Hi Joe! Thank you for detailed reply! Actually I found a switch which solved my problem and now all my experiments works perfectly. The command is:
echo "1">/proc/sys/net/ipv4/ip_forward but...What is it?! Is there any other way to check and configure my laptop's status without writing directly to this file? ...well I know, linux is all about file... Joe於 2012年10月11日星期四UTC+9上午3時50分02秒寫道: > On Wed, 10 Oct 2012 08:35:13 -0700 (PDT) > > houkensjtu <houkens...@gmail.com> wrote: > > > > > Hi debianer! > > > I am a newbie both of debian and networking... > > > Recently I am trying to connect my home laptop(I have a router in my > > > home) from office. I read several articles on port forwarding. And I > > > succeeded in opening an 22 port on my router, also I started ssh > > > server on my home laptop. > > > > > > (suppose my username at home is USER, and my laptop is called DEBIAN) > > > > > > I did several experiment and I got confusing in some of its result. > > > > > > 1. ssh USER@DEBIAN > > > > > > works well!! > > > > > > 2. nc -vz my_home_external_ip 22 > > > [my_home_external_ip] 22 (ssh) : Connection refused > > > > > > I cant understand why is it. Because I have actually succeeded in > > > test 1! > > > > > > 3. ssh -l USER my_home_external_ip > > > ssh: connect to host my_home_external_ip port 22: Connection refused > > > This also doesnt work! I thought it should be equivalent to test 1, > > > but things just dont work. > > > > > > Any one can explain this? > > > > > > > > > > Not yet. Many commercial networks operate firewalls affecting the > > connections leaving the network so as yet you don't know which end of > > the connection has an issue. > > > > Divide the problem into two parts: the simplest way to check port > > forwarding is to use an external website from home, that way you can > > change things without travelling from your office, and you know the > > other end will have no firewall problems. > > > > A simple and slightly alarming but fairly reliable site is > > http://grc.com. Click on Shields Up!!, scroll down over halfway and > > click the heading Shields Up!, then Proceed, and Continue, then Common > > Ports (you can enter 22 manually, but the Common Ports is a quick test > > and just one click is needed). > > > > You're looking for 22 shown as Open, and probably all others as > > Stealth. Ignore all the dire warnings, this is a site for Windows users > > and they need to be scared. > > > > If 22 is not shown as Open, then you either haven't got the forwarding > > right, or sshd isn't running as you expect. If the router looks right, > > from your laptop try ssh <IP address of laptop>. This isn't the same as > > ssh localhost, as the ssh server treats different interfaces separately. > > > > If all is well at this end, but there is still a problem from your > > office, then you need to ask about outgoing firewalling there. > > > > However you resolve the initial problem, the ssh server is very heavily > > targeted by the bad guys, using password checking bots. A quick and > > dirty security measure is to forward a non-standard high numbered > > external TCP port to <laptop>:22 (nearly all routers should be able to > > do that) or to forward it to the same port of the laptop, and > > reconfigure the ssh server to listen on that port (the Port xxx line(s) > > in /etc/sshd_config). Remember to restart the ssh server if you need to > > do this. > > > > Six people will now leap in and say that's not going to improve > > security, all the bad guys have to do is run a portscan to find your > > server. However, scanning 65,000 ports of the same IP address across > > the Internet is no small undertaking, and will certainly attract > > attention, and I've never yet seen a bot attempt it. I don't get *any* > > connection attempts to my ssh port, while 22 gets 10-100 a day. > > > > The long-term solution is to disable passwords and use public-private > > key pairs for authentication, which is not really difficult, but is > > not for a complete beginner, and can certainly not be tried until you > > have the system working reliably on passwords. A quick Google for ssh > > public key tutorial turns up a vast number of sites to help with this. > > > > If you need to work from Windows, by the way, the puTTY program is > > pretty much the industry standard. There is also a Portable Apps > > version of it, which does not write anything to the Windows machine. > > > > -- > > Joe > > > > > > -- > > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > > Archive: http://lists.debian.org/20121010194427.02ca4...@jretrading.com Joe於 2012年10月11日星期四UTC+9上午3時50分02秒寫道: > On Wed, 10 Oct 2012 08:35:13 -0700 (PDT) > > houkensjtu <houkens...@gmail.com> wrote: > > > > > Hi debianer! > > > I am a newbie both of debian and networking... > > > Recently I am trying to connect my home laptop(I have a router in my > > > home) from office. I read several articles on port forwarding. And I > > > succeeded in opening an 22 port on my router, also I started ssh > > > server on my home laptop. > > > > > > (suppose my username at home is USER, and my laptop is called DEBIAN) > > > > > > I did several experiment and I got confusing in some of its result. > > > > > > 1. ssh USER@DEBIAN > > > > > > works well!! > > > > > > 2. nc -vz my_home_external_ip 22 > > > [my_home_external_ip] 22 (ssh) : Connection refused > > > > > > I cant understand why is it. Because I have actually succeeded in > > > test 1! > > > > > > 3. ssh -l USER my_home_external_ip > > > ssh: connect to host my_home_external_ip port 22: Connection refused > > > This also doesnt work! I thought it should be equivalent to test 1, > > > but things just dont work. > > > > > > Any one can explain this? > > > > > > > > > > Not yet. Many commercial networks operate firewalls affecting the > > connections leaving the network so as yet you don't know which end of > > the connection has an issue. > > > > Divide the problem into two parts: the simplest way to check port > > forwarding is to use an external website from home, that way you can > > change things without travelling from your office, and you know the > > other end will have no firewall problems. > > > > A simple and slightly alarming but fairly reliable site is > > http://grc.com. Click on Shields Up!!, scroll down over halfway and > > click the heading Shields Up!, then Proceed, and Continue, then Common > > Ports (you can enter 22 manually, but the Common Ports is a quick test > > and just one click is needed). > > > > You're looking for 22 shown as Open, and probably all others as > > Stealth. Ignore all the dire warnings, this is a site for Windows users > > and they need to be scared. > > > > If 22 is not shown as Open, then you either haven't got the forwarding > > right, or sshd isn't running as you expect. If the router looks right, > > from your laptop try ssh <IP address of laptop>. This isn't the same as > > ssh localhost, as the ssh server treats different interfaces separately. > > > > If all is well at this end, but there is still a problem from your > > office, then you need to ask about outgoing firewalling there. > > > > However you resolve the initial problem, the ssh server is very heavily > > targeted by the bad guys, using password checking bots. A quick and > > dirty security measure is to forward a non-standard high numbered > > external TCP port to <laptop>:22 (nearly all routers should be able to > > do that) or to forward it to the same port of the laptop, and > > reconfigure the ssh server to listen on that port (the Port xxx line(s) > > in /etc/sshd_config). Remember to restart the ssh server if you need to > > do this. > > > > Six people will now leap in and say that's not going to improve > > security, all the bad guys have to do is run a portscan to find your > > server. However, scanning 65,000 ports of the same IP address across > > the Internet is no small undertaking, and will certainly attract > > attention, and I've never yet seen a bot attempt it. I don't get *any* > > connection attempts to my ssh port, while 22 gets 10-100 a day. > > > > The long-term solution is to disable passwords and use public-private > > key pairs for authentication, which is not really difficult, but is > > not for a complete beginner, and can certainly not be tried until you > > have the system working reliably on passwords. A quick Google for ssh > > public key tutorial turns up a vast number of sites to help with this. > > > > If you need to work from Windows, by the way, the puTTY program is > > pretty much the industry standard. There is also a Portable Apps > > version of it, which does not write anything to the Windows machine. > > > > -- > > Joe > > > > > > -- > > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > > Archive: http://lists.debian.org/20121010194427.02ca4...@jretrading.com Joe於 2012年10月11日星期四UTC+9上午3時50分02秒寫道: > On Wed, 10 Oct 2012 08:35:13 -0700 (PDT) > > houkensjtu <houkens...@gmail.com> wrote: > > > > > Hi debianer! > > > I am a newbie both of debian and networking... > > > Recently I am trying to connect my home laptop(I have a router in my > > > home) from office. I read several articles on port forwarding. And I > > > succeeded in opening an 22 port on my router, also I started ssh > > > server on my home laptop. > > > > > > (suppose my username at home is USER, and my laptop is called DEBIAN) > > > > > > I did several experiment and I got confusing in some of its result. > > > > > > 1. ssh USER@DEBIAN > > > > > > works well!! > > > > > > 2. nc -vz my_home_external_ip 22 > > > [my_home_external_ip] 22 (ssh) : Connection refused > > > > > > I cant understand why is it. Because I have actually succeeded in > > > test 1! > > > > > > 3. ssh -l USER my_home_external_ip > > > ssh: connect to host my_home_external_ip port 22: Connection refused > > > This also doesnt work! I thought it should be equivalent to test 1, > > > but things just dont work. > > > > > > Any one can explain this? > > > > > > > > > > Not yet. Many commercial networks operate firewalls affecting the > > connections leaving the network so as yet you don't know which end of > > the connection has an issue. > > > > Divide the problem into two parts: the simplest way to check port > > forwarding is to use an external website from home, that way you can > > change things without travelling from your office, and you know the > > other end will have no firewall problems. > > > > A simple and slightly alarming but fairly reliable site is > > http://grc.com. Click on Shields Up!!, scroll down over halfway and > > click the heading Shields Up!, then Proceed, and Continue, then Common > > Ports (you can enter 22 manually, but the Common Ports is a quick test > > and just one click is needed). > > > > You're looking for 22 shown as Open, and probably all others as > > Stealth. Ignore all the dire warnings, this is a site for Windows users > > and they need to be scared. > > > > If 22 is not shown as Open, then you either haven't got the forwarding > > right, or sshd isn't running as you expect. If the router looks right, > > from your laptop try ssh <IP address of laptop>. This isn't the same as > > ssh localhost, as the ssh server treats different interfaces separately. > > > > If all is well at this end, but there is still a problem from your > > office, then you need to ask about outgoing firewalling there. > > > > However you resolve the initial problem, the ssh server is very heavily > > targeted by the bad guys, using password checking bots. A quick and > > dirty security measure is to forward a non-standard high numbered > > external TCP port to <laptop>:22 (nearly all routers should be able to > > do that) or to forward it to the same port of the laptop, and > > reconfigure the ssh server to listen on that port (the Port xxx line(s) > > in /etc/sshd_config). Remember to restart the ssh server if you need to > > do this. > > > > Six people will now leap in and say that's not going to improve > > security, all the bad guys have to do is run a portscan to find your > > server. However, scanning 65,000 ports of the same IP address across > > the Internet is no small undertaking, and will certainly attract > > attention, and I've never yet seen a bot attempt it. I don't get *any* > > connection attempts to my ssh port, while 22 gets 10-100 a day. > > > > The long-term solution is to disable passwords and use public-private > > key pairs for authentication, which is not really difficult, but is > > not for a complete beginner, and can certainly not be tried until you > > have the system working reliably on passwords. A quick Google for ssh > > public key tutorial turns up a vast number of sites to help with this. > > > > If you need to work from Windows, by the way, the puTTY program is > > pretty much the industry standard. There is also a Portable Apps > > version of it, which does not write anything to the Windows machine. > > > > -- > > Joe > > > > > > -- > > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > > Archive: http://lists.debian.org/20121010194427.02ca4...@jretrading.com Joe於 2012年10月11日星期四UTC+9上午3時50分02秒寫道: > On Wed, 10 Oct 2012 08:35:13 -0700 (PDT) > > houkensjtu <houkens...@gmail.com> wrote: > > > > > Hi debianer! > > > I am a newbie both of debian and networking... > > > Recently I am trying to connect my home laptop(I have a router in my > > > home) from office. I read several articles on port forwarding. And I > > > succeeded in opening an 22 port on my router, also I started ssh > > > server on my home laptop. > > > > > > (suppose my username at home is USER, and my laptop is called DEBIAN) > > > > > > I did several experiment and I got confusing in some of its result. > > > > > > 1. ssh USER@DEBIAN > > > > > > works well!! > > > > > > 2. nc -vz my_home_external_ip 22 > > > [my_home_external_ip] 22 (ssh) : Connection refused > > > > > > I cant understand why is it. Because I have actually succeeded in > > > test 1! > > > > > > 3. ssh -l USER my_home_external_ip > > > ssh: connect to host my_home_external_ip port 22: Connection refused > > > This also doesnt work! I thought it should be equivalent to test 1, > > > but things just dont work. > > > > > > Any one can explain this? > > > > > > > > > > Not yet. Many commercial networks operate firewalls affecting the > > connections leaving the network so as yet you don't know which end of > > the connection has an issue. > > > > Divide the problem into two parts: the simplest way to check port > > forwarding is to use an external website from home, that way you can > > change things without travelling from your office, and you know the > > other end will have no firewall problems. > > > > A simple and slightly alarming but fairly reliable site is > > http://grc.com. Click on Shields Up!!, scroll down over halfway and > > click the heading Shields Up!, then Proceed, and Continue, then Common > > Ports (you can enter 22 manually, but the Common Ports is a quick test > > and just one click is needed). > > > > You're looking for 22 shown as Open, and probably all others as > > Stealth. Ignore all the dire warnings, this is a site for Windows users > > and they need to be scared. > > > > If 22 is not shown as Open, then you either haven't got the forwarding > > right, or sshd isn't running as you expect. If the router looks right, > > from your laptop try ssh <IP address of laptop>. This isn't the same as > > ssh localhost, as the ssh server treats different interfaces separately. > > > > If all is well at this end, but there is still a problem from your > > office, then you need to ask about outgoing firewalling there. > > > > However you resolve the initial problem, the ssh server is very heavily > > targeted by the bad guys, using password checking bots. A quick and > > dirty security measure is to forward a non-standard high numbered > > external TCP port to <laptop>:22 (nearly all routers should be able to > > do that) or to forward it to the same port of the laptop, and > > reconfigure the ssh server to listen on that port (the Port xxx line(s) > > in /etc/sshd_config). Remember to restart the ssh server if you need to > > do this. > > > > Six people will now leap in and say that's not going to improve > > security, all the bad guys have to do is run a portscan to find your > > server. However, scanning 65,000 ports of the same IP address across > > the Internet is no small undertaking, and will certainly attract > > attention, and I've never yet seen a bot attempt it. I don't get *any* > > connection attempts to my ssh port, while 22 gets 10-100 a day. > > > > The long-term solution is to disable passwords and use public-private > > key pairs for authentication, which is not really difficult, but is > > not for a complete beginner, and can certainly not be tried until you > > have the system working reliably on passwords. A quick Google for ssh > > public key tutorial turns up a vast number of sites to help with this. > > > > If you need to work from Windows, by the way, the puTTY program is > > pretty much the industry standard. There is also a Portable Apps > > version of it, which does not write anything to the Windows machine. > > > > -- > > Joe > > > > > > -- > > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > > Archive: http://lists.debian.org/20121010194427.02ca4...@jretrading.com Joe於 2012年10月11日星期四UTC+9上午3時50分02秒寫道: > On Wed, 10 Oct 2012 08:35:13 -0700 (PDT) > > houkensjtu <houkens...@gmail.com> wrote: > > > > > Hi debianer! > > > I am a newbie both of debian and networking... > > > Recently I am trying to connect my home laptop(I have a router in my > > > home) from office. I read several articles on port forwarding. And I > > > succeeded in opening an 22 port on my router, also I started ssh > > > server on my home laptop. > > > > > > (suppose my username at home is USER, and my laptop is called DEBIAN) > > > > > > I did several experiment and I got confusing in some of its result. > > > > > > 1. ssh USER@DEBIAN > > > > > > works well!! > > > > > > 2. nc -vz my_home_external_ip 22 > > > [my_home_external_ip] 22 (ssh) : Connection refused > > > > > > I cant understand why is it. Because I have actually succeeded in > > > test 1! > > > > > > 3. ssh -l USER my_home_external_ip > > > ssh: connect to host my_home_external_ip port 22: Connection refused > > > This also doesnt work! I thought it should be equivalent to test 1, > > > but things just dont work. > > > > > > Any one can explain this? > > > > > > > > > > Not yet. Many commercial networks operate firewalls affecting the > > connections leaving the network so as yet you don't know which end of > > the connection has an issue. > > > > Divide the problem into two parts: the simplest way to check port > > forwarding is to use an external website from home, that way you can > > change things without travelling from your office, and you know the > > other end will have no firewall problems. > > > > A simple and slightly alarming but fairly reliable site is > > http://grc.com. Click on Shields Up!!, scroll down over halfway and > > click the heading Shields Up!, then Proceed, and Continue, then Common > > Ports (you can enter 22 manually, but the Common Ports is a quick test > > and just one click is needed). > > > > You're looking for 22 shown as Open, and probably all others as > > Stealth. Ignore all the dire warnings, this is a site for Windows users > > and they need to be scared. > > > > If 22 is not shown as Open, then you either haven't got the forwarding > > right, or sshd isn't running as you expect. If the router looks right, > > from your laptop try ssh <IP address of laptop>. This isn't the same as > > ssh localhost, as the ssh server treats different interfaces separately. > > > > If all is well at this end, but there is still a problem from your > > office, then you need to ask about outgoing firewalling there. > > > > However you resolve the initial problem, the ssh server is very heavily > > targeted by the bad guys, using password checking bots. A quick and > > dirty security measure is to forward a non-standard high numbered > > external TCP port to <laptop>:22 (nearly all routers should be able to > > do that) or to forward it to the same port of the laptop, and > > reconfigure the ssh server to listen on that port (the Port xxx line(s) > > in /etc/sshd_config). Remember to restart the ssh server if you need to > > do this. > > > > Six people will now leap in and say that's not going to improve > > security, all the bad guys have to do is run a portscan to find your > > server. However, scanning 65,000 ports of the same IP address across > > the Internet is no small undertaking, and will certainly attract > > attention, and I've never yet seen a bot attempt it. I don't get *any* > > connection attempts to my ssh port, while 22 gets 10-100 a day. > > > > The long-term solution is to disable passwords and use public-private > > key pairs for authentication, which is not really difficult, but is > > not for a complete beginner, and can certainly not be tried until you > > have the system working reliably on passwords. A quick Google for ssh > > public key tutorial turns up a vast number of sites to help with this. > > > > If you need to work from Windows, by the way, the puTTY program is > > pretty much the industry standard. There is also a Portable Apps > > version of it, which does not write anything to the Windows machine. > > > > -- > > Joe > > > > > > -- > > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > > Archive: http://lists.debian.org/20121010194427.02ca4...@jretrading.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/3e7d9081-b3cb-4a05-8144-32f54531e...@googlegroups.com
