-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Mar 31, 2016 at 01:27:35PM +0100, Lisi Reisz wrote: > Great! Thankl you! I now have a starting point for my questions. > > On Thursday 31 March 2016 12:28:57 to...@tuxteam.de wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On Thu, Mar 31, 2016 at 12:43:49PM +0100, Lisi Reisz wrote: > > > I want all the computers on my private network to be able to shh into > > > each other. In Jessie, what do I have to do where in what config file? > > > Presumably some port is shut?? > > > Since your question was pretty general, I preferred to go with a terse, > > bird's perspective answer. Let's tackle the details when they come up. > > Great! Thankl you! I now have a starting point for my questions. > > > > 0. Each computer should be able to "see" port 22 (ssh) of each other's > > (I'm assuming you go with the default port for ssh, this can be > > changed, but I wouldn't do that without some reason) > > How do I check this? I suspect that it may be the problem, so the problem > may > in fact be on the computer I want to ssh from, if the Jessie computer cannot > see it? Oh! Let us use their names. the computer running Wheezy is called > Tux-II. The computer running Jessie is called Eros. > > > 1. Each computer should have an SSH server running (on Debian that would > > be package openssh-server: in Debian it has priority "optional": I'd > > double-check that it's installed) > > It is installed. How do I check that it is running?
By default it will be running when installed. To double-check that there are several ways to do it: tomas@rasputin:~$ ps wwwaux | grep sshd root 3224 0.0 0.0 55336 3364 ? Ss 12:53 0:00 /usr/sbin/sshd tomas 8721 0.0 0.0 7960 736 pts/4 S+ 14:48 0:00 grep sshd ...there you see the sshd process on my box running and willing to serve. Or this: tomas@rasputin:~$ sudo netstat -antp | grep sshd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3224/sshd tcp6 0 0 :::22 :::* LISTEN 3224/sshd ...here you see sshd on my box listening on port 22 and willing to play. But I think you're already past that point, see below. > > 3. To connect, you need also an openssh-client (since this has priority > > "standard" n Debian, chances are that it's there already) > > It is installed and running. I can ssh from Eros, but not into it. If I > just > try to ssh from Tux-II to Eros, I get the error "Could not connect to host > 192.168.0.4.". I'm actually "fish"ing, but same difference. > > I get a more helpful message form ssh: > lisi@Tux-II:~$ ssh peter@192.168.0.4 > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that a host key has just been changed. > The fingerprint for the ECDSA key sent by the remote host is > d9:2e:38:29:07:f8:8a:6d:4b:dd:28:60:ad:c9:e5:a3. > Please contact your system administrator. > Add correct host key in /home/lisi/.ssh/known_hosts to get rid of this > message. > Offending ECDSA key in /home/lisi/.ssh/known_hosts:3 > ECDSA host key for 192.168.0.4 has changed and you have requested strict > checking. > Host key verification failed. > lisi@Tux-II:~$ Ah, yes. That means that Eros's (that is 192.168.0.4, right?) "ssh host key" has changed. Every host gets a "host key" the first time its ssh server is set up (usually assigned by random), which it presents to the client as an identification [1]. The client itself registers it the first time it sees it and yells bloody murder if that ever changes: that's what you are seeing above. Someone nasty is impersonating your good old Eros. If you know Eros has just "changed personality", you just have to delete the record your ssh client has on Tux-II of that old host key. The text above tells you where: it's in /home/lisi/.ssh/known_hosts, line 3. The next time you ssh into Eros you'll get a notice that Eros isn't known and whether to trust it -- from then on it's as before. > Previously (under Wheezy) using Fish, I have been getting the first part of > the message and asked if I want to accept the new identification. Fish > presumably then edited the file. So I need static IPs fast! or a hosts > file? I have some learning to do. Static IPs I have no problem over, I just > need to do it. It clearly needs to move up my priority list. (New router. > reserved MAC numbers not yet set up in teh DHCP section.) Basically it hasn't much to do with that -- only that your SSH clients (be it fish, be it ssh) associate the host name/IP address they see with the host keys. Of course, if the IPs keep changing, then they have a moving target, and you'll have a difficult life :-) > I have to go now, but I think you have solved it!! (I hadn't researched how > to use ssh itself. :-( I was scared of it. :-( ) If you aren't scared of shell, you should easily make friends with ssh. It's a very nice fellow :-) > Thank you. I'll continue later! > > I'm most grateful, Tomas. You're most welcome :-) - - - - - [1] It presents the "public" part of the key -- and keeps the private part to itself, to be more precise. regards - -- t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlb9GWcACgkQBcgs9XrR2kaB2wCfa3WfNbWFUsrxcp/OhI+1jSP1 rzIAnRnhUtw/m0+t1LJ6SC8NcskcObmw =Mw74 -----END PGP SIGNATURE-----
