VectorLinux
October 01, 2014, 06:22:37 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1] 2
  Print  
Author Topic: SSH and WICD-CLIENT and strange shenanigans [SOLVED]  (Read 1920 times)
Rytz
Member
*
Posts: 59



« on: February 24, 2010, 03:31:29 am »

Greetings:

This seems like a strange problem but I am a linux noob so it's highly possible I'm missing something simple.

Basically, when I log in as a standard user, I'm able to pull an IP and get on the internet fine.

In regards to SSH, however, I can only SSH to the machine from LOCALHOST (SSH'ing from the same machine to the same machine), not over the LAN or WAN from other computers.

Now, If I restart the network by using "WICD Network Manager" through KDE (or WICD-CLIENT from the command line) after logging in, the SSH problem will then be fixed and the world is safe once again.

I noticed that KDE is autostarting the WICD-CLIENT by using "/etc/xdg/autostart/wicd-tray.desktop".  I tried moving that out temporarily and starting the WICD service by adding it to he startup services for rc4 but that didn't help.  If KDE doesn't start WICD-CLIENT then the network doesn't work at all (completely dead).

Any thoughts?  I'm guessing I need to run some other network scripts since I'm trying to get the network working outside of KDE?  It seems like SSH should be working without having to log in to the desktop at all.

I also tried removing the startup file option for starting after the tray / panel (X-KDE-autostart-after=panel)  - no luck there.

Thanks much.
« Last Edit: March 04, 2010, 02:49:22 am by Rytz » Logged

~ Rytz
M0E-lnx
Administrator
Vectorian
*****
Posts: 3180



« Reply #1 on: February 24, 2010, 08:10:12 am »

never heard of such a problem.

Which version of VL is this?
have you installed any special firewall program or rules after the installation?
Logged

Rytz
Member
*
Posts: 59



« Reply #2 on: February 24, 2010, 08:34:49 am »

never heard of such a problem.

Which version of VL is this?
have you installed any special firewall program or rules after the installation?

I'm running Vector Linux Light 6.0.  Haven't had any other significant issues except sound and those are resolved.

I haven't set up any firewill stuff that I know of.  I haven't seen the firewall script in init.d being called from any startup scripts in rc.d/rc# and I haven't seen it listed during the boot process.  Is the firewall automatically run by VL somewhere else?

In rc.M, I saw rc.paranoid being called.  I tried booting with the call to that script commented but I still have the same problem.

Thanks.
Logged

~ Rytz
nightflier
Administrator
Vectorian
*****
Posts: 4024



« Reply #3 on: February 24, 2010, 10:33:14 am »

I'm drawing a blank as well.

Did you add KDE to Light using gslapt?
It may be worth trying KDE-Classic instead, as it's a more tested, better known setup.
Logged
newt
Vectorian
****
Posts: 1132



« Reply #4 on: February 24, 2010, 10:59:15 am »

I just tested a similar scenario to see if I could recreate the trouble. I too had a non connectivity issue arise when trying to connect to VL Light using SSH from another system but as it turns out it was the firewall on the other system causing the problem. As soon as I dropped the firewall on the other system I was able to ssh and ping the VL light system. Perhaps you're running into a similar situation? Can you ping your VL light system from another LAN system?
Logged
Rytz
Member
*
Posts: 59



« Reply #5 on: February 24, 2010, 11:53:52 am »

Thanks for the responses - much appreciated.

Did you add KDE to Light using gslapt?
Actually I might be using the wrong terminology for my GUI - I'm using whatever desktop GUI comes with Vector Light 6.

I just tested a similar scenario to see if I could recreate the trouble. I too had a non connectivity issue arise when trying to connect to VL Light using SSH from another system but as it turns out it was the firewall on the other system causing the problem. As soon as I dropped the firewall on the other system I was able to ssh and ping the VL light system. Perhaps you're running into a similar situation? Can you ping your VL light system from another LAN system?
Well from what I could tell the problem seems to be confined to the Vector Light box, since I could ping the Vector Light box IP from the LAN and WAN but I couldn't SSH to it.  The Vector Light box shares its IP with another laptop (windows) that doesn't have any network problems.  These machines are both behind a router that's already doing port forwarding (already configured for SSH port forwards on Vector Light).

I was talking to a friend of mine that is pretty familiar with linux and he thinks its an initial firewall setup issue.  He showed me the iptables list and thinks it might be initially "rejecting" everything except localhost on bootup - before I manually recreate the network with "wicd-client", which is when SSH magically starts accepting connections from the LAN and WAN.

The weird thing was that I tried commenting out the call to rc.paranoid and still had problems so I feel like there is another firewall hook somewhere - is rc.M the only script that runs rc.paranoid?  I grep'ed my entire drive and didn't find anything else.  Are there any other startup scripts that work with the firewall other than the standard "firewall" script?  Just looking for other hooks to check.

I have to wait till I get home to check more into this and try some stuff out.  If I reboot the system remotely I won't be able to get back in till I get home Smiley.
« Last Edit: February 24, 2010, 11:55:43 am by Rytz » Logged

~ Rytz
nightflier
Administrator
Vectorian
*****
Posts: 4024



« Reply #6 on: February 24, 2010, 12:16:10 pm »

The Vector Light box shares its IP with another laptop

Please describe how your network is set up, as in: do you have a DSL/Cable modem connected to a multi-port hub or some other configuration?
Logged
Rytz
Member
*
Posts: 59



« Reply #7 on: February 24, 2010, 12:37:06 pm »

The Vector Light box shares its IP with another laptop

Please describe how your network is set up, as in: do you have a DSL/Cable modem connected to a multi-port hub or some other configuration?

[DSL  Modem]
    --> [Router: standard 4 port wired + wireless (not used)]
         --> [Vector Light: Static Wired LAN IP: 192.168.1.10]
         --> [WinXP Laptop: Static Wired LAN IP: 192.168.1.11]

All ports are forward correctly.

If I boot up my Vector Light box, log in (through desktop or terminal), try to SSH to this same Vector Light box by using its LAN or WAN address, my connection attempt times out.

If I try something like:
Code:
ssh localhost
Code:
ssh 127.0.0.1

The SSH will work with the localhost addresses.  LAN or WAN addresses don't.  This applies to me using other machines to SSH to this Vector Light box as well, but obviously its not the same machine in those cases, so localhost doesn't apply.

This entire problem goes away once I force a reconnect to the wired network through the desktop WICD Network Manager (or wicd-client).

Hope this helps.  Does sound like a firewall issue to me the more I think about it.  When I get home tonight I'm going to reboot and take a look at "iptables --list" and see how it's configured right after a boot.  Hopefully it will say the policies are rejected so I can just figure out how to change the stored boot settings or find out what is setting them every time VL boots up.
« Last Edit: February 24, 2010, 12:40:55 pm by Rytz » Logged

~ Rytz
M0E-lnx
Administrator
Vectorian
*****
Posts: 3180



« Reply #8 on: February 24, 2010, 02:11:00 pm »

What exactly are you tying at the command line to access your VL box via ssh?
you should be doing
Code:
ssh 192.168.1.10
  (Ip per your post)
from a computer within your network. If the ssh server is running on the vl box, it should respond.

If it doesn't, find the firewall script, and do a
Code:
chmod -x
on it and reboot.

If that doesn't work then I dont know what will and you should set the +x flag back on the firewall script.
Logged

Rytz
Member
*
Posts: 59



« Reply #9 on: February 24, 2010, 02:28:00 pm »

Thanks for the reply M0E - I'll try that on the scripts that I know of when I get home.

What are the possible "default" scripts included with the Vector Light distro?  I've seen "firewall" in "/etc/rc.d/init.d" and "rc.paranoid" in "/etc/rc.d".

What other stuff should I look out for?
Logged

~ Rytz
Rytz
Member
*
Posts: 59



« Reply #10 on: February 25, 2010, 02:25:09 am »

Did some more testing tonight but didn't have much luck.  In the end the problem still exists.

Some things I've tried:

  • Made rc.firewall, init.d/firewall, and rc.paranoid all non-runnable.  I don't see anything firewall-based starting up.
  • Made my own startup script (rc4) to ensure iptable was granting full open access to INPUT, OUTPUT, and FORWARD

Something I did notice, however, was that when I first open up the WICD Network Manager after booting to the GUI (to restart the network), it says on the status bar on the bottom of the window that I'm NOT connected.  It says this even though I am connected to the network and able to access the net.  So my network is being created but WICD is not seeing it?  Any thoughts?

Thanks.
« Last Edit: February 25, 2010, 02:27:11 am by Rytz » Logged

~ Rytz
nightflier
Administrator
Vectorian
*****
Posts: 4024



« Reply #11 on: February 25, 2010, 05:26:33 am »

Well, even if we don't know why this is, we can try a workaround by getting wicd to load automatically and connect.

First step is to start the wicd daemon:
Click Menu > System > VASM System Administration > Super > Service > Srvset > 4 Graphichal user interface desktop > check the box for wicd > OK > Cancel until you're out.

Second, launch the client:
In your home folder, there is a hidden directory, .icewm (note the leading dot). Inside it is a file named startup. Add these two lines to the end of it:
Code:
sleep 3
wicd-client

Step by step terminal usage for editing the file:
Code:
mcedit ~/.icewm/startup
(edit the file)
press F2 to save
press F10 to exit

Reboot and see what happens.
Logged
M0E-lnx
Administrator
Vectorian
*****
Posts: 3180



« Reply #12 on: February 25, 2010, 04:24:01 pm »

I really think the iptables thing is too far. I have a network with 3 machines when 2 of them run vl and one runs windows. I never needed to Jack with iptables until I had to setup one of my Linux boxes as a router and file/print server. I don't see why you should need special rules in your iptables just for SSH access from within your LAN
Logged

newt
Vectorian
****
Posts: 1132



« Reply #13 on: February 25, 2010, 06:32:29 pm »

Since you're using the wicd-client for configuring your network you need to make sure the wicd daemon is running upon boot so the client can establish the network connection without first requiring a physical login and manual initiation of the wicd-client.  Enabling this via 'vasm/super/service/srvset/your_init_level' is probably the easiest way.  I have a feeling the issues you're running into are related to the wicd daemon-to-client communication, but may very well be wrong.

Better yet, since you're VL system is in a permanent location with a static IP address you should set the system to configure the network without using wicd (daemon or client).  You should just be able to add the following commands to the appropriate startup script:
/sbin/ifconfig eth0 192.168.1.10 netmask 255.255.255.0 up
/sbin/route add default gw 192.168.1.1
Logged
Rytz
Member
*
Posts: 59



« Reply #14 on: February 27, 2010, 01:12:19 pm »

Thanks for the replies and help - I didn't have much time to screw around with this stuff on the later part of the week but I'm going to try these suggestions out tonight.  I'll post my results.  Thanks again!
Logged

~ Rytz
Pages: [1] 2
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!