Port 22 How to open it?

Quick to answer questions about finding your way around Linux Mint as a new user.
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Pumalite
Level 1
Level 1
Posts: 21
Joined: Thu Jun 28, 2007 11:03 pm

Port 22 How to open it?

Post by Pumalite »

Trying to use 'sh' protocol or 'fish' in Konqueror. Need port 22 open. Any help will be much appreciated.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
scorp123
Level 8
Level 8
Posts: 2272
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 »

It would help if you could be more specific :roll:

Why did you install IPTables in the first place when you don't know how to handle it?

Also, are you sure that SSH is running? Doesn't sound like it. :?
Pumalite
Level 1
Level 1
Posts: 21
Joined: Thu Jun 28, 2007 11:03 pm

Post by Pumalite »

You might be right. I'm a newbie. One of the Gurus in this forum told me that iptables came in Mint enabled by default closing all ports. I also know that I used 'fish' in Konqueror with port 22 open from box with Ubuntu in to box with Suse 10.2, where I had to open port 22 in Firestarter. Since then I erased Suse and I installed Mint. When I tried the same from box with Ubuntu, it gave me error. In a word, I need guidance. All I want to do is transfer files. 'fish' in Konqueror, which I think is another expression of ssh, allowed me to do that. So, please help. Do I need to 'install' ssh in Mint?
Pumalite
Level 1
Level 1
Posts: 21
Joined: Thu Jun 28, 2007 11:03 pm

Post by Pumalite »

ssh is installed. I think is a matter of port 22 being closed or the need to grant permission of some kind in Mint. Any ideas.
Pumalite
Level 1
Level 1
Posts: 21
Joined: Thu Jun 28, 2007 11:03 pm

Post by Pumalite »

Sorry, I have Azureus working, so, ports are open. The problem lies apparently somewhere else. Any help with permissions to be open to the home LAN will be much appreciated.
User avatar
900i
Level 6
Level 6
Posts: 1142
Joined: Sat Nov 18, 2006 9:30 am
Location: Wakefield, UK

Post by 900i »

To ssh into your mint box you need to install the ssh package with Synaptic on the mint box you are trying to connect to first, the server part is not installed by default in mint, but I think the client is. I know this because I couldn't ssh into one of my mint boxes without first installing ssh on the box I was trying to get into, and after it was installed it worked.

Correction, The openssh client is installed, it's the openssh server you need to install on the box you are trying to connect to.
Desktop Core i7 Linux Mint 21.1 / Laptop Dell Precision M6400 Linux Mint 21.1
Husse

Post by Husse »

In this case the normally so reliable scorp123 was not reliable - to my knowledge iptables are incorporated in the 2.4.x and 2.6.x kernels and normally enabled in the kernel, which then makes this default for all Linux (Hope scorp doesn't slap me on my fingers :))
Second if you make a call through any port it will (of course) be open for an answer to your call.
FTP has a problem as it calls on one port and expects the answer on another (not just 20 and 21). If the answer comes on another port than the call it may be seen as illegitimate - but I believe this is solved in iptables
Sorry for the detour.
If you have installed programs that uses the same port as described above and has the same privileges they should communicate (I don't know what happens if one program is run under normal user privileges and the other with sudo, or if it matters at all :))

OH - you could edit (if that's the term) iptables, but that's a real pain in... to do
Pumalite
Level 1
Level 1
Posts: 21
Joined: Thu Jun 28, 2007 11:03 pm

Post by Pumalite »

Thanks a lot for your replies guys. I really appreciate it. You are both right, but the answer lied somewhere else. after checking everything I came to the conclusion that my Ubuntu box was keeping the key of the old suse, and since the keys now weren't corresponding, it would deny me the connection. It turn out I was right; I went fishing for the old key and found it in/home/<username>/~shh/known_hosts. So, I went and deleted it. Tried again, and BOOM!!; I'm in.
scorp123
Level 8
Level 8
Posts: 2272
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 »

Pumalite wrote:ssh is installed.
Please give me the output of these commands (copy & paste):

Code: Select all

sudo lsof -n -i -P

Code: Select all

sudo netstat -ln

Code: Select all

sudo iptables -L
scorp123
Level 8
Level 8
Posts: 2272
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 »

Husse wrote: In this case the normally so reliable scorp123 was not reliable - to my knowledge iptables are incorporated in the 2.4.x and 2.6.x kernels and normally enabled in the kernel
I will kill you. :lol: It's there in the kernel - yes. It's enabled - yes. But unless you define any firewall rules iptables will just sit there and do nothing. It doesn't block anything unless you tell it to do so.
Husse wrote: (Hope scorp doesn't slap me on my fingers
I think I just did that .... :lol:
scorp123
Level 8
Level 8
Posts: 2272
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 »

Pumalite wrote: Tried again, and BOOM!!; I'm in.
ah OK .... Hint: In the future always try the console too .... e.g. ssh youruser@remotehost .... Chances are that if there is any such error that you will see it in the console. GUI tools just "don't work" all of a sudden but they usually don't show any error message. Console tools always spit out error messages if something bothers them. So it's always worth trying a console connection too if "fish://" fails 8)
Pumalite
Level 1
Level 1
Posts: 21
Joined: Thu Jun 28, 2007 11:03 pm

Post by Pumalite »

Thanks for the reply and the tip. The command 'sudo lsof -n -i -P' is of a rather private nature so I prefer not to divulge, but believe me: shh is there.

pumalite@pumalite-desktop:~$ sudo lsof -n -i -P
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME

pumalite@pumalite-desktop:~$ sudo netstat -in
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg

pumalite@pumalite-desktop:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
pumalite@pumalite-desktop:~$

Hope it helps.
Husse

Post by Husse »

But unless you define any firewall rules iptables will just sit there and do nothing. It doesn't block anything unless you tell it to do so.
Damned - I clearly remember reading it is set to drop everything from "the outside world" as default - and I may have read that - not everything you read is true :lol:
Anyway I use the ALL:ALL command in hosts.deny - but that is not iptables :lol: (or? :D )
scorp123
Level 8
Level 8
Posts: 2272
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 »

Pumalite wrote: 'sudo lsof -n -i -P' is of a rather private nature so I prefer not to divulge ....
Bullsh* .... :lol: It should give the same results as netstat -ln (which you were willing to divulge it seems?) :lol: ..... The difference being that lsof looks at "open files" (hence the name: list of open files) and by the parameters "-n -i -P" we limit that list to network stuff (everything is a "file" under UNIX-like OS!). netstat on the other hand passes through the network stack, e.g. it talks to the kernel and the TCP/IP stack to get the infos.

Under normal conditions both commands should produce a more or less identical list .... but I have seen "interesting" scenarios where the two may all of a sudden produce lists that differ .... and that's where it gets interesting. e.g. lsof won't list stuff that really isn't open (as its name suggests!), regardless of what the TCP/IP stack is saying about this. That's where it gets interesting: When the two commands are not of the same opinion what's open and what's not :lol:
Pumalite wrote: pumalite@pumalite-desktop:~$ sudo lsof -n -i -P
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
What's the point posting this when you cut out the interesting parts?? :roll:
Pumalite wrote: sudo netstat -in
I did not ask for that command .... :roll: See above. Copy & paste please. Especially if you apparently can't tell the difference between "i" and "l" .... Hint: If I had wanted a "i" I would have put it there myself :wink: But I asked for a "l" because that's the precise parameter that's needed. And on UNIX-like OS defining the precise parameter is everything :wink:
Pumalite wrote: pumalite@pumalite-desktop:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
pumalite@pumalite-desktop:~$
This shows that there is no active firewall rule whatsoever, and hence iptables isn't blocking anything.
.
.
.
.
.
Last edited by scorp123 on Sat Jun 30, 2007 7:10 pm, edited 2 times in total.
scorp123
Level 8
Level 8
Posts: 2272
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 »

Husse wrote: Anyway I use the ALL:ALL command in hosts.deny - but that is not iptables :lol: (or? :D )
Nope. That's just a "packet filter" (the difference being that a real "firewall" is supposed to be stateful and to always know who initiated what connection ... a "packet filter" doesn't care about that, it just filters ...) that hooks into a package called tcpwrappers ... It filters connection attempts based on those simple rules (e.g. "sshd: ALL" in /etc/hosts.deny ...) you define, but that's nowhere close to the sophisticated methods a real firewall can provide.

But then again a well written "hosts.deny" is all you as end-user need in 99.99% of the cases.

Another thing worth to look at: fail2ban .... Very interesting package. Check it out :wink:
Pumalite
Level 1
Level 1
Posts: 21
Joined: Thu Jun 28, 2007 11:03 pm

Post by Pumalite »

Sorry for the mistake. I just didn't want to publish my IP and all the channels that I had open or from where. But, it was all open.
scorp123
Level 8
Level 8
Posts: 2272
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 »

Pumalite wrote:I just didn't want to publish my IP
Chances are that you are using a private range (RFC 1918) IP address anyway (e.g. 192.168.1.* or 172.16.*.* or 10.*.*.* ...?) because you are most likely behind a router? :wink:

Glad to hear that everything is working for you. 8)
Pumalite
Level 1
Level 1
Posts: 21
Joined: Thu Jun 28, 2007 11:03 pm

Post by Pumalite »

Thank you. You are right. I'm behind a router. Everything is working great with LinuxMint BTW. Together with Ubuntu ( no surprise there ) are the most satisfying distros that I have found. Mint is a keeper.
baomike
Level 1
Level 1
Posts: 40
Joined: Sat Jun 16, 2007 4:55 pm

OH - you could edit (if that's the term) iptables,

Post by baomike »

It is easier if you put the commands in an executable file.
Run it after you boot. Sets up iptables the same each time, easy to modify with a text editor.

like:
iptables -F
iptables -t nat -F
iptables -t filter -F INPUT #this clears the 3 chains in the "filter"
iptables -t filter -F FORWARD #table
iptables -t filter -F OUTPUT
#iptables -P FORWARD DROP

iptables -t filter -A INPUT -p udp -i eth0 --dport 2967 -j DROP
iptables -t filter -A INPUT -p tcp -i eth0 --dport 2967 -j DROP #symantec hole 27NOV06
#iptables -t filter -A INPUT -p udp -i eth0 --dport 15169 -j DROP
#iptables -t filter -A INPUT -p tcp -i eth0 --dport 15169 -j DROP
#iptables -t filter -A INPUT -p udp -i eth1 --sport 15161 -j DROP
#iptables -t filter -A INPUT -p tcp -i eth1 --sport 15161 -j DROP
#iptables -t filter -A OUTPUT -p udp -o eth0 --sport 15169 -j DROP
#iptables -t filter -A OUTPUT -p tcp -o eth0 --sport 15169 -j DROP
iptables -t filter -A INPUT -s 86.0.0.0/8 -j DROP # JSC-MOLDTELECOM-SA-jiangsu
#iptables -t filter -A INPUT -s 221.0.0.0/8 -j DROP # CMNET-jiangsu
#iptables -t filter -A INPUT -s 218.0.0.0/8 -j DROP # Korea Telecom
#iptables -t filter -A INPUT -s 59.189.0.0/16 -j DROP # StarHub Cable Vision Ltd Singapore


lines wth "#" are remarked out.
The first 6 lines clear all the tables.
scorp123
Level 8
Level 8
Posts: 2272
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Re: OH - you could edit (if that's the term) iptables,

Post by scorp123 »

baomike wrote: Run it after you boot.
Could you please explain those firewall rules in your example to us? I think that would be helpful for forum members who are interested to learn these things and e.g. write their own scripts.

And you should mention that people shouldn't blindly copy & paste that script ... :wink:
Locked

Return to “Beginner Questions”