[Leaplist] SSH help

Dan Cherry dscherry at bellsouth.net
Fri Jan 12 15:52:51 EST 2007 

ray wrote:
> I now have my rig up and running debian etch with the ix86 kernel, sound
> is working, 3D Nvidia drivers are installed, even have the flashplayer9
> beta for linux working great in FF.
> 
> now i need to figure out how to ssh INTO the system.  i can ssh out, but
> not in.  both the hosts.allow and deny are empty and i did a base system
> install so iptables should not be installed, but if it is, how do i tell
> and how do i disable it?
> 
> cat /etc/hosts.allow
> # /etc/hosts.allow: list of hosts that are allowed to access the system.
> #                   See the manual pages hosts_access(5), hosts_options(5)
> #                   and /usr/doc/netbase/portmapper.txt.gz
> #
> # Example:    ALL: LOCAL @some_netgroup
> #             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
> #
> # If you're going to protect the portmapper use the name "portmap" for the
> # daemon name. Remember that you can only use the keyword "ALL" and IP
> # addresses (NOT host or domain names) for the portmapper, as well as for
> # rpc.mountd (the NFS mount daemon). See portmap(8), rpc.mountd(8) and
> # /usr/share/doc/portmap/portmapper.txt.gz for further information.
> 
> cat /etc/hosts.deny
> # /etc/hosts.deny: list of hosts that are _not_ allowed to access the
> system.
> #                  See the manual pages hosts_access(5), hosts_options(5)
> #                  and /usr/doc/netbase/portmapper.txt.gz
> #
> # Example:    ALL: some.host.name, .some.domain
> #             ALL EXCEPT in.fingerd: other.host.name, .other.domain
> #
> # If you're going to protect the portmapper use the name "portmap" for the
> # daemon name. Remember that you can only use the keyword "ALL" and IP
> # addresses (NOT host or domain names) for the portmapper. See portmap(8)
> # and /usr/doc/portmap/portmapper.txt.gz for further information.
> #
> # The PARANOID wildcard matches any host whose name does not match its
> # address.
> 
> # You may wish to enable this to ensure any programs that don't
> # validate looked up hostnames still leave understandable logs. In past
> # versions of Debian this has been the default.
> # ALL: PARANOID
> 
> so those are both just full of notes.  if i ssh into an other box, i can
> then ssh back into this box but ONLY from that ssh session so it is not
> my IPCop and port forwarding that is fubar and sshd is running, but why
> can i not ssh in from LAN or WAN unless i have sshed out?
> _______________________________________________
> Leaplist mailing list
> Leaplist at leap-cf.org
> http://lists.leap-cf.org/mailman/listinfo/leaplist
is the new box 'rejecting' your attempts to ssh in, or are the other 
boxes not 'seeing' the new box.  Can you ping the new box from one of 
the others?

-- 
Dan Cherry
dscherry (@) bellsouth.net

Finding a solution to a problem doesn't solve the problem...
Implementing the solution solves the problem.

More information about the Leaplist mailing list