[Solar-tecnica] SSH

hernan lopez pardo hernanlopezpardo en gmail.com
Jue Ago 21 08:54:17 CEST 2008


Si, efectivamente el RFC no establece ningún puerto por arriba del
1024 para establecer la transferencia.  Directamente el tunel se hace
del 22 al 22 (por convención). Lo que estaba pasando es que el router
de frontera de mi LAN me estaba nateando un puerto superior al 1024
(aún con los permisos de root desactivados en el sshd).
La verdad son medio molestos, cuand pueda me comprare un switch y con
la máquina server hare el servidor y firewall ya que es bastate
configurable el router pero muy capsioso en las opciones.
El x sigue sin levantar, siguiendo la guia, levante la variable
DISPLAY y active  X11LocalHosts en el sshd me sigue arrojando error
para levantar las ventanas.

Un fuerte abrazo.

$ export DISPLAY=localhost:0.0
$ xterm &
$ xterm Xt error: Can't open display: localhost:0.0

sshd_config
-----------------------------------------------------------------------------------------------------------------------------------------------------------
port 22
Protocol 2
ListenAddress 0.0.0.0:22


# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM yes

AllowTcpForwarding yes
#GatewayPorts yes
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
UseLogin yes
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
----------------------------------------------------------------------------------------------------------------------------------------------------------------------




-- 
Hernán López Pardo

http://otrodiaparaser.blogspot.com



Más información sobre la lista de distribución Solar-tecnica