y010
September 6, 2017, 6:54pm
#1
hello
i installed recently the open ssh server and client
sudo apt-get install openssh-server openssh-client
but it shows me connection refused
root@host:/home/user# ssh -D 1080 10.0.2.15
ssh: connect to host 10.0.2.15 port 22: Connection refused
i tried to put this in iptables
sudo iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT
but the result doesn’t change…
in sudo iptables -L -n it shows
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
systemctl status sshd is running ( active)
i changed the port to 2222
root@host:/home/user# sudo nano /etc/ssh/sshd_config
root@host:/home/user# sudo service ssh force-reload
root@host:/home/user# ssh user@10.0.2.15 -p 2222
ssh: connect to host 10.0.2.15 port 2222: Connection refused
i put the ip and the port in the section of port forwanding in the router
and i changed this sudo nano /etc/tor/torrc i put Socks5Proxy 127.0.0.1:1080 ( is it correct?)
i don’t know what i am missing …
linux, lynx
ssh, openssh
14.04, ssh
pookie
September 6, 2017, 7:19pm
#2
Can you copy/paste your ssh_config and sshd_config files? Both should be edited to reflect the port you’re choosing to use, and if you’re trying to log in as root then your configurations have to be such that that is allowed.
0brand
September 7, 2017, 10:01am
#3
Hi @y010
Could be a uwt
issue. This thread may be helpful:
prejudice people would like to create a connection between a workstation vm whonix and my pc, and after I figured out how to do. create a tunnel between my workstatione and a remote server, but before that I’m having trouble, first I would like to confirm that the command
ssh remote_username@remote_host
remote user is created for the user on the server ssh? in my case FreeSSHd tab users, and remote host is by user name or IP of the machine ?, and here is my question which ip? the inside? if I …
y010
September 7, 2017, 10:39am
#4
hello
thanks for your reply
here we go
This is the ssh client system-wide configuration file. See
ssh_config(5) for more information. This file provides defaults for
users, and the values can be changed in per-user configuration files
or on the command line.
Configuration data is parsed as follows:
1. command line options
2. user-specific file
3. system-wide file
Any configuration value is only changed the first time it is set.
Thus, host-specific definitions should be at the beginning of the
configuration file, and defaults at the end.
Site-wide defaults for some commonly used options. For a comprehensive
list of available options, their meanings and defaults, please see the
ssh_config(5) man page.
Host *
ForwardAgent no
ForwardX11 no
ForwardX11Trusted yes
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication yes
HostbasedAuthentication no
GSSAPIAuthentication no
GSSAPIDelegateCredentials no
GSSAPIKeyExchange no
GSSAPITrustDNS no
BatchMode no
CheckHostIP yes
AddressFamily any
ConnectTimeout 0
StrictHostKeyChecking ask
IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
Port 22
Protocol 2,1
Cipher 3des
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
EscapeChar ~
Tunnel no
TunnelDevice any:any
PermitLocalCommand no
VisualHostKey no
RekeyLimit 1G 1h
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
and this is the sshd_config file
Package generated configuration file
See the sshd_config(5) manpage for details
What ports, IPs and protocols we listen for
Port 2222
Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
Logging
SyslogFacility AUTH
LogLevel INFO
Authentication:
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
Don’t read the user’s ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
similar for protocol version 2
HostbasedAuthentication no
Uncomment if you don’t trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
Change to yes to enable challenge-response passwords (beware issues with
some PAM modules and threads)
ChallengeResponseAuthentication no
Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
do you see anything wrong?
thanks
PS: i’m sorry about this , i can’t change the letter size
y010
September 7, 2017, 11:01am
#5
hi thanks for your reply
i was searching info and i found this too
On the Stream Isolation page, there is a list of applications that are pre-configured to use uwt wrappers. Follow the instructions below in order to disable this.
The following instructions permanently deactivate all uwt wrappers and remove stream isolation for uwt wrapped applications system-wide. Consequently, all uwt wrapped applications revert to the default system networking configuration.
If you want more granular control of uwt wrapper deactivation, see Stream_Isolation#Deactivate_uwt_Stream_Isolation_Wrapper.
Open /etc/uwt.d/50_user.conf in an editor with root rights.
If you are using a graphical Whonix or Qubes-Whonix, run.
[select code]
kdesudo kwrite /etc/uwt.d/50_user.conf
If you are using a terminal-only Whonix, run.
[select code]
sudo nano /etc/uwt.d/50_user.conf
Add.
[select code]
uwtwrapper_global=“0”
Save and exit.
in my case i want to create a connection between gateway and workstation vm ( in the gateway i want to create the tunnel ssh)
pookie
September 7, 2017, 5:05pm
#6
Hi!
Something just occurred to me - are you attempting to access Whonix from another VM or from your host machine? Because if you want to SSH to a guest from its host, you’ll have to configure your network a little differently . Someone with more intimate understanding of Whonix will have to chime in and address the potential security concerns of doing this, assuming there are any - I just don’t know enough to say.
y010
September 7, 2017, 5:33pm
#7
Hi
Thanks for reply C:
I am trying to connect the gateway and the Workstation with the purpose to redirect the traffic (tunnel ssh+tor )
Both are vm
Well, don’t worry you’re helping me a lot =)
If someone wants to Join the conversation
He/she is welcome
0brand
September 7, 2017, 9:51pm
#8
Hi @y010
Unfortunately I can’t offer you much help with this as I do not use SSH with Whonix.
The best advice I can give you would be to remove the Whonix specific part of your question as per https://whonix.org/wiki/Support#Free_Support_Principle .
If you are able to to that you can focus on just getting SSH to connect. You may be able to find more people to help you with that on Unix and Linux Stack Exchange or other Help forums. ; )
2 Likes