[Solar-tecnica] Re: SSH

Jue Ago 21 08:54:44 CEST 2008

2008/8/21 hernan lopez pardo <hernanlopezpardo en gmail.com>:
> Si, efectivamente el RFC no establece ningún puerto por arriba del
> 1024 para establecer la transferencia.  Directamente el tunel se hace
> del 22 al 22 (por convención). Lo que estaba pasando es que el router
> de frontera de mi LAN me estaba nateando un puerto superior al 1024
> (aún con los permisos de root desactivados en el sshd).
> La verdad son medio molestos, cuand pueda me comprare un switch y con
> la máquina server hare el servidor y firewall ya que es bastate
> configurable el router pero muy capsioso en las opciones.
> El x sigue sin levantar, siguiendo la guia, levante la variable
> DISPLAY y active  X11LocalHosts en el sshd me sigue arrojando error
> para levantar las ventanas.
>
> Un fuerte abrazo.
>
> $ export DISPLAY=localhost:0.0
> $ xterm &
> $ xterm Xt error: Can't open display: localhost:0.0
>
> sshd_config
> -----------------------------------------------------------------------------------------------------------------------------------------------------------
> port 22
> Protocol 2
> ListenAddress 0.0.0.0:22
>
>
> # HostKey for protocol version 1
> #HostKey /etc/ssh/ssh_host_key
> # HostKeys for protocol version 2
> #HostKey /etc/ssh/ssh_host_dsa_key
>
> # Lifetime and size of ephemeral version 1 server key
> #KeyRegenerationInterval 1h
> #ServerKeyBits 768
>
> # Logging
> # obsoletes QuietMode and FascistLogging
> #SyslogFacility AUTH
> #LogLevel INFO
> # Authentication:
>
> #LoginGraceTime 2m
> PermitRootLogin yes
> #StrictModes yes
> #MaxAuthTries 6
>
> RSAAuthentication yes
> PubkeyAuthentication yes
> AuthorizedKeysFile      .ssh/authorized_keys
>
> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
> #RhostsRSAAuthentication no
> # similar for protocol version 2
> #HostbasedAuthentication no
> # Change to yes if you don't trust ~/.ssh/known_hosts for
> # RhostsRSAAuthentication and HostbasedAuthentication
> #IgnoreUserKnownHosts no
> # Don't read the user's ~/.rhosts and ~/.shosts files
> #IgnoreRhosts yes
>
> # Change to yes to enable built-in password authentication.
> PasswordAuthentication yes
> #PermitEmptyPasswords no
>
> # Change to no to disable PAM authentication
> #ChallengeResponseAuthentication yes
>
> # Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #KerberosTicketCleanup yes
> #KerberosGetAFSToken no
> # GSSAPI options
> #GSSAPIAuthentication no
> #GSSAPICleanupCredentials yes
>
> # Set this to 'no' to disable PAM authentication, account processing,
> # and session processing. If this is enabled, PAM authentication will
> # be allowed through the ChallengeResponseAuthentication and
> # PasswordAuthentication.  Depending on your PAM configuration,
> # PAM authentication via ChallengeResponseAuthentication may bypass
> # the setting of "PermitRootLogin without-password".
> # If you just want the PAM account and session checks to run without
> # PAM authentication, then enable this but set PasswordAuthentication
> # and ChallengeResponseAuthentication to 'no'.
> #UsePAM yes
>
> AllowTcpForwarding yes
> #GatewayPorts yes
> X11Forwarding yes
> #X11DisplayOffset 10
> #X11UseLocalhost yes
> #PrintMotd yes
> #PrintLastLog yes
> #TCPKeepAlive yes
> UseLogin yes
> #UsePrivilegeSeparation yes
> #PermitUserEnvironment no
> #Compression delayed
> #ClientAliveInterval 0
> #ClientAliveCountMax 3
> UseDNS yes
> #PidFile /var/run/sshd.pid
> #MaxStartups 10
> #PermitTunnel no
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
>
>
> --
> Hernán López Pardo
>
> http://otrodiaparaser.blogspot.com
>


-- 
Hernán López Pardo

http://otrodiaparaser.blogspot.com