How do I turn on ...?

How do I turn on ...?

[daniel lance herrick]

Just got my employer to supply a box to install
RedHat 7.3 on, so I can use the SGML tools without
first finding them and learning to build and
install them.

Everything's wonderful, it's even on the company
network with a name I gave it. (The word from the
helpdesk is that "the desktop team has no duties
to perform on a Linux machine.")

I told the install "Medium Security".

It refuses ssh connections.

After reading the xinetd and ssh man pages (there
is no sshd man page) I still have no clue what to
do to properly activate the sshd within the RedHat
philosophy.

Would someone tell me what document to read?

dan

Re: How do I turn on ...?

[Dirk Bonenkamp - Bean IT]

Hi Daniel,

Not sure about RH 7.3, but in 7.2 this works:

Have a look at /etc/sysconfig/iptables

You could make a copy of this file, and then empty the original one. 
Restart the firewall with this command:

/etc/init.d/iptables restart

And have a try then. If things work now, it's time to read the iptables man 
page and you can start to make your own iptables config.

Have fun,

Dirk

At 11:51 26-6-2002 -0400, daniel lance herrick wrote:
>Just got my employer to supply a box to install
>RedHat 7.3 on, so I can use the SGML tools without
>first finding them and learning to build and
>install them.
>
>Everything's wonderful, it's even on the company
>network with a name I gave it. (The word from the
>helpdesk is that "the desktop team has no duties
>to perform on a Linux machine.")
>
>I told the install "Medium Security".
>
>It refuses ssh connections.
>
>After reading the xinetd and ssh man pages (there
>is no sshd man page) I still have no clue what to
>do to properly activate the sshd within the RedHat
>philosophy.
>
>Would someone tell me what document to read?
>
>dan
>
>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html

Bean IT

T: +31 (0)23 - 5422299
F: +31 (0)23 - 5422728
W: http://www.bean-it.nl

Re: How do I turn on ...?

[daniel lance herrick]

Thanks, Dirk.

I looked at /etc/sysconfig/ipchains (in
response to your note). Found a bunch of ACCEPTs
and a bunch of REJECTs.

Searched /etc/services and found "ssh 22/tcp" and
also udp.

The second line in /etc/sysconfig/ipchains is

 -A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT

so I think the firewalling is set up to pass ssh.

Comments in the ipchains file mention ifup-post,
so I looked there. It is bulky and the bulk is
devoted to "punch[ing] dns through the
firewall" by computing an ipchains command and
issuing it.

I still need help.

dan


On Wed, 26 Jun 2002, Dirk Bonenkamp - Bean IT wrote:

> Hi Daniel,
> 
> Not sure about RH 7.3, but in 7.2 this works:
> 
> Have a look at /etc/sysconfig/iptables
> 
> You could make a copy of this file, and then empty the original one. 
> Restart the firewall with this command:
> 
> /etc/init.d/iptables restart
> 
> And have a try then. If things work now, it's time to read the iptables man 
> page and you can start to make your own iptables config.
> 
> Have fun,
> 
> Dirk
> 
> At 11:51 26-6-2002 -0400, daniel lance herrick wrote:
> >Just got my employer to supply a box to install
> >RedHat 7.3 on, so I can use the SGML tools without
> >first finding them and learning to build and
> >install them.
> >
> >Everything's wonderful, it's even on the company
> >network with a name I gave it. (The word from the
> >helpdesk is that "the desktop team has no duties
> >to perform on a Linux machine.")
> >
> >I told the install "Medium Security".
> >
> >It refuses ssh connections.
> >
> >After reading the xinetd and ssh man pages (there
> >is no sshd man page) I still have no clue what to
> >do to properly activate the sshd within the RedHat
> >philosophy.
> >
> >Would someone tell me what document to read?
> >
> >dan
> >
> >
> >-
> >To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> >the body of a message to majordomo@vger.kernel.org
> >More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> Bean IT
> 
> T: +31 (0)23 - 5422299
> F: +31 (0)23 - 5422728
> W: http://www.bean-it.nl
> 
> 

Re: How do I turn on ...?

[David Jackson]

You might wnat to put linix-admin on the to: line
that why when people reply it goes to the list.
Which is where the messages was posted.

David


---------- Original Message ----------------------------------
From: daniel lance herrick <dan.herrick@pbs.proquest.com>
Date: 	Wed, 26 Jun 2002 13:20:52 -0400 (EDT)

>Thanks, Dirk.
>
>I looked at /etc/sysconfig/ipchains (in
>response to your note). Found a bunch of ACCEPTs
>and a bunch of REJECTs.
>
>Searched /etc/services and found "ssh 22/tcp" and
>also udp.
>
>The second line in /etc/sysconfig/ipchains is
>
> -A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
>
>so I think the firewalling is set up to pass ssh.
>
>Comments in the ipchains file mention ifup-post,
>so I looked there. It is bulky and the bulk is
>devoted to "punch[ing] dns through the
>firewall" by computing an ipchains command and
>issuing it.
>
>I still need help.
>
>dan
>
>
>On Wed, 26 Jun 2002, Dirk Bonenkamp - Bean IT wrote:
>
>> Hi Daniel,
>> 
>> Not sure about RH 7.3, but in 7.2 this works:
>> 
>> Have a look at /etc/sysconfig/iptables
>> 
>> You could make a copy of this file, and then empty the original one. 
>> Restart the firewall with this command:
>> 
>> /etc/init.d/iptables restart
>> 
>> And have a try then. If things work now, it's time to read the iptables man 
>> page and you can start to make your own iptables config.
>> 
>> Have fun,
>> 
>> Dirk
>> 
>> At 11:51 26-6-2002 -0400, daniel lance herrick wrote:
>> >Just got my employer to supply a box to install
>> >RedHat 7.3 on, so I can use the SGML tools without
>> >first finding them and learning to build and
>> >install them.
>> >
>> >Everything's wonderful, it's even on the company
>> >network with a name I gave it. (The word from the
>> >helpdesk is that "the desktop team has no duties
>> >to perform on a Linux machine.")
>> >
>> >I told the install "Medium Security".
>> >
>> >It refuses ssh connections.
>> >
>> >After reading the xinetd and ssh man pages (there
>> >is no sshd man page) I still have no clue what to
>> >do to properly activate the sshd within the RedHat
>> >philosophy.
>> >
>> >Would someone tell me what document to read?
>> >
>> >dan
>> >
>> >
>> >-
>> >To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>> >the body of a message to majordomo@vger.kernel.org
>> >More majordomo info at  http://vger.kernel.org/majordomo-info.html
>> 
>> Bean IT
>> 
>> T: +31 (0)23 - 5422299
>> F: +31 (0)23 - 5422728
>> W: http://www.bean-it.nl
>> 
>> 
>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: How do I turn on ...?

[Kyle]

 Do a chkconfig --list | grep ssh
that will tell you which run levels ssh is supposed to
be running on.   Then do a netstat -a | grep LISTEN
and see if the ssh port is being listeded on.  Then
you can do a ps -ef | grep sshd and see if sshd is
running. 
 If you have something listening on port 22 try and
telnet into the box using port 22
telnet mybox 22
  If you get a connection then your ipchains is setup
correctly if not then ipchains is blocking your
request.  You can verify this by doing a
/etc/rc.d/init.d/ipchains stop 
and then trying to ssh into the box.  If you find it
is ipchains causing the problem remember that ipchains
goes from top to bottom for accepting or rejecting
packets.  If you have a rule that rejects ssh
connections above the one that accepts them then they
will be rejected.

Kyle.

--- daniel lance herrick
<dan.herrick@pbs.proquest.com> wrote:
> Thanks, Dirk.
> 
> I looked at /etc/sysconfig/ipchains (in
> response to your note). Found a bunch of ACCEPTs
> and a bunch of REJECTs.
> 
> Searched /etc/services and found "ssh 22/tcp" and
> also udp.
> 
> The second line in /etc/sysconfig/ipchains is
> 
>  -A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
> 
> so I think the firewalling is set up to pass ssh.
> 
> Comments in the ipchains file mention ifup-post,
> so I looked there. It is bulky and the bulk is
> devoted to "punch[ing] dns through the
> firewall" by computing an ipchains command and
> issuing it.
> 
> I still need help.
> 
> dan
> 
> 
> On Wed, 26 Jun 2002, Dirk Bonenkamp - Bean IT wrote:
> 
> > Hi Daniel,
> > 
> > Not sure about RH 7.3, but in 7.2 this works:
> > 
> > Have a look at /etc/sysconfig/iptables
> > 
> > You could make a copy of this file, and then empty
> the original one. 
> > Restart the firewall with this command:
> > 
> > /etc/init.d/iptables restart
> > 
> > And have a try then. If things work now, it's time
> to read the iptables man 
> > page and you can start to make your own iptables
> config.
> > 
> > Have fun,
> > 
> > Dirk
> > 
> > At 11:51 26-6-2002 -0400, daniel lance herrick
> wrote:
> > >Just got my employer to supply a box to install
> > >RedHat 7.3 on, so I can use the SGML tools
> without
> > >first finding them and learning to build and
> > >install them.
> > >
> > >Everything's wonderful, it's even on the company
> > >network with a name I gave it. (The word from the
> > >helpdesk is that "the desktop team has no duties
> > >to perform on a Linux machine.")
> > >
> > >I told the install "Medium Security".
> > >
> > >It refuses ssh connections.
> > >
> > >After reading the xinetd and ssh man pages (there
> > >is no sshd man page) I still have no clue what to
> > >do to properly activate the sshd within the
> RedHat
> > >philosophy.
> > >
> > >Would someone tell me what document to read?
> > >
> > >dan
> > >
> > >
> > >-
> > >To unsubscribe from this list: send the line
> "unsubscribe linux-admin" in
> > >the body of a message to
> majordomo@vger.kernel.org
> > >More majordomo info at 
> http://vger.kernel.org/majordomo-info.html
> > 
> > Bean IT
> > 
> > T: +31 (0)23 - 5422299
> > F: +31 (0)23 - 5422728
> > W: http://www.bean-it.nl
> > 
> > 
> 
> -
> To unsubscribe from this list: send the line
> "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at 
http://vger.kernel.org/majordomo-info.html


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Re: How do I turn on ...?

[Glynn Clements]

daniel lance herrick wrote:

> It refuses ssh connections.
> 
> After reading the xinetd and ssh man pages (there
> is no sshd man page) I still have no clue what to
> do to properly activate the sshd within the RedHat
> philosophy.

sshd does have a man page; is sshd itself (/usr/sbin/sshd) actually
installed? It's in the "openssh-server" RPM.

Note that sshd is normally run as a standalone daemon, not from inetd,
due to the relatively long startup time.

-- 
Glynn Clements <glynn.clements@virgin.net>

Re: How do I turn on ...?

[terry white]

on "6-26-2002" "daniel lance herrick" writ:

: After reading the xinetd and ssh man pages (there
: is no sshd man page) I still have no clue what to
: do to properly activate the sshd within the RedHat
: philosophy.
: 
: Would someone tell me what document to read?
  
... i am hopeful, you've made sure the install 'satisfies' your real
security requirements.
  
    before you install ssh , it would be prudent to do a search on
'securityfocus.com' for "ssh".  security problems are a concern ...
  

-- 
... i'm a man, but i can change,
    if i have to , i guess ...