Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

[Solved] Configure ssh and Unison; ssh not working
Goto page Previous  1, 2, 3  Next
 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help!
View previous topic :: View next topic  
Author Message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8455
Location: Warrington, UK

PostPosted: Sun Apr 07, 2013 10:47 pm    Post subject: Reply with quote

A refused connection is a classic sign of sshd not running, and it doesn't appear in the ps output either. Is the ssh-server package even installed on the tower? if you get nothing from
Code:
sudo which sshd

you need to install it. Otherwise, you need to make sure the service is set to start as boot, using whatever method is appropriate for your distro.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
dpeirce



Joined: Wed Sep 13, 2006 12:26 am
Posts: 31
Location: Central Texas

PostPosted: Sun Apr 07, 2013 10:51 pm    Post subject: Reply with quote

I checked in Synaptic, and only the openssh client was installed on the tower. I've installed the openssh server.

Now ssh tower works from my laptop, and I got a bash window for the tower on my laptop, and ls'ed some directories on the tower from the laptop.

Also, both the openssh client and server are already installed on the laptop. So, the port 22 problem is fixed! Smile Smile Smile

however, $dig laptop from the tower (or from the laptop) still shows funky ip numbers in the Answer section:

Code:

dave@tower-host-mepis:~$ dig laptop

; <<>> DiG 9.7.3 <<>> laptop
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11358
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;laptop.                                IN      A

;; ANSWER SECTION:
laptop.                 10      IN      A       66.152.109.23
laptop.                 10      IN      A       69.16.143.23
laptop.                 10      IN      A       184.106.31.177

;; Query time: 3 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Sun Apr  7 16:47:09 2013
;; MSG SIZE  rcvd: 90

dave@tower-host-mepis:~$

Is there a fix for that?

In faith, Dave
Viva Texas
Back to top
View user's profile Send private message
dpeirce



Joined: Wed Sep 13, 2006 12:26 am
Posts: 31
Location: Central Texas

PostPosted: Mon Apr 08, 2013 4:24 am    Post subject: Reply with quote

Or, are the strange numbers even a problem? I mention them because they don't agree with anything output by ifconfig on the laptop and I don't know where they come from. However, using dig or ifcopnfig on the tower outputs the simple ip number for the tower.

In faith, Dave
Viva Texas
Back to top
View user's profile Send private message
dpeirce



Joined: Wed Sep 13, 2006 12:26 am
Posts: 31
Location: Central Texas

PostPosted: Wed Apr 10, 2013 3:50 pm    Post subject: Reply with quote

I do appreciate the help straightening out my router and network. Thank you.

In faith, Dave
Viva Texas

Generation of random numbers is too important to be left to chance.
Back to top
View user's profile Send private message
Dutch_Master
LXF regular


Joined: Tue Mar 27, 2007 2:49 am
Posts: 2431

PostPosted: Wed Apr 10, 2013 5:57 pm    Post subject: Reply with quote

These random numbers are actually IP addresses too. You can do a whois query on them and the first (66.152.109.23) gives that it's part of the Tech Valley Communications IP range. I suspect this to be the DNS addresses of your ISP?

Code:
~ whois 66.152.109.23

# Query terms are ambiguous.  The query is assumed to be:
#     "n 66.152.109.23"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=66.152.109.23?showDetails=true&showARIN=false&ext=netref2
#

Tech Valley Communications TVC-BLK-3 (NET-66-152-96-0-1) 66.152.96.0 - 66.152.111.255
Search Guide, Inc 66-152-109-0-25 (NET-66-152-109-0-1) 66.152.109.0 - 66.152.109.127


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
Back to top
View user's profile Send private message
dpeirce



Joined: Wed Sep 13, 2006 12:26 am
Posts: 31
Location: Central Texas

PostPosted: Thu Apr 11, 2013 4:22 am    Post subject: Reply with quote

Hi, and thanks for the info. I did whois on the other two strange IP numbers. I got responses for Highwinds Network Group, Inc. in Phoenix, Arizona and for Rackspace Hosting in San Antonio, Texas. And from yours I got Tech Valley Communications of no address.

This is getting spooky!

My ISP is Century Tel, Inc. I don't know anything at all about Tech Valley, Highwinds Network Group, or Rackspace Hosting. I keep wondering how they got into my computer.

I didn't know about whois; are there other commands which will tell me more about these people? Alternatively, I wonder if there's some way to block those IP numbers and see what happens?

Here is the full output of whois:

Code:

$ whois 66.152.109.23
Tech Valley Communications TVC-BLK-3 (NET-66-152-96-0-1) 66.152.96.0 - 66.152.111.255
Search Guide, Inc 66-152-109-0-25 (NET-66-152-109-0-1) 66.152.109.0 - 66.152.109.127


$ whois 69.16.143.23
NetRange:       69.16.128.0 - 69.16.191.255
CIDR:           69.16.128.0/18
OriginAS:
NetName:        HIGHWINDS1
NetHandle:      NET-69-16-128-0-1
Parent:         NET-69-0-0-0-0
NetType:        Direct Allocation
RegDate:        2004-02-19
Updated:        2012-02-24
Ref:            http://whois.arin.net/rest/net/NET-69-16-128-0-1

OrgName:        Highwinds Network Group, Inc.
OrgId:          HNG-3
Address:        3300 N Central Ave
Address:        Ste 200
City:           Phoenix
StateProv:      AZ
PostalCode:     85012
Country:        US
RegDate:        2006-12-21
Updated:        2013-02-28
Ref:            http://whois.arin.net/rest/org/HNG-3

OrgTechHandle: HIA3-ARIN
OrgTechName:   Highwinds IP Administrator
OrgTechPhone:  +1-602-515-0960
OrgTechEmail:  ip-request@hwng.net
OrgTechRef:    http://whois.arin.net/rest/poc/HIA3-ARIN

OrgNOCHandle: HNOC5-ARIN
OrgNOCName:   Highwinds Network Operations Center
OrgNOCPhone:  +1-602-515-0960
OrgNOCEmail:  noc@hwng.net
OrgNOCRef:    http://whois.arin.net/rest/poc/HNOC5-ARIN

OrgAbuseHandle: HAR8-ARIN
OrgAbuseName:   Highwinds Abuse Response
OrgAbusePhone:  +1-602-515-0960
OrgAbuseEmail:  abuse@hwng.net
OrgAbuseRef:    http://whois.arin.net/rest/poc/HAR8-ARIN

#

dave@laptop-mepis-host:~$


$ whois 184.106.31.177
NetRange:       184.106.0.0 - 184.106.255.255
CIDR:           184.106.0.0/16
OriginAS:
NetName:        RACKS-8-NET-4
NetHandle:      NET-184-106-0-0-1
Parent:         NET-184-0-0-0-0
NetType:        Direct Allocation
RegDate:        2010-05-21
Updated:        2012-02-24
Ref:            http://whois.arin.net/rest/net/NET-184-106-0-0-1

OrgName:        Rackspace Hosting
OrgId:          RACKS-8
Address:        5000 Walzem Road
City:           San Antonio
StateProv:      TX
PostalCode:     78218
Country:        US
RegDate:        2010-03-29
Updated:        2011-11-30
Ref:            http://whois.arin.net/rest/org/RACKS-8

OrgTechHandle: IPADM17-ARIN
OrgTechName:   IPADMIN
OrgTechPhone:  +1-210-892-4000
OrgTechEmail:  hostmaster@rackspace.com
OrgTechRef:    http://whois.arin.net/rest/poc/IPADM17-ARIN

OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName:   Abuse Desk
OrgAbusePhone:  +1-210-892-4000
OrgAbuseEmail:  abuse@rackspace.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE45-ARIN

RTechHandle: IPADM17-ARIN
RTechName:   IPADMIN
RTechPhone:  +1-210-892-4000
RTechEmail:  hostmaster@rackspace.com
RTechRef:    http://whois.arin.net/rest/poc/IPADM17-ARIN

RAbuseHandle: ABUSE45-ARIN
RAbuseName:   Abuse Desk
RAbusePhone:  +1-210-892-4000
RAbuseEmail:  abuse@rackspace.com
RAbuseRef:    http://whois.arin.net/rest/poc/ABUSE45-ARIN

#

dave@laptop-mepis-host:~$


Maybe I've read too many internet horror stories, but this is kind of frightening. Or it might be nothing at all. I hope you can help me find out which.

In faith, Dave
Viva Texas
Back to top
View user's profile Send private message
Dutch_Master
LXF regular


Joined: Tue Mar 27, 2007 2:49 am
Posts: 2431

PostPosted: Thu Apr 11, 2013 11:37 am    Post subject: Reply with quote

Well, if they're not related to your ISP, you could do without them I suppose. Question is, where do these entries come from? They must be mentioned in a config file of some sort, so use the locate command (and the IP address as your search string) to find which file. Rename the suspect file, to see if anything breaks. If it does, edit it so the IP address is taken out and rename the file back, if everything continues as planned, remove it completely, preferably with the application that installed it.

There's a list of bash commands here: http://www.ss64.com/bash/
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8455
Location: Warrington, UK

PostPosted: Thu Apr 11, 2013 1:11 pm    Post subject: Reply with quote

I think you mean grep rather than locate. The latter only finds files by name.

Code:
grep -r IP-ADDRESS /etc


The contents of /etc/resolv.conf may be interesting too.

BTW those are shell commands, not bash commands. They are not built into bash and work just as well in any shell.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
dpeirce



Joined: Wed Sep 13, 2006 12:26 am
Posts: 31
Location: Central Texas

PostPosted: Fri Apr 12, 2013 12:52 am    Post subject: Reply with quote

/etc/resolve.conf shows only the IP # of my router. I tried the grep command as user and as root, and got different results:

Code:

dave@tower-host-mepis:~$ grep -r "69.16.143.23" /etc/*
grep: /etc/alternatives/irc.protocol: No such file or directory
grep: /etc/alternatives/lvm-default: No such file or directory
grep: /etc/apt/secring.gpg: Permission denied
grep: /etc/cups/ssl: Permission denied
grep: /etc/default/cacerts: Permission denied
grep: /etc/group-: Permission denied
grep: /etc/gshadow: Permission denied
grep: /etc/gshadow-: Permission denied
grep: /etc/lvm/cache: Permission denied
grep: /etc/mysql/debian.cnf: Permission denied
grep: /etc/passwd-: Permission denied
grep: /etc/ppp/chap-secrets: Permission denied
grep: /etc/ppp/pap-secrets: Permission denied
grep: /etc/security/opasswd: Permission denied
grep: /etc/shadow: Permission denied
grep: /etc/shadow-: Permission denied
grep: /etc/skel/.synaptic/lock: Permission denied
grep: /etc/skel/.config/qtcurve/stylerc: Permission denied
grep: /etc/skel/Mail/.outbox.index.ids: Permission denied
grep: /etc/skel/Mail/.inbox.index: Permission denied
grep: /etc/skel/Mail/.trash.index: Permission denied
grep: /etc/skel/Mail/.drafts.index: Permission denied
grep: /etc/skel/Mail/.sent-mail.index: Permission denied
grep: /etc/skel/Mail/.spam.index: Permission denied
grep: /etc/skel/Mail/.inbox.index.ids: Permission denied
grep: /etc/skel/Mail/.sent-mail.index.ids: Permission denied
grep: /etc/skel/Mail/.spam.index.ids: Permission denied
grep: /etc/skel/Mail/.drafts.index.ids: Permission denied
grep: /etc/skel/Mail/.outbox.index: Permission denied
grep: /etc/ssh/ssh_host_key: Permission denied
grep: /etc/ssh/ssh_host_dsa_key: Permission denied
grep: /etc/ssh/ssh_host_rsa_key: Permission denied
grep: /etc/ssl/private: Permission denied
grep: /etc/sudoers: Permission denied
grep: /etc/sudoers.d/README: Permission denied
grep: /etc/ufw/before.rules: Permission denied
grep: /etc/ufw/after6.rules: Permission denied
grep: /etc/ufw/after.rules: Permission denied
grep: /etc/ufw/before6.rules: Permission denied
grep: /etc/X11/Xwrapper.config: Permission denied
dave@tower-host-mepis:~$

[root@tower-host-mepis dave]# grep -r "69.16.143.23" /etc/*
grep: /etc/alternatives/irc.protocol: No such file or directory
grep: /etc/alternatives/lvm-default: No such file or directory
[root@tower-host-mepis dave]#
[root@tower-host-mepis dave]#



Of the ones I tried, they were either no such file or encrypted. But I've discovered my router has a 'Parental Control' feature, so I'm going to try blocking those numbers and see if anything breaks. I'll also try referring them to localhost in the hosts file.

Unless y'all tell me that's a bad idea. Maybe that way, if I do have malware installed, it won't be able to call home?

Another odd thing: According to 'whois', 66.152.109.23 is Tech Valley Communications; but ask dot com shows that ip # 66.152.109 is cnet.robtex.com. 69.16.143.23 shows to Highland in both; 184.106.31.177 is Racxkspace Hosting in whois, but doesn't show at all in ask dot com. Dunno if that has any significance.

Is it a good ideas to try blocking those strange IP #s?

In faith, Dave
Viva Texas
Back to top
View user's profile Send private message
Dutch_Master
LXF regular


Joined: Tue Mar 27, 2007 2:49 am
Posts: 2431

PostPosted: Fri Apr 12, 2013 2:13 am    Post subject: Reply with quote

Binding them to localhost is a good idea. It may even give you a hint of what application wants these addresses, if it reports loss of connectivity... Wink
Back to top
View user's profile Send private message
dpeirce



Joined: Wed Sep 13, 2006 12:26 am
Posts: 31
Location: Central Texas

PostPosted: Fri Apr 12, 2013 11:24 pm    Post subject: Reply with quote

I bound them to localhost in the hosts file in both machines, and re-booted. Can't see any difference so far, but they are still showing up in 'dig' on both machines.

I can't block them yet in the router because my hacker friend wants me to wait until he figures out why my internet look-up is sooo slow. It downloads at respectable speeds from one site; but when it goes to a sub-site or another site, it takes it a long time to connect. Different problem, but he wants me to leave the router alone right now.

If there are any more ideas about how to find out who/what those strange IP #s are, and whether they are significant or insignificant, I would appreciate hearing. Thanks for the help so far.

In faith, Dave
Viva Texas

An idle mind is the best way to relax.
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8455
Location: Warrington, UK

PostPosted: Fri Apr 12, 2013 11:41 pm    Post subject: Reply with quote

DNS lookup returns spurious addresses
DNS lookup is slow

Are you sure these are separate problems?

As resolv.conf is set to the address of your router, what is your router using as DNS servers? An incorrect setting here could be the route(sic) cause of both problems.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
dpeirce



Joined: Wed Sep 13, 2006 12:26 am
Posts: 31
Location: Central Texas

PostPosted: Sat Apr 13, 2013 12:57 am    Post subject: Reply with quote

Hmmnnnn..... That question raised some more problems. The router looks to the modem's IP number (separate router and modem here). So I accessed the modem, which faces out on to the world. However, the primary and secondary DNSs are blank. My friend says that could be if the modem is getting its info direct from the ISP, but that I can manually enter the numbers to check. In this modem, the button is 'Expert Mode'.

However, clicking expert mode gives nothing; can't enter expert mode. Friend says that's weird and he will be over in the morning with a loaner modem which he knows is OK, and see what happens.

He acted surprised, Thanks for that question!! Maybe they ARE related problems!

In faith, Dave
Viva Texas

To err is human... to really foul up requires the root password.
Back to top
View user's profile Send private message
Dutch_Master
LXF regular


Joined: Tue Mar 27, 2007 2:49 am
Posts: 2431

PostPosted: Sat Apr 13, 2013 4:30 am    Post subject: Reply with quote

Use this IP address as your main DNS, for now: 194.109.104.104 It's the DNS of my ISP (xs4all.nl) and absolutely safe. (do a whois and/or dig about it to check if you're unsure!)

You could cut out the router and connect your PC directly to the modem, using the above DNS and the known IP address. However. it may require a cross-over cable to connect modem and PC directly.
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8455
Location: Warrington, UK

PostPosted: Sat Apr 13, 2013 9:41 am    Post subject: Reply with quote

You could use openDNS of Google's DNS servers. Put these in your router so you don't have to change the modem's settings.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help! All times are GMT
Goto page Previous  1, 2, 3  Next
Page 2 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast