Re: Ports/Protocols that have to be open for SSHD?

From: Hactar (ebenONE_at_tampabay.ARE-ARE.com.unmunge)
Date: 09/06/03

• Previous message: Nico Kadel-Garcia: "Re: SSH Session administrating"
• In reply to: zeroK: "Re: Ports/Protocols that have to be open for SSHD?"
• Next in thread: David Kempe: "Re: Ports/Protocols that have to be open for SSHD?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 06 Sep 2003 16:16:30 GMT

In article <3f597b16$1@news.uni-klu.ac.at>, zeroK <cf.zerok@gmx.net> wrote:
> Hactar wrote:
> > In article <3f590e5a$1@news.uni-klu.ac.at>, zeroK <cf.zerok@gmx.net> wrote:
> >
> >>Sorry if this has been asked multiple times, but I couldn't find it
> >>anywhere. Which ports /icmp-types have to be open on a server so that
> >>SSH connection attempts can succeed?
> >
> > That's all I have (I believe), and ssh and scp work.
> >
> >>Currenty I only have tcp 22 open which leads to a timeout.
> >
> > Maybe your timeout is due to something else, like tcpwrappers trying to
> > verify the source's hostname through DNS?
>
> Nope, I'm now , after some more playing with iptables, sure, that there
> has to be another tcp port. If I open the OUTPUT chain completely I can
> connect from other machines. But if I only have tcp22 open I get the
> timeout again :-?

Dunno what it could be. Try a binary search, with the first division at
1023/1024, then 511/512, and so on. At each step, try ssh. Should only take
10 tries, more if you want verification.

-- 
-eben    ebQenW1@EtaRmpTabYayU.rIr.OcoPm    home.tampabay.rr.com/hactar
CANCER:  The position of Jupiter says that you should spend the
rest of the week face down in the mud.  Try not to shove a roll of
duct tape up your nose when taking your driver's test.  -- Weird Al

---

• Previous message: Nico Kadel-Garcia: "Re: SSH Session administrating"
• In reply to: zeroK: "Re: Ports/Protocols that have to be open for SSHD?"
• Next in thread: David Kempe: "Re: Ports/Protocols that have to be open for SSHD?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: can not ping hostnames ... Anytime you are trying to ping by hostname, the name needs to be resolved to ... Otherwise, verify your ... DNS \WINS settings. ... (microsoft.public.win2000.ras_routing) Re: can not ping hostnames of other subnet ... Anytime you are trying to ping by hostname, the name needs to be resolved to ... Otherwise, verify your ... DNS \WINS settings. ... (microsoft.public.win2000.ras_routing) Re: adding a second nic ... > internal Active Directory domain zone. ... with a gateway of 192.168.1.1 and assign it in DNS as a domain name ... and use that as my internet connection ... on 192.168.1.200 called outside, with hostname ohostname. ... (microsoft.public.win2000.dns) Re: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems ... | because it's a way DHCP and DNS are supposed to work and it's ... firmware simply doesn't validate any further Hostname given to it, ... this flaw allows to corrupt the local zone file ... (Bugtraq) Re: Cannot request computer certificate. ... Windows Server 2003 SP1 ... >> and verify that you can get a computer/server certificate from it. ... >> Kerberos, or dns. ... >> List of NetBt transports currently bound to the Redir ... (microsoft.public.windows.server.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2003-09