FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 05-20-2012, 03:08 AM
Paul Allen Newell
 
Default ssh between F16 Xfce and Cygwin

Hello:

Prior to 26apr12, I was able to run ssh/scp between my 2 F16 Xfce boxes,
a F14 Gnome box, and Cygwin running on an XP box.


Today I was converting the F14 to F16 Xfce and noticed that I could no
longer ssh into the Cygwin XP box. I checked the other two F16 boxes and
they couldn't either. Those two machines have not been yum updated since
I was last able to ssh/scp.


I ran another check and discovered that, from Cygwin, I could ssh into
all three of the Linux boxes (now all F16).


Pings between all machines work (static IPs). The error I am getting is
port 22: Connection refused.


The iptables on the converted machine is the factory default.

The only thing that I know happened was there were a whole bunch of
Windows updates that affected XP after Win7 sp1 was released. However, I
checked all the hosts/IP settings and nothing has changed.


I looked in /var/log/messages and didn't see anything ... am willing to
bet I've forgotten where to look.


Since the problem "appears" to be on the F16 side, I wanted to ask this
list if anyone has any suggestions.


Thanks in advance,
Paul
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-20-2012, 03:28 AM
Joe Zeff
 
Default ssh between F16 Xfce and Cygwin

On 05/19/2012 08:08 PM, Paul Allen Newell wrote:

Since the problem "appears" to be on the F16 side, I wanted to ask this
list if anyone has any suggestions.


If you can ssh from any one of the F16 boxes to any other, the issue is
on the Cygwin box.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-20-2012, 04:02 AM
Paul Allen Newell
 
Default ssh between F16 Xfce and Cygwin

On 5/19/2012 8:28 PM, Joe Zeff wrote:

On 05/19/2012 08:08 PM, Paul Allen Newell wrote:

Since the problem "appears" to be on the F16 side, I wanted to ask this
list if anyone has any suggestions.


If you can ssh from any one of the F16 boxes to any other, the issue
is on the Cygwin box.


Joe:

Thanks. Before I post to them, am I correct in believing that I should
see the error in my F16 boxes /var/log/messages? My memory is that I
have to put a log action in but am not close enough on my install to
test that.


Paul
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-20-2012, 04:29 AM
Ed Greshko
 
Default ssh between F16 Xfce and Cygwin

On 05/20/2012 11:08 AM, Paul Allen Newell wrote:
> Prior to 26apr12, I was able to run ssh/scp between my 2 F16 Xfce boxes, a F14
> Gnome box, and Cygwin running on an XP box.
>
> Today I was converting the F14 to F16 Xfce and noticed that I could no longer ssh
> into the Cygwin XP box. I checked the other two F16 boxes and they couldn't either.
> Those two machines have not been yum updated since I was last able to ssh/scp.
>
> I ran another check and discovered that, from Cygwin, I could ssh into all three of
> the Linux boxes (now all F16).
>
> Pings between all machines work (static IPs). The error I am getting is port 22:
> Connection refused.
>
> The iptables on the converted machine is the factory default.
>
> The only thing that I know happened was there were a whole bunch of Windows updates
> that affected XP after Win7 sp1 was released. However, I checked all the hosts/IP
> settings and nothing has changed.
>
> I looked in /var/log/messages and didn't see anything ... am willing to bet I've
> forgotten where to look.
>
> Since the problem "appears" to be on the F16 side, I wanted to ask this list if
> anyone has any suggestions.

To sum things up....

Cygwin ----> via ssh to 3 X F16 systems All OK.

3 X F16 systems ----> Cygwin via ssh All Fail.

Yes?

On an F16 system....

telnet cygwin 22 results in "Connection refused"

Yes?

If that is correct, then the problem lies on your cygwin box. Remember, firewall
settings (especially defaults) are normally used to restrict inbound connections, not
outbound.

--
Never be afraid to laugh at yourself, after all, you could be missing out on the joke
of the century. -- Dame Edna Everage
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-20-2012, 04:38 AM
Paul Allen Newell
 
Default ssh between F16 Xfce and Cygwin

On 5/19/2012 9:29 PM, Ed Greshko wrote:

To sum things up....

Cygwin ----> via ssh to 3 X F16 systems All OK.

3 X F16 systems ----> Cygwin via ssh All Fail.

Yes?

On an F16 system....

telnet cygwin 22 results in "Connection refused"

Yes?

If that is correct, then the problem lies on your cygwin box. Remember, firewall
settings (especially defaults) are normally used to restrict inbound connections, not
outbound.



Ed:

Thanks for the reply.

First section yes.

On the telnet cygwin 22, I am getting Connection refused. And I just
verified again that a ping works.


As I mentioned to Joe, I need to get far enough along on my F16 install
to get some logs so I can catch the error in /var/log/messages (assuming
my memory is correct and that iptables logs will give me the necessary
in /var/log/messages.


My gut is that Cygwin will probably tell me to update all my software ...

Paul
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-20-2012, 05:42 AM
Ed Greshko
 
Default ssh between F16 Xfce and Cygwin

On 05/20/2012 12:38 PM, Paul Allen Newell wrote:
> On the telnet cygwin 22, I am getting Connection refused. And I just verified again
> that a ping works.

The "telnet" operation is at the application layer. Connection refused is telling
you that the "sshd" equivalent on the cygwin system isn't running. If it were a
firewall issue on the cygwin side you'd either get "no route to host" indication or
the telnet operation would appear to hang.... The difference would be in how the
port was being blocked/filtered on the cygwin side.

The "ping" operation is at the network layer and uses ICMP packets. This is a
general statement for outside of your network...but I just want to mention that many
times ping will *not* work but the service will since quite a few ISPs and systems
block ICMP packets these days..

--
Never be afraid to laugh at yourself, after all, you could be missing out on the joke
of the century. -- Dame Edna Everage
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-20-2012, 09:54 AM
Gordon Messmer
 
Default ssh between F16 Xfce and Cygwin

On 05/19/2012 08:08 PM, Paul Allen Newell wrote:

The iptables on the converted machine is the factory default.


The problem is almost certainly not iptables. Unless you've
intentionally added some kind of egress filtering, none will be present.


I looked in /var/log/messages and didn't see anything ... am willing
to bet I've forgotten where to look.


You won't find any useful information in the messages log. The problem
is either that sshd is no longer running on XP, or the windows firewall
is blocking it. Disable your Windows firewall temporarily and see if
the problem is resolved. If not, restart the Cygwin sshd service and
check the Windows Event Viewer for errors.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-20-2012, 03:00 PM
Ed Greshko
 
Default ssh between F16 Xfce and Cygwin

On 05/20/2012 12:38 PM, Paul Allen Newell wrote:
> Thanks for the reply.
>
> First section yes.
>
> On the telnet cygwin 22, I am getting Connection refused. And I just verified again
> that a ping works.
>
> As I mentioned to Joe, I need to get far enough along on my F16 install to get some
> logs so I can catch the error in /var/log/messages (assuming my memory is correct
> and that iptables logs will give me the necessary in /var/log/messages.
>
> My gut is that Cygwin will probably tell me to update all my software ...

It also should be a very simple matter to prove to yourself that the cygwin system is
at fault.

Just go to your cygwin system, open a window on that system, and ssh to itself. This
eliminates the network and since you are going from a system to itself...eliminates
anything other than itself.

--
Never be afraid to laugh at yourself, after all, you could be missing out on the joke
of the century. -- Dame Edna Everage
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-20-2012, 03:50 PM
Tim
 
Default ssh between F16 Xfce and Cygwin

On Sun, 2012-05-20 at 02:54 -0700, Gordon Messmer wrote:
> Disable your Windows firewall temporarily

Ye gads!

This is the worst OS in the world to do that to. Dropping Windows pants
for a second is enough for it to get rogered by marauding bastards on
the net.

I've seen a friend's PC get rooted within about four seconds of
connecting to his ISP. He had to reformat to remove it, the anti-virus
software wouldn't let him change the files that it let the miscreant
abuse. And he got done, again, when he reconnected after the
re-install. I nearly wet myself laughing when he did it three times in
a row.

*FIRST* examine the Windows firewall, see if you can understand it, see
if you can see if it's going to block the port you're trying to use, see
if you can reprogram it to let that port through.

*THEN* if you have to disable a firewall, isolate that computer from
dangerous environments (big LANs, ISPs), before doing so.

Before anybody ever says "temporarily disable your firewall," they
should first say the other things I've mentioned in the prior two
paragraphs. It's bad advice, particularly without warnings.

--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-20-2012, 04:25 PM
Dave Ihnat
 
Default ssh between F16 Xfce and Cygwin

On Mon, May 21, 2012 at 01:20:32AM +0930, Tim wrote:
> This is the worst OS in the world to do that to. Dropping Windows pants
> for a second is enough for it to get rogered by marauding bastards on
> the net.

That's true...except it shouldn't really matter. Because nobody should
run a Windows box connected to the Internet except through some sort of
firewall appliance anyway. A good one. (The ones built into most cable &
DSL modems are marginal at best.)

That said, if it's Windows XP don't bother turning on the firewall.
Windows 7 (I won't use the 'V' word) actually has a much more capable
firewall--but I still never recommend just counting on that to protect a
site. Software firewalls are still software; they're running on a complex
OS that can, itself, have vulnerabilities, installed software that can
compromise firewall security, etc.

"Wait a minute", I hear someone say. "What about Linux with IPTABLES?
Isn't that secure?" The answer is yes, no, and maybe. Yes, Linux--with
its Unix heritage--tends to be inherently more secure than Windows,
since security, user privilege restrictions, etc. have been designed
into the system since its inception. No, because if you're trying
to run an IPTABLES firewall on a general-purpose Linux server,
while it may be better than Windows, it's still subject to the whole
complexity/modification/installed software modification issue. And maybe,
because you can create a stripped Linux firewall configuration that
mitigates those issues.

So why, you ask, are firewall appliances any better? The simple answer is
that if they're good, they've a stripped, minimal environment dedicated to
running and managing the firewall, and only that (perhaps with VPN
functionality.) They run from firmware that should be locked to
modification. And finally, if you're runinng them in conjunction with the
software firewall, you've got defense in depth; any penetration has to
attack and defeat both the firmware firewall AND the software firewall,
with separate attack vectors. Hopefully, you've got logging going on with
both firewalls, and some log scanners looking for attacks.

This shouldn't be a big problem--first, check that the CygWin sshd is
actually running. Make sure it's on the port you're forwarding (you DID
move it to a different port than the default, right? RIGHT?)

Then, as someone else mentioned, try connecting to it from a CygWin
termninal session on the same machine. If that doesn't work, it's not
going to work from outside the machine.

Finally, after that works, try a connection from within the same network.
Look at the Event Logs.

Cheers,
--
Dave Ihnat
dihnat@dminet.com
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 06:44 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org