Results 1 to 4 of 4
I have setup sshd so I am able to connect via putty to my laptop running backtrack2. I want to be able to connect to it from other places, like ...
- 11-27-2007 #1Just Joined!
- Join Date
- Nov 2007
- Posts
- 2
sshd_config listenaddress
I have setup sshd so I am able to connect via putty to my laptop running backtrack2. I want to be able to connect to it from other places, like work and school, so i have configured my router to accept inbound connections on port 22 (and 23 for no reason at all) and I have set the listen address to the gateway on my router which is 192.168.0.1. I try and connect to my lan with my network's ip as assigned by my isp with putty from outside my network and am getting connection time out error from putty. It was actually working a while ago, but I had to do a reinstall for an unrelated reason and have not been able to get it working since. Below is my sshd_config file:
$OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 22
#Protocol 2,1
#AddressFamily any
ListenAddress 192.168.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
If anyone is able to help me out with this i would greatly appreciate it. Also, i was wondering if I am able to set ListenAddress to a range with 0's (like 192.168.0.0) so it can take connections both internally and externally at the same time. Hope to see a response soon!
- 11-27-2007 #2Linux Guru
- Join Date
- Nov 2007
- Posts
- 1,695
You shouldn't need to change the listenaddress at all. I assume you only have 1 NIC, so just let it listen on the default interface.
My sshd_config:
I'm sometimes behind a hardware router, and sometimes behind an iptables firewall. I just forward the needed port thru the firewall to the IP of the SSH server.Code:# The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. Port 16786 Protocol 2 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key
PS. No, 192.168.0.0 is not a valid address.
- 11-27-2007 #3Linux Enthusiast
- Join Date
- Aug 2006
- Location
- Portsmouth, UK
- Posts
- 539
You don't want port 23 open (telnet) that will attract more than the usual amount of undesirable traffic!(and 23 for no reason at all)RHCE #100-015-395
Please don't PM me with questions as no reply may offend, that's what the forums are for.
- 11-27-2007 #4Just Joined!
- Join Date
- Nov 2007
- Posts
- 2
Thanks HROAdmin26 and matonb for the advice. In making the changes you both suggested I then received an error in putty saying connection refused. I looked up that error and found:
http://www.linuxforums.org/forum/ser...sed-error.html
which led me to a resolution. thanks again!!!
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
