Remote ssh access

Quote:

Originally Posted by Satoorn

Íîñîì ìîæåòå òêíóòü â ìîþ îøèáêó? Èëè âû ìîè 2 ïîñëåäíèõ ïîñòà äàæå íå ïðî÷èòàëè?

Èçó÷àåì ÷òî òàêîå NAT è DMZ è ñðàçó ïîéìåòå ÷òî ó âàñ è êóäà èñ÷åçàåò

Quote:

Originally Posted by TReX

Èçó÷àåì ÷òî òàêîå NAT è DMZ è ñðàçó ïîéìåòå ÷òî ó âàñ è êóäà èñ÷åçàåò

ß ïîíèìàþ, ÷òî ïîñëàòü ÷èòàòü ìàíû ýòî ïðîñòîé âàðèàíò, ïîìî÷ü æå òÿæåëåå. Ïëþñ ó ìåíÿ íåìíîãî äðóãîé ïðîôèëü è ÿ òîæå ìîãó âàñ çà ïîÿñ çàòêíóòü, òèïà, ó÷èòå çàêîí îìà èëè ÷òî òàêîå ðàçíîñòü ïîòåíöèàëîâ.
Ñïàñèáî çà ñîâåò, ÿ ïîïðîáóþ ñàì ðàçîáðàòüñÿ, à âàì ñîâåò, ñïóñòèòåñü íà çåìëþ. Åñëè â áëèæàéøåå âðåìÿ íèêòî íå îòâåòèò, ïîòðó ïîñòû, òàê ÷òî êîïèðóéòå äëÿ áàøîðãà. )

Quote:

Originally Posted by Satoorn

ß ïîíèìàþ, ÷òî ïîñëàòü ÷èòàòü ìàíû ýòî ïðîñòîé âàðèàíò, ïîìî÷ü æå òÿæåëåå.

À çà÷åì âû âêëþ÷àåòå ôóíêöèþ, ñîâåðøåííî íå ïîíèìàÿ, êàê îíà ðàáîòàåò? Âû âêëþ÷èëè ïåðåíàïðàâëåíèå ÂÑÅÕ ÂÕÎÄßÙÈÕ ñîåäèíåíèé íà âàøó PS3 è êàêîãî ðåçóëüòàòà âû îæèäàëè? Ó âàñ íà PS3 íà ïîðòó 5222 åñòü ssh?

Quote:

Originally Posted by Satoorn

Ïëþñ ó ìåíÿ íåìíîãî äðóãîé ïðîôèëü è ÿ òîæå ìîãó âàñ çà ïîÿñ çàòêíóòü, òèïà, ó÷èòå çàêîí îìà èëè ÷òî òàêîå ðàçíîñòü ïîòåíöèàëîâ.

:D À íå ïîäñêàæèòå, ïî÷åìó ÿ îïåðàöèîííèê â ðîçåòêó ïèõàþ, õî÷ó óñèñëèòü íàïðóãó èç ðîçåòêè, à îí âçðûâàåòñÿ è ïðîáêè âûøèáàåò? ×òî ÿ äåëàþ íå òàê? :p

Quote:

Originally Posted by Satoorn

Åñëè â áëèæàéøåå âðåìÿ íèêòî íå îòâåòèò, ïîòðó ïîñòû, òàê ÷òî êîïèðóéòå äëÿ áàøîðãà. )

Óäàëèòå, åñëè íå ñëîæíî, èíôû â íèõ íåò, à î÷åíü îáúåìíû. Âû åñëè ÷òî íàäî åùå áóäåò, íå ïèõàéòå ïðîñòûíè â òåêñò, à ïðèêðåïèòå êàê ôàéëû âëîæåíèÿ ;)

Quote:

Originally Posted by smi

À çà÷åì âû âêëþ÷àåòå ôóíêöèþ, ñîâåðøåííî íå ïîíèìàÿ, êàê îíà ðàáîòàåò? Âû âêëþ÷èëè ïåðåíàïðàâëåíèå ÂÑÅÕ ÂÕÎÄßÙÈÕ ñîåäèíåíèé íà âàøó PS3 è êàêîãî ðåçóëüòàòà âû îæèäàëè? Ó âàñ íà PS3 íà ïîðòó 5222 åñòü ssh?

ß îæèäàë, ÷òî èìåííî äëÿ PS3 âñ¸ áóäåò îòêðûòî. Íå õî÷ó ïðîïèñûâàòü îòäåëüíûå ïîðòû, ïðîùå æå çàïèñàòü â DMZ. ß íå ïðàâ?

Quote:

Originally Posted by smi

:D À íå ïîäñêàæèòå, ïî÷åìó ÿ îïåðàöèîííèê â ðîçåòêó ïèõàþ, õî÷ó óñèñëèòü íàïðóãó èç ðîçåòêè, à îí âçðûâàåòñÿ è ïðîáêè âûøèáàåò? ×òî ÿ äåëàþ íå òàê? :p

Ðîçåòêà âûñîêîâîëüòíàÿ ))) Óìåíüøèòå íàïðóãó ðàç â 15.

Quote:

Originally Posted by smi

Óäàëèòå, åñëè íå ñëîæíî, èíôû â íèõ íåò, à î÷åíü îáúåìíû. Âû åñëè ÷òî íàäî åùå áóäåò, íå ïèõàéòå ïðîñòûíè â òåêñò, à ïðèêðåïèòå êàê ôàéëû âëîæåíèÿ ;)

Îê.

ps. smi ñïàñèáî çà ôðàçó "ïåðåíàïðàâëåíèå ÂÑÅÕ ÂÕÎÄßÙÈÕ", ïðîïèñàë â Virtual Server ïîðòû äëÿ íóæíûõ ìíå ñëóæá, à â DMZ ïðîïèñàë PS3, âðîäå âñ¸ ðàáîòàåò. Íàäåþñü ïðàâèëüíî ñäåëàë. ß äóìàë, åñëè ÿ â DMZ ïðîïèøó IP, òî âñå ïîðòû áóäóò îòêðûòû òîëüêî íà í¸ì, à äðóãèå ìàøèíû â ëîêàëüíîé ñåòè áóäóò ðàáîòàòü ïî îñòàëüíûì ïðàâèëàì è DMZ èõ íå çàòðîíåò.

Quote:

Originally Posted by Satoorn

ß îæèäàë, ÷òî èìåííî äëÿ PS3 âñ¸ áóäåò îòêðûòî. Íå õî÷ó ïðîïèñûâàòü îòäåëüíûå ïîðòû, ïðîùå æå çàïèñàòü â DMZ. ß íå ïðàâ?

Äà, òàê îíî è åñòü - âåñü òðàôèê çàâîðà÷èâàåòñÿ íà PS3.
Âñå îñòàëüíûå ïðàâèëà, ïðîïèñàííûå ÏÎÑËÅ DMZ - ïóñòàÿ òðàòà òåêñòà, ïîòîìó, ÷òî íå îáðàáàòûâàþòñÿ ñèñòåìîé ÂÎÎÁÙÅ.
Ýòî âñå ðàâíî, ÷òî íàäåÿòüñÿ, ðàñïèëèâ òðóáó ñ âîäîé, è îòíåñÿ âòîðîé êîíåö òðóáû ïîäàëüøå, ÷òî äî íåãî äîéäåò õîòü ÷àñòü âîäû (ñ ýëåêòðè÷åñòâîì àíàëîãèè â ãîëîâó íå ïðèøëî).

×òî-òî ïîäâèñàåò ó ìåíÿ ssh ïðè âõîäå â ðîóòåð. Ïðè÷¸ì, çàõîäèøü íà âòîðîé àíàëîãè÷íûé, òîæå íà ñêàéëèíêå - âñ¸ îê, à â ìîé ìîæíî íåñêîëüêî ìèíóò æäàòü, ïîêà çàéä¸ò. Óæ âåñü ãóãë âñêîïàë, íå ïîéìó ïðè÷èíó.

Oct 24 06:23:01 dropbear[573]: Child connection from 77.108.õ.õ:61464
è òàê ìîæåò íåñêîëüêî ìèíóò âèñåòü

Çàêðûâàåøü ssh (putty), â ëîãàõ ïîÿâëÿåòñÿ
Oct 24 06:23:34 dropbear[573]: Exit before auth: Exited normally
òèïà, âñ¸ íîðìàëüíî.

Ïðîáîâàë òåëíåò íà 22 ïîðò, ìîìåíòàëüíî âûäà¸ò
SSH-2.0-dropbear_0.53.1
ïèøåò â ëîã òî, ÷òî óêàçàíî âûøå è âèñèò.

Ïðîáîâàë î÷èñòèòü firewall (iptables -F) òî æå. Ïðîáîâàë ïåðåâåñèòü dropbear íà äðóãîé ïîðò, òî æå.

Áóäü òî "áîëüøîé ëèíóõ", òàì íàäî reverse dns âûêëþ÷èòü, íî dropbear íå ðåñîëâèò àäðåñ êëèåíòà, òàêîé íàñòðîéêè íå èìååò âîâñå... Óæå ïðîáîâàë íà ôëåøêó dropbear ñòàâèòü è èç ïðîøèâêè ïðîáîâàë - áåç òîëêó.

Ùàñ ïîïðîáóþ ïåðåôîðìàòèðîâàòü ôëåøêó, íî ÷òî-òî ïîäñêàçûâàåò, ÷òî íå â ýòîì äåëî.... (íå ïîìîãëî).

È åù¸ äèêî òîðìîçèò ðîäíîé âåá ñíàðóæè (âõîä èçíóòðè ïî ssh / web ñåé÷àñ ïðîâåðèòü íå ìîãó, ðîóòåð íà äà÷å). Ñèìïòîìû î÷åíü ïîõîæèå. Âîò ñåé÷àñ äàæå íå ìîãó çàéòè ãëÿíóòü íîìåð ïðîøèâêè. Â òî æå âðåìÿ thttpd íà 8080 îòêëèêàåòñÿ ìîìåíòàëüíî è äîñòàòî÷íî çàìåòíûå îáú¸ìû ïðîêà÷èâàåò (âðåìåííî, äëÿ ýêñïåðèìåíòîâ è åãî óæå ñí¸ñ). È ssh, åñëè çàéä¸ò, ðàáîòàåò øóñòðî è èíòåðàêòèâíî, â ðàìêàõ âîçìîæíîñòåé ñêàéëèíêà.

Ïåðåçàïóñê httpd íå ïîìîãàåò.
Ïåðåçàïóñê ðîóòåðà íå ïîìîãàåò.
Ïåðåïðîøèòü óäàë¸ííî ñ ó÷¸òîì ïëîõîé îòêðûâàåìîñòè ðîäíîãî âåáà íå ìîãó - íå çíàþ êàê èç êîíñîëè, äà è ìîäåì ìîæåò íå ïîäíÿòüñÿ.

[me@WL-BCAEC5C342EA root]$ uname -a
Linux WL-BCAEC5C342EA 2.6.22.19 #2 Fri Sep 16 22:44:34 MSK 2011 mips GNU/Linux

... íèêàê íå äîáåðóñü äî ñòðàíèöû ãäå ïîñìîòðåòü ïðîøèâêó. Âåá ñíàðóæè âîîáùå íåâîçìîæíî èñïîëüçîâàòü
Ïðåäïîëîæèòåëüíî RT-N-1.9.2.7-rtn-r3300 (2011-09-16) , ÷òî ñîâïàäàåò ñ äàòîé âûäàâàåìîé uname -a.

Quote:

Originally Posted by olegmilantiev

íèêàê íå äîáåðóñü äî ñòðàíèöû ãäå ïîñìîòðåòü ïðîøèâêó

cat /.version

Quote:

Originally Posted by ConstAntz

cat /.version

Ñïàñèáî

[me@WL-BCAEC5C342EA root]$ cat /.version
1.9.2.7-rtn-r3300

Ñîâïàëî ñ ìîèì ïðåäïîëîæåíèåì.

Âòîðîé ðîóòåð, òîæå asus wl500gpV2 (çàáûë íàïèñàòü æå...) ïðîøèò òîé æå ïðîøèâêîé.

------

Ñàìîå ïðîñòîå ïðåäïîëîæåíèå, ÷òî ñâÿçü ïëîõàÿ íå îïðàâäûâàåòñÿ

[me@WL-BCAEC5C342EA root]$ ping ya.ru
PING ya.ru (93.158.134.3): 56 data bytes
64 bytes from 93.158.134.3: seq=0 ttl=60 time=120.811 ms
64 bytes from 93.158.134.3: seq=1 ttl=60 time=172.255 ms
64 bytes from 93.158.134.3: seq=2 ttl=60 time=192.142 ms
64 bytes from 93.158.134.3: seq=3 ttl=60 time=275.298 ms
64 bytes from 93.158.134.3: seq=4 ttl=60 time=352.442 ms
64 bytes from 93.158.134.3: seq=5 ttl=60 time=140.272 ms
64 bytes from 93.158.134.3: seq=6 ttl=60 time=153.234 ms
64 bytes from 93.158.134.3: seq=7 ttl=60 time=192.240 ms
64 bytes from 93.158.134.3: seq=8 ttl=60 time=149.237 ms
64 bytes from 93.158.134.3: seq=9 ttl=60 time=137.250 ms
64 bytes from 93.158.134.3: seq=10 ttl=60 time=149.255 ms
64 bytes from 93.158.134.3: seq=11 ttl=60 time=133.241 ms
64 bytes from 93.158.134.3: seq=12 ttl=60 time=305.246 ms
64 bytes from 93.158.134.3: seq=13 ttl=60 time=144.247 ms

Ê òîìó æå, âñå äðóãèå ñåðâèñû (thttpd, mjpg_streamer -o output_http) ðàáîòàþò õîðîøî.

http://thread.gmane.org/gmane.network.ssh.dropbear/1068

Ó ìåíÿ ïðîáëåìà íå âîñïðîèçâîäèòñÿ, áåç ýòîãî ïîìî÷ü ïðàêòè÷åñêè íåâîçìîæíî.

Quote:

Originally Posted by lly

http://thread.gmane.org/gmane.network.ssh.dropbear/1068

Ó ìåíÿ ïðîáëåìà íå âîñïðîèçâîäèòñÿ, áåç ýòîãî ïîìî÷ü ïðàêòè÷åñêè íåâîçìîæíî.

Ñïàñèáî çà ññûëêó.
ß ïîêà íå ñîáèðàë ïàêåòû ïîä ìèïñ. À êòî ñîáèðàë, ìîæåò ñîáðàòü ìíå ñ çàêîìåíòèðîâàííûì

Code:

In options.h search for #define DO_HOST_LOOKUP and comment it out.

?

ß òîëüêî íå îñîáî ïîéìó, êàê ýòî ìîæåò ïîìî÷ü õîðîøåé ðàáîòå âñòðîåííîãî âåáà. Ñóäÿ ïî ñîâïàäàþùèì ñèìïòîìàì, ïðîáëåìà ðàñò¸ò èç îäíîãî è òîãî æå ìåñòà. Ê ïðèìåðó, ñëèøêîì áîëüøîé mtu / mru äëÿ ýòîãî ìîäåìà..

Quote:

Originally Posted by olegmilantiev

Ñïàñèáî çà ññûëêó.
ß ïîêà íå ñîáèðàë ïàêåòû ïîä ìèïñ. À êòî ñîáèðàë, ìîæåò ñîáðàòü ìíå ñ çàêîìåíòèðîâàííûì

Code:

In options.h search for #define DO_HOST_LOOKUP and comment it out.

Ïåðåä òåì êàê ÷òî-òî ìåíÿòü, áûëî áû íåïëîõî ãëÿíóòü, à êàê îíî óæå åñòü...

http://code.google.com/p/wl500g/sour...build.patch#40

Quote:

Originally Posted by lly

Ïåðåä òåì êàê ÷òî-òî ìåíÿòü, áûëî áû íåïëîõî ãëÿíóòü, à êàê îíî óæå åñòü...

http://code.google.com/p/wl500g/sour...build.patch#40

Îòëè÷íî. Ýòî îòïàäàåò, ñòàëî áûòü.
Êîïàåì äàëüøå. Èäåè? ß âòîðîé äåíü ãóãëþ, íîâûõ ìûñëåé ïîêà íåò.

Quote:

Originally Posted by olegmilantiev

Êîïàåì äàëüøå. Èäåè? ß âòîðîé äåíü ãóãëþ, íîâûõ ìûñëåé ïîêà íåò.

Â çàâèñèìîñòè îò òîãî, êòî ÷åãî ëó÷øå çíàåò.

ß áû âçÿëñÿ çà strace/gdb, ò.ê. iptables çíàþ ãîðàçäî õóæå. Íî, ñóäÿ ïî ñèìïòîìàì, îáùèì ñ httpd, ïîõîæå íàäî áðàòüñÿ èìåííî çà iptables.

Quote:

Originally Posted by lly

Â çàâèñèìîñòè îò òîãî, êòî ÷åãî ëó÷øå çíàåò.

ß áû âçÿëñÿ çà strace/gdb, ò.ê. iptables çíàþ ãîðàçäî õóæå. Íî, ñóäÿ ïî ñèìïòîìàì, îáùèì ñ httpd, ïîõîæå íàäî áðàòüñÿ èìåííî çà iptables.

ß íà÷àë ïðîâåðêó ñ
iptables -F
iptables -t nat -F
iptables -t mangle -F

òî åñòü ñ ïîëíîé î÷èñòêè firewall.
Ïðîâåðèë âñå òàáëèöû, âåçäå policy: ACCEPT, òî åñòü iptables íå èñïîëüçóåòñÿ âîâñå.

Ìíå âîîáùå îñòàëîñü âåðíóòü ðîóòåð ê çàâîäñêèì è ïðîâåðèòü íà íèõ, íî ýòî ñìîãó ñäåëàòü òîëüêî íà âûõîäíûõ, ïîåäó íà äà÷ó. Õîòåë ÷òî-òî åù¸ ïîïðîáîâàòü äî ýòîãî.

Quote:

Originally Posted by lly

ß áû âçÿëñÿ çà strace

Íå ñêàçàòü, ÷òî ÿ ïðÿì çíàþ strace, íî ... âäðóã Âàì ÷òî-òî ïîäñêàæåò òðåéñ.

strace -ff -o /opt/s dropbear -F -p 2222 -4

Code:

_newselect(4, [3], NULL, NULL, NULL) = 1 (in [3]) accept(3, {sa_family=AF_INET, sin_port=htons(60476), sin_addr=inet_addr("77.37.õ.õ")}, [16]) = 5 pipe([0, 2139856048]) = 6 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2aab0068) = 570 close(7) = 0 close(5) = 0

Âîò îí ôîðêíóëñÿ...
íà÷àë ïèñàòü òðåéñ â îòäåëüíûé ôàéë

Code:

time([1319455840]) = 1319455840 open("/etc/TZ", O_RDONLY) = 8 read(8, "GMT0\n", 68) = 5 close(8) = 0 send(4, "<86>Oct 24 11:30:40 dropbear[570"..., 76, MSG_NOSIGNAL) = 76 setsid() = 570 close(3) = 0 close(6) = 0 gettimeofday({1319455840, 527648}, NULL) = 0 pipe([0, 0]) = 3 fcntl64(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 fcntl64(6, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 time(NULL) = 1319455840 brk(0x450000) = 0x450000 rt_sigaction(SIGCHLD, {SIG_IGN, [FPE SEGV PIPE ALRM TERM USR1 CHLD STOP RT_49 RT_65 RT_66 RT_67], SA_SIGINFO|SA_NOCLDWAIT|0x407c74}, NULL, 16) = 0 time(NULL) = 1319455840 getpeername(5, {sa_family=AF_INET, sin_port=htons(60476), sin_addr=inet_addr("77.37.x.x")}, [16]) = 0 getpeername(5, {sa_family=AF_INET, sin_port=htons(60476), sin_addr=inet_addr("77.37.x.x")}, [16]) = 0 write(5, "SSH-2.0-dropbear_0.53.1\r\n", 25) = 25 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {0, 846000}) time(NULL) = 1319455840 read(5, "S", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "S", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "H", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "-", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "2", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, ".", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "0", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "-", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "O", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "p", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "e", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "n", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "S", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "H", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "_", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "5", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, ".", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "4", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "\r", 1) = 1 _newselect(6, [5], NULL, NULL, {1, 0}) = 1 (in [5], left {1, 0}) time(NULL) = 1319455840 read(5, "\n", 1) = 1 _newselect(7, [3 5], [5], NULL, {300, 0}) = 1 (out [5], left {300, 0}) time(NULL) = 1319455840 write(5, "\0\0\1\234\4\24\307\202\223o\377\303\212x\221\2468\276w\312\0\252\0\0\0006diffie"..., 416) = 416 time(NULL) = 1319455840 _newselect(7, [3 5], [], NULL, {300, 0}) = 1 (in [5], left {299, 801000}) time(NULL) = 1319455840 read(5, "\0\0\3L\6\24'M", 8) = 8 read(5, "\252\305Y\332\3048=P\224\262\330\35\1\260\0\0\0~diffie-hellman"..., 840) = 840 time(NULL) = 1319455840 brk(0x451000) = 0x451000 brk(0x452000) = 0x452000 _newselect(7, [3 5], [], NULL, {300, 0}

è çàëèï... áîëüøå íè÷åãî íå ïèøåò, æä¸ò ÷åãî-òî.
Ïðîáîâàë çàõîäèòü ñ èñïîëüçîâàíèåì putty ñ âèíäû èëè openssh ñ ëèíóõà. Ýôôåêò ñõîæèé.

Âîò, ïðèêîëà äëÿ, ïîñèäåë è ïîñìîòðåë íà íåèçìåííûé òðåéñ â òå÷åíèå ïÿòè ìèíóò.