting via my network that I
>> would be using internal setting of firewall. Thank you.
>> Reply With Quote
>
> Yeah, that can be confusing. On systems with a single network
> interface, it would be helpful if the firewall configuration would just
> gray out those choices. With a single network card, everything is
> “external” to your computer – whether it’s your friend’s PC across the
> room or a server in another country.
>
> The only time the “internal” and “external” selections really mean
> anything is (a), when you have at least two network interfaces and (b),
> the machine is being used to route and/or forward packets from one
> network to another. In that case, “external” is typically the interface
> that’s looking toward the Internet, and “internal” is the one looking at
> the LAN inside your building.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJXwxZ3s42bA80+9kRArPMAJ9sPToA7eRWw39YFtaVa9I+igxq9QCdHou/
CD8h9SiSXXxCfjzg/0MZND8=
=QHSG
-----END PGP SIGNATURE-----