[Solved] Configure ssh and Unison; ssh not working

The place to post if you need help or advice

Moderators: ChrisThornett, LXF moderators

Postby nelz » Sun Apr 07, 2013 9:47 pm

A refused connection is a classic sign of sshd not running, and it doesn't appear in the ps output either. Is the ssh-server package even installed on the tower? if you get nothing from
Code: Select all
sudo which sshd

you need to install it. Otherwise, you need to make sure the service is set to start as boot, using whatever method is appropriate for your distro.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8548
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Postby dpeirce » Sun Apr 07, 2013 9:51 pm

I checked in Synaptic, and only the openssh client was installed on the tower. I've installed the openssh server.

Now ssh tower works from my laptop, and I got a bash window for the tower on my laptop, and ls'ed some directories on the tower from the laptop.

Also, both the openssh client and server are already installed on the laptop. So, the port 22 problem is fixed! :) :) :)

however, $dig laptop from the tower (or from the laptop) still shows funky ip numbers in the Answer section:

Code: Select all
dave@tower-host-mepis:~$ dig laptop

; <<>> DiG 9.7.3 <<>> laptop
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11358
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;laptop.                                IN      A

;; ANSWER SECTION:
laptop.                 10      IN      A       66.152.109.23
laptop.                 10      IN      A       69.16.143.23
laptop.                 10      IN      A       184.106.31.177

;; Query time: 3 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Sun Apr  7 16:47:09 2013
;; MSG SIZE  rcvd: 90

dave@tower-host-mepis:~$

Is there a fix for that?

In faith, Dave
Viva Texas
dpeirce
 
Posts: 31
Joined: Tue Sep 12, 2006 11:26 pm
Location: Central Texas

Postby dpeirce » Mon Apr 08, 2013 3:24 am

Or, are the strange numbers even a problem? I mention them because they don't agree with anything output by ifconfig on the laptop and I don't know where they come from. However, using dig or ifcopnfig on the tower outputs the simple ip number for the tower.

In faith, Dave
Viva Texas
dpeirce
 
Posts: 31
Joined: Tue Sep 12, 2006 11:26 pm
Location: Central Texas

Postby dpeirce » Wed Apr 10, 2013 2:50 pm

I do appreciate the help straightening out my router and network. Thank you.

In faith, Dave
Viva Texas

Generation of random numbers is too important to be left to chance.
dpeirce
 
Posts: 31
Joined: Tue Sep 12, 2006 11:26 pm
Location: Central Texas

Postby Dutch_Master » Wed Apr 10, 2013 4:57 pm

These random numbers are actually IP addresses too. You can do a whois query on them and the first (66.152.109.23) gives that it's part of the Tech Valley Communications IP range. I suspect this to be the DNS addresses of your ISP?

Code: Select all
~ whois 66.152.109.23

# Query terms are ambiguous.  The query is assumed to be:
#     "n 66.152.109.23"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=66.152.109.23?showDetails=true&showARIN=false&ext=netref2
#

Tech Valley Communications TVC-BLK-3 (NET-66-152-96-0-1) 66.152.96.0 - 66.152.111.255
Search Guide, Inc 66-152-109-0-25 (NET-66-152-109-0-1) 66.152.109.0 - 66.152.109.127


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
Dutch_Master
LXF regular
 
Posts: 2459
Joined: Tue Mar 27, 2007 1:49 am

Postby dpeirce » Thu Apr 11, 2013 3:22 am

Hi, and thanks for the info. I did whois on the other two strange IP numbers. I got responses for Highwinds Network Group, Inc. in Phoenix, Arizona and for Rackspace Hosting in San Antonio, Texas. And from yours I got Tech Valley Communications of no address.

This is getting spooky!

My ISP is Century Tel, Inc. I don't know anything at all about Tech Valley, Highwinds Network Group, or Rackspace Hosting. I keep wondering how they got into my computer.

I didn't know about whois; are there other commands which will tell me more about these people? Alternatively, I wonder if there's some way to block those IP numbers and see what happens?

Here is the full output of whois:

Code: Select all
$ whois 66.152.109.23
Tech Valley Communications TVC-BLK-3 (NET-66-152-96-0-1) 66.152.96.0 - 66.152.111.255
Search Guide, Inc 66-152-109-0-25 (NET-66-152-109-0-1) 66.152.109.0 - 66.152.109.127


$ whois 69.16.143.23
NetRange:       69.16.128.0 - 69.16.191.255
CIDR:           69.16.128.0/18
OriginAS:
NetName:        HIGHWINDS1
NetHandle:      NET-69-16-128-0-1
Parent:         NET-69-0-0-0-0
NetType:        Direct Allocation
RegDate:        2004-02-19
Updated:        2012-02-24
Ref:            http://whois.arin.net/rest/net/NET-69-16-128-0-1

OrgName:        Highwinds Network Group, Inc.
OrgId:          HNG-3
Address:        3300 N Central Ave
Address:        Ste 200
City:           Phoenix
StateProv:      AZ
PostalCode:     85012
Country:        US
RegDate:        2006-12-21
Updated:        2013-02-28
Ref:            http://whois.arin.net/rest/org/HNG-3

OrgTechHandle: HIA3-ARIN
OrgTechName:   Highwinds IP Administrator
OrgTechPhone:  +1-602-515-0960
OrgTechEmail:  ip-request@hwng.net
OrgTechRef:    http://whois.arin.net/rest/poc/HIA3-ARIN

OrgNOCHandle: HNOC5-ARIN
OrgNOCName:   Highwinds Network Operations Center
OrgNOCPhone:  +1-602-515-0960
OrgNOCEmail:  noc@hwng.net
OrgNOCRef:    http://whois.arin.net/rest/poc/HNOC5-ARIN

OrgAbuseHandle: HAR8-ARIN
OrgAbuseName:   Highwinds Abuse Response
OrgAbusePhone:  +1-602-515-0960
OrgAbuseEmail:  abuse@hwng.net
OrgAbuseRef:    http://whois.arin.net/rest/poc/HAR8-ARIN

#

dave@laptop-mepis-host:~$


$ whois 184.106.31.177
NetRange:       184.106.0.0 - 184.106.255.255
CIDR:           184.106.0.0/16
OriginAS:
NetName:        RACKS-8-NET-4
NetHandle:      NET-184-106-0-0-1
Parent:         NET-184-0-0-0-0
NetType:        Direct Allocation
RegDate:        2010-05-21
Updated:        2012-02-24
Ref:            http://whois.arin.net/rest/net/NET-184-106-0-0-1

OrgName:        Rackspace Hosting
OrgId:          RACKS-8
Address:        5000 Walzem Road
City:           San Antonio
StateProv:      TX
PostalCode:     78218
Country:        US
RegDate:        2010-03-29
Updated:        2011-11-30
Ref:            http://whois.arin.net/rest/org/RACKS-8

OrgTechHandle: IPADM17-ARIN
OrgTechName:   IPADMIN
OrgTechPhone:  +1-210-892-4000
OrgTechEmail:  hostmaster@rackspace.com
OrgTechRef:    http://whois.arin.net/rest/poc/IPADM17-ARIN

OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName:   Abuse Desk
OrgAbusePhone:  +1-210-892-4000
OrgAbuseEmail:  abuse@rackspace.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE45-ARIN

RTechHandle: IPADM17-ARIN
RTechName:   IPADMIN
RTechPhone:  +1-210-892-4000
RTechEmail:  hostmaster@rackspace.com
RTechRef:    http://whois.arin.net/rest/poc/IPADM17-ARIN

RAbuseHandle: ABUSE45-ARIN
RAbuseName:   Abuse Desk
RAbusePhone:  +1-210-892-4000
RAbuseEmail:  abuse@rackspace.com
RAbuseRef:    http://whois.arin.net/rest/poc/ABUSE45-ARIN

#

dave@laptop-mepis-host:~$


Maybe I've read too many internet horror stories, but this is kind of frightening. Or it might be nothing at all. I hope you can help me find out which.

In faith, Dave
Viva Texas
dpeirce
 
Posts: 31
Joined: Tue Sep 12, 2006 11:26 pm
Location: Central Texas

Postby Dutch_Master » Thu Apr 11, 2013 10:37 am

Well, if they're not related to your ISP, you could do without them I suppose. Question is, where do these entries come from? They must be mentioned in a config file of some sort, so use the locate command (and the IP address as your search string) to find which file. Rename the suspect file, to see if anything breaks. If it does, edit it so the IP address is taken out and rename the file back, if everything continues as planned, remove it completely, preferably with the application that installed it.

There's a list of bash commands here: http://www.ss64.com/bash/
Dutch_Master
LXF regular
 
Posts: 2459
Joined: Tue Mar 27, 2007 1:49 am

Postby nelz » Thu Apr 11, 2013 12:11 pm

I think you mean grep rather than locate. The latter only finds files by name.

Code: Select all
grep -r IP-ADDRESS /etc


The contents of /etc/resolv.conf may be interesting too.

BTW those are shell commands, not bash commands. They are not built into bash and work just as well in any shell.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8548
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Postby dpeirce » Thu Apr 11, 2013 11:52 pm

/etc/resolve.conf shows only the IP # of my router. I tried the grep command as user and as root, and got different results:

Code: Select all
dave@tower-host-mepis:~$ grep -r "69.16.143.23" /etc/*
grep: /etc/alternatives/irc.protocol: No such file or directory
grep: /etc/alternatives/lvm-default: No such file or directory
grep: /etc/apt/secring.gpg: Permission denied
grep: /etc/cups/ssl: Permission denied
grep: /etc/default/cacerts: Permission denied
grep: /etc/group-: Permission denied
grep: /etc/gshadow: Permission denied
grep: /etc/gshadow-: Permission denied
grep: /etc/lvm/cache: Permission denied
grep: /etc/mysql/debian.cnf: Permission denied
grep: /etc/passwd-: Permission denied
grep: /etc/ppp/chap-secrets: Permission denied
grep: /etc/ppp/pap-secrets: Permission denied
grep: /etc/security/opasswd: Permission denied
grep: /etc/shadow: Permission denied
grep: /etc/shadow-: Permission denied
grep: /etc/skel/.synaptic/lock: Permission denied
grep: /etc/skel/.config/qtcurve/stylerc: Permission denied
grep: /etc/skel/Mail/.outbox.index.ids: Permission denied
grep: /etc/skel/Mail/.inbox.index: Permission denied
grep: /etc/skel/Mail/.trash.index: Permission denied
grep: /etc/skel/Mail/.drafts.index: Permission denied
grep: /etc/skel/Mail/.sent-mail.index: Permission denied
grep: /etc/skel/Mail/.spam.index: Permission denied
grep: /etc/skel/Mail/.inbox.index.ids: Permission denied
grep: /etc/skel/Mail/.sent-mail.index.ids: Permission denied
grep: /etc/skel/Mail/.spam.index.ids: Permission denied
grep: /etc/skel/Mail/.drafts.index.ids: Permission denied
grep: /etc/skel/Mail/.outbox.index: Permission denied
grep: /etc/ssh/ssh_host_key: Permission denied
grep: /etc/ssh/ssh_host_dsa_key: Permission denied
grep: /etc/ssh/ssh_host_rsa_key: Permission denied
grep: /etc/ssl/private: Permission denied
grep: /etc/sudoers: Permission denied
grep: /etc/sudoers.d/README: Permission denied
grep: /etc/ufw/before.rules: Permission denied
grep: /etc/ufw/after6.rules: Permission denied
grep: /etc/ufw/after.rules: Permission denied
grep: /etc/ufw/before6.rules: Permission denied
grep: /etc/X11/Xwrapper.config: Permission denied
dave@tower-host-mepis:~$

[root@tower-host-mepis dave]# grep -r "69.16.143.23" /etc/*
grep: /etc/alternatives/irc.protocol: No such file or directory
grep: /etc/alternatives/lvm-default: No such file or directory
[root@tower-host-mepis dave]#
[root@tower-host-mepis dave]#



Of the ones I tried, they were either no such file or encrypted. But I've discovered my router has a 'Parental Control' feature, so I'm going to try blocking those numbers and see if anything breaks. I'll also try referring them to localhost in the hosts file.

Unless y'all tell me that's a bad idea. Maybe that way, if I do have malware installed, it won't be able to call home?

Another odd thing: According to 'whois', 66.152.109.23 is Tech Valley Communications; but ask dot com shows that ip # 66.152.109 is cnet.robtex.com. 69.16.143.23 shows to Highland in both; 184.106.31.177 is Racxkspace Hosting in whois, but doesn't show at all in ask dot com. Dunno if that has any significance.

Is it a good ideas to try blocking those strange IP #s?

In faith, Dave
Viva Texas
dpeirce
 
Posts: 31
Joined: Tue Sep 12, 2006 11:26 pm
Location: Central Texas

Postby Dutch_Master » Fri Apr 12, 2013 1:13 am

Binding them to localhost is a good idea. It may even give you a hint of what application wants these addresses, if it reports loss of connectivity... ;)
Dutch_Master
LXF regular
 
Posts: 2459
Joined: Tue Mar 27, 2007 1:49 am

Postby dpeirce » Fri Apr 12, 2013 10:24 pm

I bound them to localhost in the hosts file in both machines, and re-booted. Can't see any difference so far, but they are still showing up in 'dig' on both machines.

I can't block them yet in the router because my hacker friend wants me to wait until he figures out why my internet look-up is sooo slow. It downloads at respectable speeds from one site; but when it goes to a sub-site or another site, it takes it a long time to connect. Different problem, but he wants me to leave the router alone right now.

If there are any more ideas about how to find out who/what those strange IP #s are, and whether they are significant or insignificant, I would appreciate hearing. Thanks for the help so far.

In faith, Dave
Viva Texas

An idle mind is the best way to relax.
dpeirce
 
Posts: 31
Joined: Tue Sep 12, 2006 11:26 pm
Location: Central Texas

Postby nelz » Fri Apr 12, 2013 10:41 pm

DNS lookup returns spurious addresses
DNS lookup is slow

Are you sure these are separate problems?

As resolv.conf is set to the address of your router, what is your router using as DNS servers? An incorrect setting here could be the route(sic) cause of both problems.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8548
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Postby dpeirce » Fri Apr 12, 2013 11:57 pm

Hmmnnnn..... That question raised some more problems. The router looks to the modem's IP number (separate router and modem here). So I accessed the modem, which faces out on to the world. However, the primary and secondary DNSs are blank. My friend says that could be if the modem is getting its info direct from the ISP, but that I can manually enter the numbers to check. In this modem, the button is 'Expert Mode'.

However, clicking expert mode gives nothing; can't enter expert mode. Friend says that's weird and he will be over in the morning with a loaner modem which he knows is OK, and see what happens.

He acted surprised, Thanks for that question!! Maybe they ARE related problems!

In faith, Dave
Viva Texas

To err is human... to really foul up requires the root password.
dpeirce
 
Posts: 31
Joined: Tue Sep 12, 2006 11:26 pm
Location: Central Texas

Postby Dutch_Master » Sat Apr 13, 2013 3:30 am

Use this IP address as your main DNS, for now: 194.109.104.104 It's the DNS of my ISP (xs4all.nl) and absolutely safe. (do a whois and/or dig about it to check if you're unsure!)

You could cut out the router and connect your PC directly to the modem, using the above DNS and the known IP address. However. it may require a cross-over cable to connect modem and PC directly.
Dutch_Master
LXF regular
 
Posts: 2459
Joined: Tue Mar 27, 2007 1:49 am

Postby nelz » Sat Apr 13, 2013 8:41 am

You could use openDNS of Google's DNS servers. Put these in your router so you don't have to change the modem's settings.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8548
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

PreviousNext

Return to Help!

Who is online

Users browsing this forum: No registered users and 2 guests