SSH and the SuSE Firewall

Culture1 · April 1, 2010, 1:35pm

I need some help please as to how I can get SSH to work with an enabled Firewall on openSuse 11.2/3 (KDE4.4.2).
I have added SSH to the services that the Firewall should allow but I still can’t connect. Sshd is also activated.
I can only connect if the Firewall is not active which I obviously don’t want since I use both computers for Internet.

Akoellh · April 1, 2010, 1:53pm

I have added SSH to the services that the Firewall should allow but I still can’t connect. Sshd is also activated.

Then you must have done something wrong, works fine here.

Double check configuration, especially for interfaces/zones and services.

OTOH, configured correctly, one does not need a “firewall” (read packet filter), turn off unneeded services or bind them to localhost if they should run an not be accessible from the outside.

Example:

# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          8302       2427/sshd           
tcp        0      0 127.0.0.1:8118          0.0.0.0:*               LISTEN      111        7250       1872/polipo         
tcp        0      0 127.0.0.1:9050          0.0.0.0:*               LISTEN      0          8606       2541/tor

No firewall activated, don’t see a reason why.

caf4926 · April 1, 2010, 1:53pm

http://susewiki.org/index.php?title=Public_Key_Authentication_with_SSH

I use fish

Eg: fish://xxxx@192.168.0.2/

oldcpu · April 1, 2010, 2:01pm

Do not forget to start the ssh daemon. Open SUSE-11.2/11.3 are different from previous openSUSE versions where the ssh daemon is not started by default as part of the install in 11.2/11.3.

Culture1 · April 1, 2010, 2:07pm

Actually, what is used for the connection is FISH. Isn’t SSH and FISH the just about the same? Only that SSH is server and FISH client?

Culture1 · April 1, 2010, 2:12pm

I activated sshd in (System Services) Runlevel. Shouldn’t that start the daemon?

oldcpu · April 1, 2010, 2:13pm

Yes it should.

Culture1 · April 1, 2010, 2:16pm

I havve to check if it#s activated on both computers and then get back to you.

oldcpu · April 1, 2010, 2:17pm

Just a further note, ssh and sftp does work on 11.3 milestone. I’ve tested 11.3 M4 with LXDE successfully transferring large files from the 11.3 M4 LXDE to an 11.2 KDE-4.3.5 on our home LAN using sftp.

However I did raise a bug report on the LXDE desktop PCManFM (and it turns out Nautilus has same bug) in using sftp on 11.3 milestone4. On 11.3 sftp works once for a given user with those two file managers and then breaks. So I ended up using FileZilla as a work around, until PCManFM and nautilus are fixed (for LXDE). ssh however works fine with 11.3 and no such connection bug that I encountered.

Are you trying a simple terminal log in with ssh , or are you trying something more complex ?

Culture1 · April 1, 2010, 3:35pm

Oldcpu, it looks like I have messed up something somewhere. It was working fine for a while but i don’t know what happened. i thought that the Firewall was the problem.
I am having problems with authentication if I use SFTP. It won’t accept my password. The only thing that is working is the terminal.

user · April 1, 2010, 4:32pm

On 04/01/2010 04:36 PM, Culture1 wrote:
>
> oldcpu;2146285 Wrote:
>> Just a further note, ssh and sftp does work on 11.3 milestone.

<snip>

> I am having problems with authentication if I use SFTP. It won’t accept
> my password. The only thing that is working is the terminal.

I’m also having this problem.
I quote what I wrote to the factory mailing list (no replies there yet):

…
I am running latest ML as a VBox guest on an 11.2 host.

I can ping in and out.
I can ssh in and out, LAN or WAN.
I can open LAN Samba shares
I can connect in over fish or sftp from LAN and WAN

But can’t connect out to any hosts over fish or sftp.

Host I’m trying to connect to over WAN shows:

pam_unix2(sshd:auth): conversation failed
error: ssh_msg_send: write
error: PAM: Authentication failure for ‘user’ from ‘ipaddress’ port
'33804 ssh2.

Host I try to connect in LAN says nothing.

I booted the same VBox guest using 11.0 Live KDE CD and everything works
from there.

What should I look into?
…

Is the above familiar in any way your case?

Vahis

http://waxborg.servepics.com
openSUSE 11.2 (x86_64) 2.6.31.12-0.2-default
17:28pm up 6 days 20:46, 11 users, load average: 0.06, 0.12, 0.11

Culture1 · April 1, 2010, 5:01pm

It’s now working. I tried so many things that i don’t even know what was the solution.
However, the last thing that I did was to delete the known_hosts files in /nameofmyhomedirectory/.ssh on both computers. I rebooted both, new files were generated and it’s now working. At least SFTP.

oldcpu · April 1, 2010, 5:11pm

Maybe it is an 11.3 bug.

Install FileZilla (it come with 11.3) and try.

I raised a bug report on 11.3 PCManFM , and in testing I discovered the same problem exists with Nautilus (but not with FileZilla).

oldcpu · April 1, 2010, 5:13pm

Glad its working now, … as you can see from my above post, there is a bug here https://bugzilla.novell.com/show_bug.cgi?id=592432 on 11.3 that I raised.

caf4926 · April 1, 2010, 7:23pm

Usually just the known_hosts file on the remote computer

oldcpu · April 1, 2010, 7:30pm

In the case of the bug report I raised, this does not work.