The server is under Debian 14.04 so there is no systemctl command... We really need to get it straight asap
Thank you very much for the link, I dig this way
Thank you very much for the link, I dig this way
- Welcome to Networking-Forums.com.
We're Here to Help!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Management Tools / Re: [cron.d] What does `0 0 * * * root invoke-rc.d atop _cron` do?
January 30, 2022, 11:13:05 AM #2
Management Tools / Re: [cron.d] What does `0 0 * * * root invoke-rc.d atop _cron` do?
January 30, 2022, 09:44:30 AM
So everything after invoke-rc.d is launched, that is both atop and _cron?
It's mainly the _cron part that I can't figure out what it is. Actually, this is in a file under /etc/cron.d (the admin left and we try to understand what he did...)
It's mainly the _cron part that I can't figure out what it is. Actually, this is in a file under /etc/cron.d (the admin left and we try to understand what he did...)
#3
Management Tools / [cron.d] What does `0 0 * * * root invoke-rc.d atop _cron` do?
January 30, 2022, 04:15:18 AM
The invoke-rc.d call is for SystemV, atop is to monitor the load, but what is _cron in this command?
#4
Routing and Switching / Re: [tunneling] how to set up a reverse ssh tunnel on a Vps in the cloud?
December 21, 2021, 10:13:19 AM
Fixed. It seems that GatewayPorts yes was missing in my /etc/ssh/sshd_config, but I changed so many things I don't remember well what went wrong...
Thank you for you insights
Thank you for you insights
#5
Routing and Switching / Re: [tunneling] how to set up a reverse ssh tunnel on a Vps in the cloud?
December 20, 2021, 05:21:14 AM
It could be: my daily drive is behind an homemade router running an homemade iptables firewall. The router is a converted old computer, just to train with networking configuration. Here are the rules:
Do you see anything wrong? Once the tunnel is open from my Pc and that I try to connect to it from the router, I get the message:
And when I try to open the tunnel from the router instead of my Pc, I get:
The ssh service on the router asks for a key, so opening port 22 shouldn't be too dangerous. But I'll change the port when I get it to work, thank you for the advice
Code Select
#!/bin/sh
#
# firewall.sh
# WAN and LAN interfaces
IFACE_LAN=enp2s0
IFACE_WAN=enp0s29f7u7
IFACE_LAN_IP=172.168.1.0/24
# Accept all
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t nat -P INPUT ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t mangle -P INPUT ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P FORWARD ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
# Reset the counters
iptables -t filter -Z
iptables -t nat -Z
iptables -t mangle -Z
# Delete all active rules and personalized chains
iptables -t filter -F
iptables -t filter -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Default policy
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Trust ourselves
iptables -A INPUT -i lo -j ACCEPT
# Ping
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
# Established connections
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
# SSH
iptables -A INPUT -p tcp -i $IFACE_LAN --dport 22 -j ACCEPT
#iptables -A INPUT -p tcp -i $IFACE_WAN --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i $IFACE_WAN --sport 10000 -j ACCEPT
iptables -A INPUT -p tcp -i $IFACE_WAN --dport 10000 -j ACCEPT
iptables -A INPUT -p tcp -i $IFACE_LAN --dport 10000 -j ACCEPT
iptables -A INPUT -p tcp -i $IFACE_LAN --sport 10000 -j ACCEPT
# Dnsmasq
iptables -A INPUT -p tcp -i $IFACE_LAN --dport 53 -j ACCEPT
iptables -A INPUT -p udp -i $IFACE_LAN --dport 53 -j ACCEPT
iptables -A INPUT -p udp -i $IFACE_LAN --dport 67:68 -j ACCEPT
# TCP
iptables -A INPUT -p tcp -i $IFACE_LAN --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -i $IFACE_WAN --dport 80 -j ACCEPT
# Packet forwarding activation
iptables -t nat -A POSTROUTING -o $IFACE_WAN -s $IFACE_LAN_IP -j MASQUERADE
sysctl -q -w net.ipv4.ip_forward=1
# NFS
iptables -A INPUT -p tcp -i $IFACE_LAN --dport 2049 -j ACCEPT
# Log refused packets
iptables -A INPUT -m limit --limit 2/min -j LOG --log-prefix "IPv4 packet rejected ++ "
iptables -A INPUT -j DROP
# Save the configuration
service iptables save
Do you see anything wrong? Once the tunnel is open from my Pc and that I try to connect to it from the router, I get the message:
Code Select
$ ssh -v -i vps-ssh-key -p 10000 user@vps-public-ip
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 63: Applying options for *
debug1: Connecting to vps-public-ip [vps-public-ip] port 10000.
debug1: connect to address vps-public-ip port 10000: Connection refused
ssh: connect to host vps-public-ip port 10000: Connection refused
And when I try to open the tunnel from the router instead of my Pc, I get:
Code Select
$ ssh -v -i vps-ssh-key vps-public-ip -R 10000:localhost:22
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 63: Applying options for *
debug1: Connecting to vps-public-ip [vps-public-ip] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa_aws_testnewkey type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa_aws_testnewkey-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to vps-public-ip:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Iq1fqtCCAmkyRHf4nZjmumg4nsUMiU9b3W58pTf/Y+Q
debug1: Host 'vps-public-ip' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/id_rsa_key
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
The ssh service on the router asks for a key, so opening port 22 shouldn't be too dangerous. But I'll change the port when I get it to work, thank you for the advice
#6
Forum Lobby / Re: New Member Introductions Thread
December 20, 2021, 04:48:08 AM
Hello, my name is Thomas and I'm a Linuxoholic...
Seriously, I'm following a PhD in antenna numerical simulation and loved to write scripts to send the code, compile, run the program, and fetch the traces on the super-calculator. This is how I stepped into the Sysadmin world.
Little by little, I enjoyed working with Linux more than the topic of my studies and started to follow moocs and courses over the Internet. The thesis is almost done now and I'm looking for a job in the IT field.
And I'm from Nice in southern France (350 sunny days a year, and 15.25 days of Biblical downpour...)
Seriously, I'm following a PhD in antenna numerical simulation and loved to write scripts to send the code, compile, run the program, and fetch the traces on the super-calculator. This is how I stepped into the Sysadmin world.
Little by little, I enjoyed working with Linux more than the topic of my studies and started to follow moocs and courses over the Internet. The thesis is almost done now and I'm looking for a job in the IT field.
And I'm from Nice in southern France (350 sunny days a year, and 15.25 days of Biblical downpour...)
#7
Routing and Switching / [tunneling] how to set up a reverse ssh tunnel on a Vps in the cloud?
December 17, 2021, 02:25:31 AM
When I try to open a forward tunnel on my Vps in the cloud, it works:
Then my local web browser shows the page on the Vps by typing the address http:/ /localhost:10000
But the reverse version doesn't work:
The goal would be to connect to my Pc at home from my workplace for example, or the opposite.
Any idea what goes wrong? The port 10000 appears open in the setting webpage of the Vps, and in file /etc/ssh/sshd_config both ports 22 and 10000 are explicitly open too.
Code Select
ssh -p 22 -i mykey user@vps-public-ip -L 10000:vps-private-ip:80
Then my local web browser shows the page on the Vps by typing the address http:/ /localhost:10000
But the reverse version doesn't work:
Code Select
ssh -p 22 -i mykey user@vps-public-ip -R 10000:localhost:22
The goal would be to connect to my Pc at home from my workplace for example, or the opposite.
Any idea what goes wrong? The port 10000 appears open in the setting webpage of the Vps, and in file /etc/ssh/sshd_config both ports 22 and 10000 are explicitly open too.
Pages1