Page 3 of 4 12 3 4
Reply
Thread Tools
hqh is offline hqh
2009-12-30 , 23:13
Posts: 388 | Thanked: 842 times | Joined on Sep 2009 @ Finland
#21
Originally Posted by iKneaDough View Post
I have T-Mobile USA with the old 'Unlimited Internet with VPN' plan, and use the 'internet3.voicestream.com' apn, which also gives you a public IP address. However, when I try to ssh or vnc into it I get no response. It does respond to pings though.

Anyone have any ideas how to get around that?
You could try running sshd on a different port and hope you are able to find one that is not blocked. The configuration is at /etc/ssh/sshd_config
 

The Following User Says Thank You to hqh For This Useful Post:
iKneaDough is offline iKneaDough
2009-12-31 , 04:42
Posts: 81 | Thanked: 115 times | Joined on Jan 2008
#22
Originally Posted by hqh View Post
You could try running sshd on a different port and hope you are able to find one that is not blocked. The configuration is at /etc/ssh/sshd_config
I ran a ShieldsUP! internet port scan from the n900, and all ports it scanned show up as stealthed.

Do you think T-Mobile set up some kind of firewall to block any incoming connection on any ports?
 
Milhouse is offline Milhouse
2009-12-31 , 07:28
Posts: 3,401 | Thanked: 1,255 times | Joined on Nov 2005 @ London, UK
#23
Originally Posted by mikhmv View Post
user is disable for ssh until it will have password.
No, the user account is just locked by default on all tablets (770-N900) and the latest OpenSSH available for the N900 now doesn't allow login to locked accounts (a security change from previous versions of OpenSSH on Maemo1-4)

The "user" account doesn't need to be given a password (in fact doing so would increase the attack surface and could be considered a bad idea) - just unlock the account, and since it will have no password nobody can brute force a login (a good thing).

To unlock the user account use "passwd -u user" (as root) and then follow the N8x0/PuTTy guide here which explains how to login to the "user" account using only public/private keys. Consider using PuTTy Agent (x86) to store your private key (no need for "Connection -> SSH -> Auth" in step 5 of the guide), as this makes key management easier and also allows you to use FileZilla for scp access to your device using the same key.

Also, set a ridiculously strong password on the root account (passwd root) as you won't need to login as root very often assuming you use public keys to login as user, and sudo gainroot when root privileges are required. Locking the root account (passwd -l root) is a potentially better/more secure option as this would mean the root account can't be brute forced (you can still become root from user via sudo gainroot either on the device or over ssh) but could be a problem if you lost access to the GUI on the device.
Last edited by Milhouse; 2009-12-31 at 07:57.
 

The Following 2 Users Say Thank You to Milhouse For This Useful Post:
horli is offline horli
2010-01-03 , 07:23
Posts: 12 | Thanked: 1 time | Joined on Jan 2010
#24
I am trying to get this to work and this thread was usefull but unfortunatly I did not get it working yet.

WLAN (192.168.0.255)

1. N900, IP 192.168.0.13

open-ssh-common, open-ssh-server, openssh-client installed

2. Laptop Debian 5.0, IP 192.168.0.7

open-ssh client installed

Problem is whatever I do and whichever user I try ssh on the laptop hangs with this and nothing happens furthermore:

Code:
gh@brasov:~/.ssh$ ssh -vv root@192.168.0.13
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.13 [192.168.0.13] port 22.
debug1: Connection established.
debug1: identity file /home/gh/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/gh/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/gh/.ssh/id_dsa type -1
What I've tried:

I can ssh from N900 to other computers on the WLAN.
Strange is that there are no log's in /var/log for ssh on the N900.

Any ideas?
 
j.s is offline j.s
2010-01-03 , 07:42
Posts: 486 | Thanked: 251 times | Joined on Oct 2009
#25
Originally Posted by horli View Post
I am trying to get this to work and this thread was usefull but unfortunatly I did not get it working yet.

WLAN (192.168.0.255)

1. N900, IP 192.168.0.13

open-ssh-common, open-ssh-server, openssh-client installed

Any ideas?
When you installed ssh server on the n900, were you prompted to set a password for root?

If so, and you did, at that point you should have been able to ssh to root@192.168.0.13

That would be a good starting point before setting up keys and new user accounts. I would also get it working with the user account before setting up new accounts.
 
horli is offline horli
2010-01-03 , 08:08
Posts: 12 | Thanked: 1 time | Joined on Jan 2010
#26
Originally Posted by j.s View Post
When you installed ssh server on the n900, were you prompted to set a password for root?
Well I can't remember. So I just did

Code:
apt-get purge openssh-server
and

Code:
apt-get install openssh-server
It asked me for the root password, I typed one but unfortunatly nothing changed:

Code:
gh@brasov:~/.ssh$ ssh -vv root@192.168.0.13
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.13 [192.168.0.13] port 22.
debug1: Connection established.
debug1: identity file /home/gh/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/gh/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/gh/.ssh/id_dsa type -1
Thank's for your help & suggestion.

--
Greg
 
horli is offline horli
2010-01-03 , 09:53
Posts: 12 | Thanked: 1 time | Joined on Jan 2010
#27
What i figured out is that if I connect to port 22 via telnet then a connection is made, but there is no greeting message from SSH like the one I get when I connect to another debian box (192.168.0.3)

N900

Code:
gh@brasov:~$ telnet 192.168.0.13 22
Trying 192.168.0.13...
Connected to 192.168.0.13.
Escape character is '^]'.
Another Debian PC on the net.

Code:
gh@brasov:~$ telnet 192.168.0.3 22
Trying 192.168.0.3...
Connected to 192.168.0.3.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3p2 Debian-9etch3
^C^C
Connection closed by foreign host.
Is there something wrong with the ssh-server?
Should such a message apear on N900?
Could someone try it on his device and confirm the message?
Thank's?

--
Greg
 
horli is offline horli
2010-01-03 , 10:18
Posts: 12 | Thanked: 1 time | Joined on Jan 2010
#28
One more update. Since I can do from my N900:
Code:
$ ssh root@localhost
I am prompted for a password and can login.

Therefore this seems to be a network problem.
Is there some kind of firewall or network issue on the N900 going on?

--
Greg
 
horli is offline horli
2010-01-03 , 10:51
Posts: 12 | Thanked: 1 time | Joined on Jan 2010
#29
X11vnc does not work either. So I guess this is a general network problem. I disabled PSM http://wiki.maemo.org/Wifi_power_saving_mode but with no luck.
It seems all incoming network connections do not work.
What can I do?
 
DrWilken is offline DrWilken
2010-01-03 , 10:54
Posts: 515 | Thanked: 266 times | Joined on Nov 2009 @ Oelsted, Denmark
#30
Originally Posted by horli View Post
One more update. Since I can do from my N900:
Code:
$ ssh root@localhost
I am prompted for a password and can login.

Therefore this seems to be a network problem.
Is there some kind of firewall or network issue on the N900 going on?

--
Greg
There's no firewall on the N900... So connecting via WiFi shouldn't be a problem...

Code:
Nokia-N900-42-11:/# netstat -a | grep ssh
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN      
tcp        0      0 10.13.110.239:ssh       10.13.110.17:50040      ESTABLISHED 
netstat: no kernel support for AF INET6 (tcp)
netstat: no kernel support for AF INET6 (udp)
netstat: no kernel support for AF INET6 (raw)
unix  2      [ ACC ]     STREAM     LISTENING       4342 /tmp/ssh-wzwzUao917/agent.917
__________________
Christian Wilken - tux-POWER.dk!
... May the Source be with You ...
Last edited by DrWilken; 2010-01-03 at 10:57.
 
Reply
Page 3 of 4 12 3 4

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 12:17.

Contact Us - Home - Archive - Top