Port 22 How to open it?
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Port 22 How to open it?
Trying to use 'sh' protocol or 'fish' in Konqueror. Need port 22 open. Any help will be much appreciated.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
You might be right. I'm a newbie. One of the Gurus in this forum told me that iptables came in Mint enabled by default closing all ports. I also know that I used 'fish' in Konqueror with port 22 open from box with Ubuntu in to box with Suse 10.2, where I had to open port 22 in Firestarter. Since then I erased Suse and I installed Mint. When I tried the same from box with Ubuntu, it gave me error. In a word, I need guidance. All I want to do is transfer files. 'fish' in Konqueror, which I think is another expression of ssh, allowed me to do that. So, please help. Do I need to 'install' ssh in Mint?
To ssh into your mint box you need to install the ssh package with Synaptic on the mint box you are trying to connect to first, the server part is not installed by default in mint, but I think the client is. I know this because I couldn't ssh into one of my mint boxes without first installing ssh on the box I was trying to get into, and after it was installed it worked.
Correction, The openssh client is installed, it's the openssh server you need to install on the box you are trying to connect to.
Correction, The openssh client is installed, it's the openssh server you need to install on the box you are trying to connect to.
Desktop Core i7 Linux Mint 21.1 / Laptop Dell Precision M6400 Linux Mint 21.1
In this case the normally so reliable scorp123 was not reliable - to my knowledge iptables are incorporated in the 2.4.x and 2.6.x kernels and normally enabled in the kernel, which then makes this default for all Linux (Hope scorp doesn't slap me on my fingers )
Second if you make a call through any port it will (of course) be open for an answer to your call.
FTP has a problem as it calls on one port and expects the answer on another (not just 20 and 21). If the answer comes on another port than the call it may be seen as illegitimate - but I believe this is solved in iptables
Sorry for the detour.
If you have installed programs that uses the same port as described above and has the same privileges they should communicate (I don't know what happens if one program is run under normal user privileges and the other with sudo, or if it matters at all )
OH - you could edit (if that's the term) iptables, but that's a real pain in... to do
Second if you make a call through any port it will (of course) be open for an answer to your call.
FTP has a problem as it calls on one port and expects the answer on another (not just 20 and 21). If the answer comes on another port than the call it may be seen as illegitimate - but I believe this is solved in iptables
Sorry for the detour.
If you have installed programs that uses the same port as described above and has the same privileges they should communicate (I don't know what happens if one program is run under normal user privileges and the other with sudo, or if it matters at all )
OH - you could edit (if that's the term) iptables, but that's a real pain in... to do
Thanks a lot for your replies guys. I really appreciate it. You are both right, but the answer lied somewhere else. after checking everything I came to the conclusion that my Ubuntu box was keeping the key of the old suse, and since the keys now weren't corresponding, it would deny me the connection. It turn out I was right; I went fishing for the old key and found it in/home/<username>/~shh/known_hosts. So, I went and deleted it. Tried again, and BOOM!!; I'm in.
Please give me the output of these commands (copy & paste):Pumalite wrote:ssh is installed.
Code: Select all
sudo lsof -n -i -P
Code: Select all
sudo netstat -ln
Code: Select all
sudo iptables -L
I will kill you. It's there in the kernel - yes. It's enabled - yes. But unless you define any firewall rules iptables will just sit there and do nothing. It doesn't block anything unless you tell it to do so.Husse wrote: In this case the normally so reliable scorp123 was not reliable - to my knowledge iptables are incorporated in the 2.4.x and 2.6.x kernels and normally enabled in the kernel
I think I just did that ....Husse wrote: (Hope scorp doesn't slap me on my fingers
ah OK .... Hint: In the future always try the console too .... e.g. ssh youruser@remotehost .... Chances are that if there is any such error that you will see it in the console. GUI tools just "don't work" all of a sudden but they usually don't show any error message. Console tools always spit out error messages if something bothers them. So it's always worth trying a console connection too if "fish://" failsPumalite wrote: Tried again, and BOOM!!; I'm in.
Thanks for the reply and the tip. The command 'sudo lsof -n -i -P' is of a rather private nature so I prefer not to divulge, but believe me: shh is there.
pumalite@pumalite-desktop:~$ sudo lsof -n -i -P
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
pumalite@pumalite-desktop:~$ sudo netstat -in
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
pumalite@pumalite-desktop:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
pumalite@pumalite-desktop:~$
Hope it helps.
pumalite@pumalite-desktop:~$ sudo lsof -n -i -P
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
pumalite@pumalite-desktop:~$ sudo netstat -in
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
pumalite@pumalite-desktop:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
pumalite@pumalite-desktop:~$
Hope it helps.
Damned - I clearly remember reading it is set to drop everything from "the outside world" as default - and I may have read that - not everything you read is trueBut unless you define any firewall rules iptables will just sit there and do nothing. It doesn't block anything unless you tell it to do so.
Anyway I use the ALL:ALL command in hosts.deny - but that is not iptables (or? )
Bullsh* .... It should give the same results as netstat -ln (which you were willing to divulge it seems?) ..... The difference being that lsof looks at "open files" (hence the name: list of open files) and by the parameters "-n -i -P" we limit that list to network stuff (everything is a "file" under UNIX-like OS!). netstat on the other hand passes through the network stack, e.g. it talks to the kernel and the TCP/IP stack to get the infos.Pumalite wrote: 'sudo lsof -n -i -P' is of a rather private nature so I prefer not to divulge ....
Under normal conditions both commands should produce a more or less identical list .... but I have seen "interesting" scenarios where the two may all of a sudden produce lists that differ .... and that's where it gets interesting. e.g. lsof won't list stuff that really isn't open (as its name suggests!), regardless of what the TCP/IP stack is saying about this. That's where it gets interesting: When the two commands are not of the same opinion what's open and what's not
What's the point posting this when you cut out the interesting parts??Pumalite wrote: pumalite@pumalite-desktop:~$ sudo lsof -n -i -P
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
I did not ask for that command .... See above. Copy & paste please. Especially if you apparently can't tell the difference between "i" and "l" .... Hint: If I had wanted a "i" I would have put it there myself But I asked for a "l" because that's the precise parameter that's needed. And on UNIX-like OS defining the precise parameter is everythingPumalite wrote: sudo netstat -in
This shows that there is no active firewall rule whatsoever, and hence iptables isn't blocking anything.Pumalite wrote: pumalite@pumalite-desktop:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
pumalite@pumalite-desktop:~$
.
.
.
.
.
Last edited by scorp123 on Sat Jun 30, 2007 7:10 pm, edited 2 times in total.
Nope. That's just a "packet filter" (the difference being that a real "firewall" is supposed to be stateful and to always know who initiated what connection ... a "packet filter" doesn't care about that, it just filters ...) that hooks into a package called tcpwrappers ... It filters connection attempts based on those simple rules (e.g. "sshd: ALL" in /etc/hosts.deny ...) you define, but that's nowhere close to the sophisticated methods a real firewall can provide.Husse wrote: Anyway I use the ALL:ALL command in hosts.deny - but that is not iptables (or? )
But then again a well written "hosts.deny" is all you as end-user need in 99.99% of the cases.
Another thing worth to look at: fail2ban .... Very interesting package. Check it out
OH - you could edit (if that's the term) iptables,
It is easier if you put the commands in an executable file.
Run it after you boot. Sets up iptables the same each time, easy to modify with a text editor.
like:
iptables -F
iptables -t nat -F
iptables -t filter -F INPUT #this clears the 3 chains in the "filter"
iptables -t filter -F FORWARD #table
iptables -t filter -F OUTPUT
#iptables -P FORWARD DROP
iptables -t filter -A INPUT -p udp -i eth0 --dport 2967 -j DROP
iptables -t filter -A INPUT -p tcp -i eth0 --dport 2967 -j DROP #symantec hole 27NOV06
#iptables -t filter -A INPUT -p udp -i eth0 --dport 15169 -j DROP
#iptables -t filter -A INPUT -p tcp -i eth0 --dport 15169 -j DROP
#iptables -t filter -A INPUT -p udp -i eth1 --sport 15161 -j DROP
#iptables -t filter -A INPUT -p tcp -i eth1 --sport 15161 -j DROP
#iptables -t filter -A OUTPUT -p udp -o eth0 --sport 15169 -j DROP
#iptables -t filter -A OUTPUT -p tcp -o eth0 --sport 15169 -j DROP
iptables -t filter -A INPUT -s 86.0.0.0/8 -j DROP # JSC-MOLDTELECOM-SA-jiangsu
#iptables -t filter -A INPUT -s 221.0.0.0/8 -j DROP # CMNET-jiangsu
#iptables -t filter -A INPUT -s 218.0.0.0/8 -j DROP # Korea Telecom
#iptables -t filter -A INPUT -s 59.189.0.0/16 -j DROP # StarHub Cable Vision Ltd Singapore
lines wth "#" are remarked out.
The first 6 lines clear all the tables.
Run it after you boot. Sets up iptables the same each time, easy to modify with a text editor.
like:
iptables -F
iptables -t nat -F
iptables -t filter -F INPUT #this clears the 3 chains in the "filter"
iptables -t filter -F FORWARD #table
iptables -t filter -F OUTPUT
#iptables -P FORWARD DROP
iptables -t filter -A INPUT -p udp -i eth0 --dport 2967 -j DROP
iptables -t filter -A INPUT -p tcp -i eth0 --dport 2967 -j DROP #symantec hole 27NOV06
#iptables -t filter -A INPUT -p udp -i eth0 --dport 15169 -j DROP
#iptables -t filter -A INPUT -p tcp -i eth0 --dport 15169 -j DROP
#iptables -t filter -A INPUT -p udp -i eth1 --sport 15161 -j DROP
#iptables -t filter -A INPUT -p tcp -i eth1 --sport 15161 -j DROP
#iptables -t filter -A OUTPUT -p udp -o eth0 --sport 15169 -j DROP
#iptables -t filter -A OUTPUT -p tcp -o eth0 --sport 15169 -j DROP
iptables -t filter -A INPUT -s 86.0.0.0/8 -j DROP # JSC-MOLDTELECOM-SA-jiangsu
#iptables -t filter -A INPUT -s 221.0.0.0/8 -j DROP # CMNET-jiangsu
#iptables -t filter -A INPUT -s 218.0.0.0/8 -j DROP # Korea Telecom
#iptables -t filter -A INPUT -s 59.189.0.0/16 -j DROP # StarHub Cable Vision Ltd Singapore
lines wth "#" are remarked out.
The first 6 lines clear all the tables.
Re: OH - you could edit (if that's the term) iptables,
Could you please explain those firewall rules in your example to us? I think that would be helpful for forum members who are interested to learn these things and e.g. write their own scripts.baomike wrote: Run it after you boot.
And you should mention that people shouldn't blindly copy & paste that script ...