Re: ssh-ing in inside private network

[Lisi Reisz <lisi.reisz@gmail.com>]

Great!  Thankl you!  I now have a starting point for my questions.

On Thursday 31 March 2016 12:28:57 tomas@tuxteam.de wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, Mar 31, 2016 at 12:43:49PM +0100, Lisi Reisz wrote:
> > I want all the computers on my private network to be able to shh into
> > each other.  In Jessie, what do I have to do where in what config file?
> > Presumably some port is shut??

> Since your question was pretty general, I preferred to go with a terse,
> bird's perspective answer. Let's tackle the details when they come up.

Great!  Thankl you!  I now have a starting point for my questions.
>
> 0. Each computer should be able to "see" port 22 (ssh) of each other's
>    (I'm assuming you go with the default port for ssh, this can be
>    changed, but I wouldn't do that without some reason)

How do I check this?  I suspect that it may be the problem, so the problem may 
in fact be on the computer I want to ssh from, if the Jessie computer cannot 
see it?  Oh!  Let us use their names.  the computer running Wheezy is called 
Tux-II.  The computer running Jessie is called Eros.

> 1. Each computer should have an SSH server running (on Debian that would
>    be package openssh-server: in Debian it has priority "optional": I'd
>    double-check that it's installed)

It is installed.  How do I check that it is running?

> 3. To connect, you need also an openssh-client (since this has priority
>    "standard" n Debian, chances are that it's there already)

It is installed and running.  I can ssh from Eros, but not into it.  If I just 
try to ssh from Tux-II to Eros, I get the error "Could not connect to host 
192.168.0.4.".  I'm actually "fish"ing, but same difference.

I get a more helpful message form ssh:
lisi@Tux-II:~$ ssh peter@192.168.0.4
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
d9:2e:38:29:07:f8:8a:6d:4b:dd:28:60:ad:c9:e5:a3.
Please contact your system administrator.
Add correct host key in /home/lisi/.ssh/known_hosts to get rid of this 
message.
Offending ECDSA key in /home/lisi/.ssh/known_hosts:3
ECDSA host key for 192.168.0.4 has changed and you have requested strict 
checking.
Host key verification failed.
lisi@Tux-II:~$

Previously (under Wheezy) using Fish, I have been getting the first part of 
the message and asked if I want to accept the new identification.  Fish 
presumably then edited the file.  So I need static IPs fast!  or a hosts 
file?  I have some learning to do.  Static IPs I have no problem over, I just 
need to do it.  It clearly needs to move up my priority list.  (New router.  
reserved MAC numbers not yet set up in teh DHCP section.)

I have to go now, but I think you have solved it!!  (I hadn't researched how 
to use ssh itself.  :-(  I was scared of it. :-(  )

Thank you.  I'll continue later!

I'm most grateful, Tomas.

Lisi



>    You can check all these three by trying from each host "ssh
> user@the-other-host" and studying the responses.
>
> Since your question was pretty general, I preferred to go with a terse,
> bird's perspective answer. Let's tackle the details when they come up.