Re: ssh-ing in inside private network

To: debian-user@lists.debian.org
Subject: Re: ssh-ing in inside private network
From: Lisi Reisz <lisi.reisz@gmail.com>
Date: Tue, 31 May 2016 23:27:36 +0100
Message-id: <[🔎] 201605312327.36114.lisi.reisz@gmail.com>
In-reply-to: <[🔎] 20160531215130.7aceff0f@jresid.jretrading.com>
References: <201603311243.49293.lisi.reisz@gmail.com> <[🔎] 201605312031.32141.lisi.reisz@gmail.com> <[🔎] 20160531215130.7aceff0f@jresid.jretrading.com>

On Tuesday 31 May 2016 21:51:30 Joe wrote:
> On Tue, 31 May 2016 20:31:32 +0100
>
> Lisi Reisz <lisi.reisz@gmail.com> wrote:
> > -----------------------------------------------
> > Now to do what I really wanted to do all along, and ssh in to run
> > level one as root:
> >
> > lisi@Tux-II:~$ ssh root@192.168.0.5
> > ssh: connect to host 192.168.0.5 port 22: No route to host
> > lisi@Tux-II:~$ ssh lisi@192.168.0.5
> > -------------------------------------------------------
> >
> > Help!!  This was the point of the whole exercise.  I want CLI only
> > (no X running) access to the Ubuntu installation on Hermes.
> >
> > Where next?????
>
> Sorry, I delete blocks of messages now and then and I don't have any of
> this thread.
>
> The 'No route to host' for root only looks odd. This is of course a
> routing message. If I try to login as root on a server where root isn't
> permitted to login, I get a straightforward 'Permission denied' message.
>
> Can you try nmap 192.168.0.5 -p 22 both as lisi and as root? This will
> test both routing and firewall rules of client and server, and the
> correct answer should be approximately:
>
>
> $ nmap 192.168.101.3 -p 22
>
> Starting Nmap 7.12 ( https://nmap.org ) at 2016-05-31 21:09 BST
> Nmap scan report for server.jretrading.com (192.168.101.3)
> Host is up (0.00045s latency).
> PORT   STATE SERVICE
> 22/tcp open  ssh
>
> Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds
>
> and really ought to be pretty much the same for root and non-root
> users, except that root is also given the MAC address of the machine. If
> there is another difference, and there must be, then we can go from
> there. With out-of-the-box Debian machines, this should all Just Work,
> but it may be that Ubuntu is being 'helpful'.
>
> nmap is not of course attempting to login, so the only part of the
> server sshd_config which is being tested is the interface and port
> specification. There are other configurations of both client and server
> which can interfere, and we hope to identify any such problems arising.
>
> But can you really not use a non-root user for ssh? I don't have root
> ssh access to my (no X) server, but it doesn't stop me doing things to
> it.

In answer to John and Joe (thank you, John and Joe)

lisi@Tux-II:~$ ssh lisi@192.168.0.5
ssh: connect to host 192.168.0.5 port 22: No route to host
lisi@Tux-II:~$ nmap 192.168.0.5 -p 22

Starting Nmap 6.00 ( http://nmap.org ) at 2016-05-31 23:11 BST
Note: Host seems down. If it is really up, but blocking our ping probes, 
try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.02 seconds
lisi@Tux-II:~$ nmap 192.168.0.5 -Pn 22

Starting Nmap 6.00 ( http://nmap.org ) at 2016-05-31 23:11 BST
Invalid target host specification: 22
<yes, 22 is  a port not a host :-/ >
Nmap scan report for 192.168.0.5
Host is up (0.097s latency).
All 1000 scanned ports on 192.168.0.5 are filtered

Nmap done: 1 IP address (1 host up) scanned in 14.30 seconds
lisi@Tux-II:~$ su
Password:

root@Tux-II:/home/lisi# nmap 192.168.0.5 -p 22

Starting Nmap 6.00 ( http://nmap.org ) at 2016-05-31 23:13 BST
Note: Host seems down. If it is really up, but blocking our ping probes, 
try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.50 seconds
root@Tux-II:/home/lisi# nmap 192.168.0.5 -Pn

Starting Nmap 6.00 ( http://nmap.org ) at 2016-05-31 23:14 BST
Nmap done: 1 IP address (0 hosts up) scanned in 0.52 seconds
root@Tux-II:/home/lisi# nmap 192.168.0.5 -Pn 22
<the wrong 22 made it scan more ports klast time, so lets try it>

Starting Nmap 6.00 ( http://nmap.org ) at 2016-05-31 23:14 BST
Invalid target host specification: 22
Nmap done: 1 IP address (0 hosts up) scanned in 0.50 seconds
root@Tux-II:/home/lisi# su lisi
lisi@Tux-II:~$ ssh lisi@192.168.0.5
ssh: connect to host 192.168.0.5 port 22: No route to host
lisi@Tux-II:~$ 

So I tried again as me, with the 22 correctly omitted.  There was a slight 
delay, and I got:

lisi@Tux-II:~$ nmap 192.168.0.5 -Pn

Starting Nmap 6.00 ( http://nmap.org ) at 2016-05-31 23:20 BST
Nmap scan report for 192.168.0.5
Host is up (0.093s latency).
All 1000 scanned ports on 192.168.0.5 are filtered

Nmap done: 1 IP address (1 host up) scanned in 14.18 seconds
lisi@Tux-II:~$

So, even when correctly entered, it agrees with me that one host is up.  So, 
in spite of the error messages, the host is up.  And it would appear that it 
is correctly recognising the network.  Have the ssh server and client perhaps 
not been started?  Are they not started at level one?  

Now to do man nmap as I should have done before copying and pasting!!

Incidentally, John, "face to face" as it were, it will only let me log in as 
root in that level, which is why I was trying to do so.  "Enter root password 
for maintenance."

Lisi

Lisi

Reply to:

References:
- Re: ssh-ing in inside private network
  - From: Lisi Reisz <lisi.reisz@gmail.com>
- Re: ssh-ing in inside private network
  - From: Joe <joe@jretrading.com>

Prev by Date: Re: ssh-ing in inside private network
Next by Date: Re: ssh-ing in inside private network
Previous by thread: Re: ssh-ing in inside private network
Next by thread: Re: ssh-ing in inside private network
Index(es):
- Date
- Thread