simple(?) ssh question

[Headmaster]

Hello
I am new to Linux etc. Now I'm trying to get openSSH up and running. I can access it from all of my local machines. I have opened up that port on our firewall and routed it to this machine. When I try to access from our external IP, I get no response or error except that my request timed out. Here is my sshd_config file. http and ftp work from our external IP. I'm sure this is a 5 minute thing, but I don't know where to start! I'm running SuSE PRO 8.1.
TIA!
scott

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
ListenAddress 0.0.0.0
AllowUsers scottm
Gatewayports yes

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 600
PermitRootLogin no
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server

 

[ses123]

r there any ipchains on the server that blocks ssh?

 

[Headmaster]

Stupid question, how do I check that. I thought there was a file that stored all of the rules...
Thanks for replying

 

[ses123]

check /etc/rc.d/rc.firewall or /etc/sysconfig/iptables or /etc/sysconfig/ipchains and check for any deny statemetns on ssh port

 

[bluegroper]

Or you could skip all this command line and .conf config stuff, and do it the easy way with webmin.

 

[pupu]

This cathegory of problems should be marked with big sign 'CHECK YOUR LOGS' Both on your firewall and your server. It may be routing problem or firewalling problem. Can you access Internet from your Linux box? Have you opened connection for responses (ie. from port 22)?

 

[timsr]

Try running ssh -v to get the messages coming back. You may find that the connection is made but not allowed. The messages will lead to a solution.

 

[Headmaster]

Well here goes again. Here is what happens when I try ssh -v:

OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 500 geteuid 0 anon 1
debug1: Connecting to my_ip [my_ip] port 22.
debug1: temporarily_use_uid: 500/100 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 500/100 (e=0)

I have checked all the logs I can find. Nothing about errors from my external IP. I'm thinking it may be the firewall now. When I connect with the local address, I can see that being logged. CRAP

Thanks for your help. I'm going to find the problem yet! I wish I had an expert in my pocket!

scott

 

[pdxcliffy]

try running iptables -L and see if port 22 is being forwarded. I also second the webmin suggestion for setting up and maintaining openssh and a lot of other servers.

 

[bpinos]

Have you checked your hosts.allow and hosts.deny files. These files will be active if the version of openssh you are using was complied with libwrap.a.

If tcpwrappers are in effect, then it will seem like it DID NOT get a connection.

 

[pupu]

You can also try to telnet to port 22. If something answers, you can search for configuration error. If not, you have network connection problem.