FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 10-23-2011, 12:10 PM
suvayu ali
 
Default Unable to ssh nodes with global IP

On Sun, Oct 23, 2011 at 13:18, Reindl Harald <h.reindl@thelounge.net> wrote:
>
>
> Am 23.10.2011 13:09, schrieb suvayu ali:
>
> On Sun, Oct 23, 2011 at 13:04, Reindl Harald <h.reindl@thelounge.net> wrote:
>
>> Am 23.10.2011 12:58, schrieb suvayu ali:
>>
>>> I am no expert, I just said what worked for me in the past. I ssh into
>>> many systems everyday so changing to non-standard ports is
>>> inconvenient
>> where is there any single problem if you can read manuals?
>> you have to specify the port only once per client and after
>> that rsync, ssh, scp and sftp even in konqueror is using this
>> port
>> Please read carefully. I ssh to *multiple* machines. The list of
>> clients is hundreds, also I don't have the complete list.
>
> well i maintain 40 machines, all with non-standard-port and connecting
> multiple hundret times to omst of them each day
>
> /home/username/.ssh/id_rsa is needed on all clients or do you really
> allow password-login on standard-port and type the password all day long?
> so there is supported a file called "config" in the same folder
>

I know about ~/.ssh/config and I use it. Logging in to the remote nodes
is not the issue in my case. I use kerberos to authenticate anyway. The
issue is when I want to access my machine from those remote nodes, I
have to copy the section relevant to my machine to the remote nodes.

I use other ways to deal with securing my system like configuring ssh to
reject hosts with more than one failed attempts, denyhosts and of course
a firewall.

>> I mostly have to login to a distributed computing resource where the
>> physical node you is selected dynamically based on availability and
>> load. So I don't have the complete list of IPs.
>
> ip-addresses are not interesting here
>
> failovers are working dns-based, so your hostname is the same
> the ssh-client config is hostname-based
>

I know that and I use them when appropriate.

--
Suvayu

Open source is the future. It sets us free.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-23-2011, 12:24 PM
Reindl Harald
 
Default Unable to ssh nodes with global IP

Am 23.10.2011 14:10, schrieb suvayu ali:

> I know about ~/.ssh/config and I use it. Logging in to the remote nodes
> is not the issue in my case. I use kerberos to authenticate anyway. The
> issue is when I want to access my machine from those remote nodes, I
> have to copy the section relevant to my machine to the remote nodes.

if you have to maintain many hosts you should invest an hour
for a infrastructure and after that it does not matter if you
have 10, 100 or thousands of hosts where you need the same
file distributed

sorry, but you can tell me what you want - there is no single problem
maintaining thousands of machines with ssh on non-stadnard-port

and if the ISP of the OP is blocking incoming port 22 he has
no other solution - so what baout are we speaking here?

your "nc" will not work for him and your problem maintaining
multiple machines does not affect the whole world because
most does not have so many hosts and the others are knowing
about shell-scripts
_______________________________


[root@buildserver:~]$ cat /Volumes/dune/buildserver/server-list.txt
#!/bin/bash
RH_TARGET_SERVERS=()
RH_TARGET_SERVERS[1]="host1"
RH_TARGET_SERVERS[2]="host2"
RH_TARGET_SERVERS[3]="host3"
RH_TARGET_SERVERS[4]="host4"
RH_TARGET_SERVERS[5]="host5"
RH_TARGET_SERVERS[6]="host6"

[root@buildserver:~]$ cat /Volumes/dune/buildserver/distribute-file.sh
#!/bin/bash
source /Volumes/dune/buildserver/server-list.txt
function rh_push_file
{
echo $1
RSYNC_PARAMS='--ipv4 --compress --times --progress --force --links --perms --owner --group'
/bin/nice /usr/bin/rsync $RSYNC_PARAMS --rsync-path='nice -n 19 rsync' "$2" "root@$1:$2"
echo ""
}
if [ "$2" == "" ]
then
echo "" > /dev/null
else
echo "Bitte Parameter in Quotes setzen"
exit
fi
for item in ${RH_TARGET_SERVERS[*]}
do
rh_push_file $item "$1"
done

[root@buildserver:~]$ cat /Volumes/dune/buildserver/distribute-command.sh
#!/bin/bash
source /Volumes/dune/buildserver/server-list.txt
function rh_run_command
{
echo $1
ssh root@$1 "$2"
echo ""
}
if [ "$2" == "" ]
then
echo "" > /dev/null
else
echo "Bitte Parameter in Quotes setzen"
exit
fi
echo ""
for item in ${RH_TARGET_SERVERS[*]}
do
rh_run_command $item "$1"
done

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-23-2011, 12:57 PM
suvayu ali
 
Default Unable to ssh nodes with global IP

On Sun, Oct 23, 2011 at 14:24, Reindl Harald <h.reindl@thelounge.net> wrote:
>
> and if the ISP of the OP is blocking incoming port 22 he has
> no other solution - so what baout are we speaking here?
>

That was my intention of checking with nc, whether port 22 is indeed
being blocked if not whether it is being properly forwarded by the
router to the OP's new server.

In any case the OP is yet to respond. As long as his problem is solved
doesn't really matter.

> _______________________________
>
>
> [root@buildserver:~]$ cat /Volumes/dune/buildserver/server-list.txt
> #!/bin/bash
> RH_TARGET_SERVERS=()
> RH_TARGET_SERVERS[1]="host1"
> RH_TARGET_SERVERS[2]="host2"
> RH_TARGET_SERVERS[3]="host3"
> RH_TARGET_SERVERS[4]="host4"
> RH_TARGET_SERVERS[5]="host5"
> RH_TARGET_SERVERS[6]="host6"
>
> [root@buildserver:~]$ cat /Volumes/dune/buildserver/distribute-file.sh
> #!/bin/bash
> source /Volumes/dune/buildserver/server-list.txt
> function rh_push_file
> {
> *echo $1
> *RSYNC_PARAMS='--ipv4 --compress --times --progress --force --links --perms --owner --group'
> */bin/nice /usr/bin/rsync $RSYNC_PARAMS --rsync-path='nice -n 19 rsync' "$2" "root@$1:$2"
> *echo ""
> }
> if [ "$2" == "" ]
> then
> *echo "" > /dev/null
> else
> *echo "Bitte Parameter in Quotes setzen"
> *exit
> fi
> for item in ${RH_TARGET_SERVERS[*]}
> do
> *rh_push_file $item "$1"
> done
>
> [root@buildserver:~]$ cat /Volumes/dune/buildserver/distribute-command.sh
> #!/bin/bash
> source /Volumes/dune/buildserver/server-list.txt
> function rh_run_command
> {
> *echo $1
> *ssh root@$1 "$2"
> *echo ""
> }
> if [ "$2" == "" ]
> then
> *echo "" > /dev/null
> else
> *echo "Bitte Parameter in Quotes setzen"
> *exit
> fi
> echo ""
> for item in ${RH_TARGET_SERVERS[*]}
> do
> *rh_run_command $item "$1"
> done
>

Thanks for these scripts. Maybe these will come in handy someday.

--
Suvayu

Open source is the future. It sets us free.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-23-2011, 03:30 PM
Rick Sewill
 
Default Unable to ssh nodes with global IP

On Sunday, October 23, 2011 05:14:01 AM Harish Pillay wrote:
> > On 10/23/2011 05:09 PM, Abu Attar Musharih wrote:
> >> The customer service said that ssh is not allowed. So, what to do
> >> then? I badly need a server with global IP for experimenting grid
>
> You can do the following:
> a) edit /etc/ssh/sshd_config and change the default port 22 to a
> higher port say 10022. Actually anything above 1024 would
> be sufficient.
> b) restart your sshd daemon
> c) from your client, say if you are running on the command line,
> you can do the following: ssh -p 10022 hostname
> replacing the 10022 with whatever you've changed your sshd
> to.
> d) do ensure that on your server you open up the port you want
> sshd to accept connections. you can do that from the
> command line via system-config-firewall.
>
> hth.
>
> harish

Question to the OP please. Are you also behind your own router?
Does it run NAT? If yes, is it configured to forward an ssh connection,
from the Internet, to your local host?

When you switch your ssh server (etc/ssh/sshd_config) to use a non-standard
port, and if you are behind a router that is doing NAT,
you will need to configure the router to forward the connection to your host.

If you are behind a router, owned by the ISP, that is using NAT,
our suggestions probably won't work...we need to know your network topology.

How can one tell if one is behind a router that uses NAT?
What is your local host's IP address?
If your host's IP address is in the range, listed by rfc 1918,
http://www.rfc-editor.org/rfc/rfc1918.txt
192.168.0.0 - 192.168.255.255, 172.16.0.0 - 172.31.255.255,
or 10.0.0.0 - 10.255.255.255, you are behind a router running NAT.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-23-2011, 06:04 PM
Joe Zeff
 
Default Unable to ssh nodes with global IP

On 10/23/2011 02:09 AM, Abu Attar Musharih wrote:
> The customer service said that ssh is not allowed. So, what to do
> then? I badly need a server with global IP for experimenting grid
> computing.

Configure ssh to use a non-standard port such as 6002.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-23-2011, 08:24 PM
"Mikkel L. Ellertson"
 
Default Unable to ssh nodes with global IP

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/23/2011 01:04 PM, Joe Zeff wrote:
> On 10/23/2011 02:09 AM, Abu Attar Musharih wrote:
>> The customer service said that ssh is not allowed. So, what to do
>> then? I badly need a server with global IP for experimenting grid
>> computing.
>
> Configure ssh to use a non-standard port such as 6002.

If you are using your own router, configure it to forward an
incoming non-standard port to port 25 on your server. But if you are
using a router with NAT, you problem might be that you did not
configure the router to forward incoming port 25 connections to the
proper local IP address.

Mikkel
- --

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk6keAoACgkQqbQrVW3JyMT11QCfX7pkOFFfwM wjZra0id3ljwIi
vwsAnROPY/zJVxeskhq2Yp/1oxv2aPcG
=WEdg
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-23-2011, 08:37 PM
Joe Zeff
 
Default Unable to ssh nodes with global IP

On 10/23/2011 01:24 PM, Mikkel L. Ellertson wrote:
> If you are using your own router, configure it to forward an
> incoming non-standard port to port 25 on your server. But if you are
> using a router with NAT, you problem might be that you did not
> configure the router to forward incoming port 25 connections to the
> proper local IP address.

I think you mean Port 22. Port 25 is SMTP.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-23-2011, 08:41 PM
"Mikkel L. Ellertson"
 
Default Unable to ssh nodes with global IP

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/23/2011 03:37 PM, Joe Zeff wrote:
> On 10/23/2011 01:24 PM, Mikkel L. Ellertson wrote:
>> If you are using your own router, configure it to forward an
>> incoming non-standard port to port 25 on your server. But if you are
>> using a router with NAT, you problem might be that you did not
>> configure the router to forward incoming port 25 connections to the
>> proper local IP address.
>
> I think you mean Port 22. Port 25 is SMTP.

Yes. My goof. Thank you for correcting me.

Mikkel
- --

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk6ke98ACgkQqbQrVW3JyMS6ngCfSIRR1N55op IQ8WLK1tTsdHix
OWIAn1vjp7QNIafILlFdcNIlvZS5kKxO
=6lJo
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-24-2011, 01:18 AM
Ed Greshko
 
Default Unable to ssh nodes with global IP

On 10/24/2011 02:04 AM, Joe Zeff wrote:
> On 10/23/2011 02:09 AM, Abu Attar Musharih wrote:
>> The customer service said that ssh is not allowed. So, what to do
>> then? I badly need a server with global IP for experimenting grid
>> computing.
> Configure ssh to use a non-standard port such as 6002.

FWIW.... If an ISP has gone through the trouble of blocking ports of
well known services chances are they have also blocked incoming SYN
packets on higher ports as well.

Thus my suggestion to use a port of a well known service that is allowed.




--
Even if you do learn to speak correct English, whom are you going to
speak it to? -- Clarence Darrow
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-24-2011, 01:48 AM
Abu Attar Musharih
 
Default Unable to ssh nodes with global IP

On Sun, Oct 23, 2011 at 7:09 PM, suvayu ali <fatkasuvayu+linux@gmail.com> wrote:
> Hi Abu Attar,
>
> On Sun, Oct 23, 2011 at 11:09, Abu Attar Musharih
> <abuattar.musharih@gmail.com> wrote:
>> The customer service said that *ssh is not allowed. So, what to do
>> then? I badly need a server with global IP for experimenting grid
>> computing.
>
> To be absolutely sure you can try the following.

I was trying to quickly respond all the answers last night.
Unfortunately, the internet speed of this broadband connection was
very slow from home (due to large distance of its BTS, base
transceiver station).
But here, I can do experiment as follows:

> 1. confirm your global ip (e.g. here: http://checkip.dyndns.com)

Current IP Address: 120.166.xx.xxx
(successful).

This is just similar to the info from > ifconfig

ppp0 Link encap:Point-to-Point Protocol
inet addr:120.166.xx.xxx P-t-P:10.64.64.64 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:2797 errors:0 dropped:0 overruns:0 frame:0
TX packets:2947 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:939701 (917.6 KiB) TX bytes:409709 (400.1 KiB)

> 2. check sshd is running at your end and is using port 22. you can try
> * ssh-ing to another local user to check easily.

[root@localhost tasrief]# /etc/init.d/sshd status
openssh-daemon (pid 1302) is running...
[root@localhost tasrief]#


> 3. nc -z <global.ip> 22 (from a machine outside your local network)

Connection to 120.166.xx.xxx 22 port [tcp/ssh] succeeded!

> 4. if this last step shows you that connection is not happening, you
> * can try looking at your router settings. there should be a way to
> * port forward your ssh connections to port 22 of the machine you want
> * to use as a server.

The problem is, ssh does not work from another online laptop to to this machine.
Neither does ping.

Regards,
AA
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 12:18 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org