Ruter to Linksys WRT160NL z OpenWRT. Z rutera mogę się zalogować przez SSH do VPS-a:
Kod: Zaznacz cały
root@Gargoyle:~# ssh [email protected]
[email protected]'s password:
Last login: Fri Jan 4 07:46:31 2013 from ixn59.internetdsl.tpnet.pl
Starting PowerConsole v1.3 <> (c)2012 soluslabs ltd.
please wait...
successfully logged in.
entered into CT 5891
root@wojtasvps:/# mc
root@wojtasvps:/# exit
logout
exited from CT 5891
root@Gargoyle:~#
Host1free na swoich forach napisał, że serwery nie posiadają żadnego firewalla ani też nie blokują żadnych portów w "standardzie".
Kod: Zaznacz cały
root@wojtasvps:/# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
root@wojtasvps:/# iptables -t nat -S
-P PREROUTING ACCEPT
-P POSTROUTING ACCEPT
-P OUTPUT ACCEPT
root@wojtasvps:/# iptables -t mangle -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
Kod: Zaznacz cały
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# tunelowanie portow
AllowTcpForwarding yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
Kod: Zaznacz cały
ssh -f -NT -R 8889:localhost:22 [email protected]
Kod: Zaznacz cały
ps
Kod: Zaznacz cały
....
14731 root 1244 R /usr/sbin/dropbear -P /var/run/dropbear.1.pid -p 22
14732 root 1524 S -ash
14744 root 1192 S ssh -f -NT -R 8889:localhost:22 [email protected]
15209 root 0 SW [flush-8:0]
15210 root 1496 R ps
....
W tym momencie, chcę sprawdzić czy VPS nasłuchuje na porcie 8889:
Kod: Zaznacz cały
root@wojtasvps:/# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 localhost:953 *:* LISTEN
tcp 0 0 *:microsoft-ds *:* LISTEN
tcp 0 0 localhost:submission *:* LISTEN
tcp 0 0 *:netbios-ssn *:* LISTEN
tcp 0 0 *:www *:* LISTEN
tcp 0 0 wojtasvps:domain *:* LISTEN
tcp 0 0 127.0.0.2:domain *:* LISTEN
tcp 0 0 localhost:domain *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp6 0 0 [::]:domain [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
udp 0 0 wojtasvps:netbios-ns *:*
udp 0 0 wojtasvps:netbios-ns *:*
udp 0 0 127.0.0.2:netbios-ns *:*
udp 0 0 127.0.0.2:netbios-ns *:*
udp 0 0 *:netbios-ns *:*
udp 0 0 wojtasvps:netbios-dgm *:*
udp 0 0 wojtasvps:netbios-dgm *:*
udp 0 0 127.0.0.2:netbios-dgm *:*
udp 0 0 127.0.0.2:netbios-dgm *:*
udp 0 0 *:netbios-dgm *:*
udp 0 0 wojtasvps:domain *:*
udp 0 0 127.0.0.2:domain *:*
udp 0 0 localhost:domain *:*
udp6 0 0 [::]:domain [::]:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 1203263087 /var/run/saslauthd/mux
unix 2 [ ACC ] STREAM LISTENING 1203312045 /var/run/sendmail/mta/smcontrol
unix 6 [ ] DGRAM 1203261670 /dev/log
unix 2 [ ] DGRAM 1203264304
unix 2 [ ] DGRAM 1203263806
unix 2 [ ] DGRAM 1203263095
unix 2 [ ] DGRAM 1203263025
root@wojtasvps:/#
Kod: Zaznacz cały
root@wojtasvps:/# ssh -p 8889 [email protected]
ssh: connect to host 127.0.0.1 port 8889: Connection refused
root@wojtasvps:/#
Proszę o pomoc, bo walczę z tym już ładnych parę dni...
Ps. Czy można zrobić tak aby logi SSH VPS-a były przechowywane w oddzielnym pliku?