Remote ssh access

[TReX]

Íîñîì ìîæåòå òêíóòü â ìîþ îøèáêó? Èëè âû ìîè 2 ïîñëåäíèõ ïîñòà äàæå íå ïðî÷èòàëè?

Èçó÷àåì ÷òî òàêîå NAT è DMZ è ñðàçó ïîéìåòå ÷òî ó âàñ è êóäà èñ÷åçàåò

[Satoorn]

Èçó÷àåì ÷òî òàêîå NAT è DMZ è ñðàçó ïîéìåòå ÷òî ó âàñ è êóäà èñ÷åçàåò

ß ïîíèìàþ, ÷òî ïîñëàòü ÷èòàòü ìàíû ýòî ïðîñòîé âàðèàíò, ïîìî÷ü æå òÿæåëåå. Ïëþñ ó ìåíÿ íåìíîãî äðóãîé ïðîôèëü è ÿ òîæå ìîãó âàñ çà ïîÿñ çàòêíóòü, òèïà, ó÷èòå çàêîí îìà èëè ÷òî òàêîå ðàçíîñòü ïîòåíöèàëîâ.
Ñïàñèáî çà ñîâåò, ÿ ïîïðîáóþ ñàì ðàçîáðàòüñÿ, à âàì ñîâåò, ñïóñòèòåñü íà çåìëþ. Åñëè â áëèæàéøåå âðåìÿ íèêòî íå îòâåòèò, ïîòðó ïîñòû, òàê ÷òî êîïèðóéòå äëÿ áàøîðãà. )

[smi]

ß ïîíèìàþ, ÷òî ïîñëàòü ÷èòàòü ìàíû ýòî ïðîñòîé âàðèàíò, ïîìî÷ü æå òÿæåëåå.

À çà÷åì âû âêëþ÷àåòå ôóíêöèþ, ñîâåðøåííî íå ïîíèìàÿ, êàê îíà ðàáîòàåò? Âû âêëþ÷èëè ïåðåíàïðàâëåíèå ÂÑÅÕ ÂÕÎÄßÙÈÕ ñîåäèíåíèé íà âàøó PS3 è êàêîãî ðåçóëüòàòà âû îæèäàëè? Ó âàñ íà PS3 íà ïîðòó 5222 åñòü ssh?

Ïëþñ ó ìåíÿ íåìíîãî äðóãîé ïðîôèëü è ÿ òîæå ìîãó âàñ çà ïîÿñ çàòêíóòü, òèïà, ó÷èòå çàêîí îìà èëè ÷òî òàêîå ðàçíîñòü ïîòåíöèàëîâ.

À íå ïîäñêàæèòå, ïî÷åìó ÿ îïåðàöèîííèê â ðîçåòêó ïèõàþ, õî÷ó óñèñëèòü íàïðóãó èç ðîçåòêè, à îí âçðûâàåòñÿ è ïðîáêè âûøèáàåò? ×òî ÿ äåëàþ íå òàê?

Åñëè â áëèæàéøåå âðåìÿ íèêòî íå îòâåòèò, ïîòðó ïîñòû, òàê ÷òî êîïèðóéòå äëÿ áàøîðãà. )

Óäàëèòå, åñëè íå ñëîæíî, èíôû â íèõ íåò, à î÷åíü îáúåìíû. Âû åñëè ÷òî íàäî åùå áóäåò, íå ïèõàéòå ïðîñòûíè â òåêñò, à ïðèêðåïèòå êàê ôàéëû âëîæåíèÿ

[Satoorn]

À çà÷åì âû âêëþ÷àåòå ôóíêöèþ, ñîâåðøåííî íå ïîíèìàÿ, êàê îíà ðàáîòàåò? Âû âêëþ÷èëè ïåðåíàïðàâëåíèå ÂÑÅÕ ÂÕÎÄßÙÈÕ ñîåäèíåíèé íà âàøó PS3 è êàêîãî ðåçóëüòàòà âû îæèäàëè? Ó âàñ íà PS3 íà ïîðòó 5222 åñòü ssh?

ß îæèäàë, ÷òî èìåííî äëÿ PS3 âñ¸ áóäåò îòêðûòî. Íå õî÷ó ïðîïèñûâàòü îòäåëüíûå ïîðòû, ïðîùå æå çàïèñàòü â DMZ. ß íå ïðàâ?

À íå ïîäñêàæèòå, ïî÷åìó ÿ îïåðàöèîííèê â ðîçåòêó ïèõàþ, õî÷ó óñèñëèòü íàïðóãó èç ðîçåòêè, à îí âçðûâàåòñÿ è ïðîáêè âûøèáàåò? ×òî ÿ äåëàþ íå òàê?

Ðîçåòêà âûñîêîâîëüòíàÿ ))) Óìåíüøèòå íàïðóãó ðàç â 15.

Óäàëèòå, åñëè íå ñëîæíî, èíôû â íèõ íåò, à î÷åíü îáúåìíû. Âû åñëè ÷òî íàäî åùå áóäåò, íå ïèõàéòå ïðîñòûíè â òåêñò, à ïðèêðåïèòå êàê ôàéëû âëîæåíèÿ

Îê.

ps. smi ñïàñèáî çà ôðàçó "ïåðåíàïðàâëåíèå ÂÑÅÕ ÂÕÎÄßÙÈÕ", ïðîïèñàë â Virtual Server ïîðòû äëÿ íóæíûõ ìíå ñëóæá, à â DMZ ïðîïèñàë PS3, âðîäå âñ¸ ðàáîòàåò. Íàäåþñü ïðàâèëüíî ñäåëàë. ß äóìàë, åñëè ÿ â DMZ ïðîïèøó IP, òî âñå ïîðòû áóäóò îòêðûòû òîëüêî íà í¸ì, à äðóãèå ìàøèíû â ëîêàëüíîé ñåòè áóäóò ðàáîòàòü ïî îñòàëüíûì ïðàâèëàì è DMZ èõ íå çàòðîíåò.

[vectorm]

ß îæèäàë, ÷òî èìåííî äëÿ PS3 âñ¸ áóäåò îòêðûòî. Íå õî÷ó ïðîïèñûâàòü îòäåëüíûå ïîðòû, ïðîùå æå çàïèñàòü â DMZ. ß íå ïðàâ?

Äà, òàê îíî è åñòü - âåñü òðàôèê çàâîðà÷èâàåòñÿ íà PS3.
Âñå îñòàëüíûå ïðàâèëà, ïðîïèñàííûå ÏÎÑËÅ DMZ - ïóñòàÿ òðàòà òåêñòà, ïîòîìó, ÷òî íå îáðàáàòûâàþòñÿ ñèñòåìîé ÂÎÎÁÙÅ.
Ýòî âñå ðàâíî, ÷òî íàäåÿòüñÿ, ðàñïèëèâ òðóáó ñ âîäîé, è îòíåñÿ âòîðîé êîíåö òðóáû ïîäàëüøå, ÷òî äî íåãî äîéäåò õîòü ÷àñòü âîäû (ñ ýëåêòðè÷åñòâîì àíàëîãèè â ãîëîâó íå ïðèøëî).

[olegmilantiev]

×òî-òî ïîäâèñàåò ó ìåíÿ ssh ïðè âõîäå â ðîóòåð. Ïðè÷¸ì, çàõîäèøü íà âòîðîé àíàëîãè÷íûé, òîæå íà ñêàéëèíêå - âñ¸ îê, à â ìîé ìîæíî íåñêîëüêî ìèíóò æäàòü, ïîêà çàéä¸ò. Óæ âåñü ãóãë âñêîïàë, íå ïîéìó ïðè÷èíó.

Oct 24 06:23:01 dropbear[573]: Child connection from 77.108.õ.õ:61464
è òàê ìîæåò íåñêîëüêî ìèíóò âèñåòü

Çàêðûâàåøü ssh (putty), â ëîãàõ ïîÿâëÿåòñÿ
Oct 24 06:23:34 dropbear[573]: Exit before auth: Exited normally
òèïà, âñ¸ íîðìàëüíî.

Ïðîáîâàë òåëíåò íà 22 ïîðò, ìîìåíòàëüíî âûäà¸ò
SSH-2.0-dropbear_0.53.1
ïèøåò â ëîã òî, ÷òî óêàçàíî âûøå è âèñèò.

Ïðîáîâàë î÷èñòèòü firewall (iptables -F) òî æå. Ïðîáîâàë ïåðåâåñèòü dropbear íà äðóãîé ïîðò, òî æå.

Áóäü òî "áîëüøîé ëèíóõ", òàì íàäî reverse dns âûêëþ÷èòü, íî dropbear íå ðåñîëâèò àäðåñ êëèåíòà, òàêîé íàñòðîéêè íå èìååò âîâñå... Óæå ïðîáîâàë íà ôëåøêó dropbear ñòàâèòü è èç ïðîøèâêè ïðîáîâàë - áåç òîëêó.

Ùàñ ïîïðîáóþ ïåðåôîðìàòèðîâàòü ôëåøêó, íî ÷òî-òî ïîäñêàçûâàåò, ÷òî íå â ýòîì äåëî.... (íå ïîìîãëî).

È åù¸ äèêî òîðìîçèò ðîäíîé âåá ñíàðóæè (âõîä èçíóòðè ïî ssh / web ñåé÷àñ ïðîâåðèòü íå ìîãó, ðîóòåð íà äà÷å). Ñèìïòîìû î÷åíü ïîõîæèå. Âîò ñåé÷àñ äàæå íå ìîãó çàéòè ãëÿíóòü íîìåð ïðîøèâêè.  òî æå âðåìÿ thttpd íà 8080 îòêëèêàåòñÿ ìîìåíòàëüíî è äîñòàòî÷íî çàìåòíûå îáú¸ìû ïðîêà÷èâàåò (âðåìåííî, äëÿ ýêñïåðèìåíòîâ è åãî óæå ñí¸ñ). È ssh, åñëè çàéä¸ò, ðàáîòàåò øóñòðî è èíòåðàêòèâíî, â ðàìêàõ âîçìîæíîñòåé ñêàéëèíêà.

Ïåðåçàïóñê httpd íå ïîìîãàåò.
Ïåðåçàïóñê ðîóòåðà íå ïîìîãàåò.
Ïåðåïðîøèòü óäàë¸ííî ñ ó÷¸òîì ïëîõîé îòêðûâàåìîñòè ðîäíîãî âåáà íå ìîãó - íå çíàþ êàê èç êîíñîëè, äà è ìîäåì ìîæåò íå ïîäíÿòüñÿ.


[me@WL-BCAEC5C342EA root]$ uname -a
Linux WL-BCAEC5C342EA 2.6.22.19 #2 Fri Sep 16 22:44:34 MSK 2011 mips GNU/Linux

... íèêàê íå äîáåðóñü äî ñòðàíèöû ãäå ïîñìîòðåòü ïðîøèâêó. Âåá ñíàðóæè âîîáùå íåâîçìîæíî èñïîëüçîâàòü
Ïðåäïîëîæèòåëüíî RT-N-1.9.2.7-rtn-r3300 (2011-09-16) , ÷òî ñîâïàäàåò ñ äàòîé âûäàâàåìîé uname -a.

[ConstAntz]

íèêàê íå äîáåðóñü äî ñòðàíèöû ãäå ïîñìîòðåòü ïðîøèâêó

cat /.version

[olegmilantiev]

cat /.version

Ñïàñèáî

[me@WL-BCAEC5C342EA root]$ cat /.version
1.9.2.7-rtn-r3300

Ñîâïàëî ñ ìîèì ïðåäïîëîæåíèåì.

Âòîðîé ðîóòåð, òîæå asus wl500gpV2 (çàáûë íàïèñàòü æå...) ïðîøèò òîé æå ïðîøèâêîé.

------

Ñàìîå ïðîñòîå ïðåäïîëîæåíèå, ÷òî ñâÿçü ïëîõàÿ íå îïðàâäûâàåòñÿ

[me@WL-BCAEC5C342EA root]$ ping ya.ru
PING ya.ru (93.158.134.3): 56 data bytes
64 bytes from 93.158.134.3: seq=0 ttl=60 time=120.811 ms
64 bytes from 93.158.134.3: seq=1 ttl=60 time=172.255 ms
64 bytes from 93.158.134.3: seq=2 ttl=60 time=192.142 ms
64 bytes from 93.158.134.3: seq=3 ttl=60 time=275.298 ms
64 bytes from 93.158.134.3: seq=4 ttl=60 time=352.442 ms
64 bytes from 93.158.134.3: seq=5 ttl=60 time=140.272 ms
64 bytes from 93.158.134.3: seq=6 ttl=60 time=153.234 ms
64 bytes from 93.158.134.3: seq=7 ttl=60 time=192.240 ms
64 bytes from 93.158.134.3: seq=8 ttl=60 time=149.237 ms
64 bytes from 93.158.134.3: seq=9 ttl=60 time=137.250 ms
64 bytes from 93.158.134.3: seq=10 ttl=60 time=149.255 ms
64 bytes from 93.158.134.3: seq=11 ttl=60 time=133.241 ms
64 bytes from 93.158.134.3: seq=12 ttl=60 time=305.246 ms
64 bytes from 93.158.134.3: seq=13 ttl=60 time=144.247 ms

Ê òîìó æå, âñå äðóãèå ñåðâèñû (thttpd, mjpg_streamer -o output_http) ðàáîòàþò õîðîøî.

[lly]

http://thread.gmane.org/gmane.network.ssh.dropbear/1068

Ó ìåíÿ ïðîáëåìà íå âîñïðîèçâîäèòñÿ, áåç ýòîãî ïîìî÷ü ïðàêòè÷åñêè íåâîçìîæíî.

[olegmilantiev]

http://thread.gmane.org/gmane.network.ssh.dropbear/1068

Ó ìåíÿ ïðîáëåìà íå âîñïðîèçâîäèòñÿ, áåç ýòîãî ïîìî÷ü ïðàêòè÷åñêè íåâîçìîæíî.

Ñïàñèáî çà ññûëêó.
ß ïîêà íå ñîáèðàë ïàêåòû ïîä ìèïñ. À êòî ñîáèðàë, ìîæåò ñîáðàòü ìíå ñ çàêîìåíòèðîâàííûì

Code:

In options.h search for #define DO_HOST_LOOKUP and comment it out.

?

ß òîëüêî íå îñîáî ïîéìó, êàê ýòî ìîæåò ïîìî÷ü õîðîøåé ðàáîòå âñòðîåííîãî âåáà. Ñóäÿ ïî ñîâïàäàþùèì ñèìïòîìàì, ïðîáëåìà ðàñò¸ò èç îäíîãî è òîãî æå ìåñòà. Ê ïðèìåðó, ñëèøêîì áîëüøîé mtu / mru äëÿ ýòîãî ìîäåìà..

[lly]

Ñïàñèáî çà ññûëêó.
ß ïîêà íå ñîáèðàë ïàêåòû ïîä ìèïñ. À êòî ñîáèðàë, ìîæåò ñîáðàòü ìíå ñ çàêîìåíòèðîâàííûì

Code:

In options.h search for #define DO_HOST_LOOKUP and comment it out.

Ïåðåä òåì êàê ÷òî-òî ìåíÿòü, áûëî áû íåïëîõî ãëÿíóòü, à êàê îíî óæå åñòü...

http://code.google.com/p/wl500g/sour...build.patch#40

[olegmilantiev]

Ïåðåä òåì êàê ÷òî-òî ìåíÿòü, áûëî áû íåïëîõî ãëÿíóòü, à êàê îíî óæå åñòü...

http://code.google.com/p/wl500g/sour...build.patch#40

Îòëè÷íî. Ýòî îòïàäàåò, ñòàëî áûòü.
Êîïàåì äàëüøå. Èäåè? ß âòîðîé äåíü ãóãëþ, íîâûõ ìûñëåé ïîêà íåò.

[lly]

Êîïàåì äàëüøå. Èäåè? ß âòîðîé äåíü ãóãëþ, íîâûõ ìûñëåé ïîêà íåò.

 çàâèñèìîñòè îò òîãî, êòî ÷åãî ëó÷øå çíàåò.

ß áû âçÿëñÿ çà strace/gdb, ò.ê. iptables çíàþ ãîðàçäî õóæå. Íî, ñóäÿ ïî ñèìïòîìàì, îáùèì ñ httpd, ïîõîæå íàäî áðàòüñÿ èìåííî çà iptables.

[olegmilantiev]

 çàâèñèìîñòè îò òîãî, êòî ÷åãî ëó÷øå çíàåò.

ß áû âçÿëñÿ çà strace/gdb, ò.ê. iptables çíàþ ãîðàçäî õóæå. Íî, ñóäÿ ïî ñèìïòîìàì, îáùèì ñ httpd, ïîõîæå íàäî áðàòüñÿ èìåííî çà iptables.

ß íà÷àë ïðîâåðêó ñ
iptables -F
iptables -t nat -F
iptables -t mangle -F

òî åñòü ñ ïîëíîé î÷èñòêè firewall.
Ïðîâåðèë âñå òàáëèöû, âåçäå policy: ACCEPT, òî åñòü iptables íå èñïîëüçóåòñÿ âîâñå.

Ìíå âîîáùå îñòàëîñü âåðíóòü ðîóòåð ê çàâîäñêèì è ïðîâåðèòü íà íèõ, íî ýòî ñìîãó ñäåëàòü òîëüêî íà âûõîäíûõ, ïîåäó íà äà÷ó. Õîòåë ÷òî-òî åù¸ ïîïðîáîâàòü äî ýòîãî.

[olegmilantiev]

ß áû âçÿëñÿ çà strace

Íå ñêàçàòü, ÷òî ÿ ïðÿì çíàþ strace, íî ... âäðóã Âàì ÷òî-òî ïîäñêàæåò òðåéñ.

strace -ff -o /opt/s dropbear -F -p 2222 -4

Code:

_newselect(4, [3], NULL, NULL, NULL)    = 1 (in [3])
accept(3, {sa_family=AF_INET, sin_port=htons(60476), sin_addr=inet_addr("77.37.õ.õ")}, [16]) = 5
pipe([0, 2139856048])                   = 6
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2aab0068) = 570
close(7)                                = 0
close(5)                                = 0

Âîò îí ôîðêíóëñÿ...
íà÷àë ïèñàòü òðåéñ â îòäåëüíûé ôàéë

Code:

time([1319455840])                      = 1319455840
open("/etc/TZ", O_RDONLY)               = 8
read(8, "GMT0\n", 68)                   = 5
close(8)                                = 0
send(4, "<86>Oct 24 11:30:40 dropbear[570"..., 76, MSG_NOSIGNAL) = 76
setsid()                                = 570
close(3)                                = 0
close(6)                                = 0
gettimeofday({1319455840, 527648}, NULL) = 0
pipe([0, 0])                            = 3
fcntl64(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
fcntl64(6, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
time(NULL)                              = 1319455840
brk(0x450000)                           = 0x450000
rt_sigaction(SIGCHLD, {SIG_IGN, [FPE SEGV PIPE ALRM TERM USR1 CHLD STOP RT_49 RT_65 RT_66 RT_67], SA_SIGINFO|SA_NOCLDWAIT|0x407c74}, NULL, 16) = 0
time(NULL)                              = 1319455840
getpeername(5, {sa_family=AF_INET, sin_port=htons(60476), sin_addr=inet_addr("77.37.x.x")}, [16]) = 0
getpeername(5, {sa_family=AF_INET, sin_port=htons(60476), sin_addr=inet_addr("77.37.x.x")}, [16]) = 0
write(5, "SSH-2.0-dropbear_0.53.1\r\n", 25) = 25
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {0, 846000})
time(NULL)                              = 1319455840
read(5, "S", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "S", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "H", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "-", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "2", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, ".", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "0", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "-", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "O", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "p", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "e", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "n", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "S", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "H", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "_", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "5", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, ".", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "4", 1)                         = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "\r", 1)                        = 1
_newselect(6, [5], NULL, NULL, {1, 0})  = 1 (in [5], left {1, 0})
time(NULL)                              = 1319455840
read(5, "\n", 1)                        = 1
_newselect(7, [3 5], [5], NULL, {300, 0}) = 1 (out [5], left {300, 0})
time(NULL)                              = 1319455840
write(5, "\0\0\1\234\4\24\307\202\223o\377\303\212x\221\2468\276w\312\0\252\0\0\0006diffie"..., 416) = 416
time(NULL)                              = 1319455840
_newselect(7, [3 5], [], NULL, {300, 0}) = 1 (in [5], left {299, 801000})
time(NULL)                              = 1319455840
read(5, "\0\0\3L\6\24'M", 8)            = 8
read(5, "\252\305Y\332\3048=P\224\262\330\35\1\260\0\0\0~diffie-hellman"..., 840) = 840
time(NULL)                              = 1319455840
brk(0x451000)                           = 0x451000
brk(0x452000)                           = 0x452000
_newselect(7, [3 5], [], NULL, {300, 0}

è çàëèï... áîëüøå íè÷åãî íå ïèøåò, æä¸ò ÷åãî-òî.
Ïðîáîâàë çàõîäèòü ñ èñïîëüçîâàíèåì putty ñ âèíäû èëè openssh ñ ëèíóõà. Ýôôåêò ñõîæèé.

Âîò, ïðèêîëà äëÿ, ïîñèäåë è ïîñìîòðåë íà íåèçìåííûé òðåéñ â òå÷åíèå ïÿòè ìèíóò.