Debian Configuration :: How To Show Active Ssh Tunnel Connections
Apr 23, 2011
My Debian server is used by people to set up ssh-tunnels for use as a local proxy ( on their remote machines).Since only the tunnel is setup, and no shell is used, I can't use "who" to see which users have an active ssh-tunnel on my server, but I would like to have an idea about who is active etc. I think I should be able to determine this from the auth.log file, but then I would have to use some script to determine what connection is still active. Is there an easy way to see what users have active ssh-tunnels on my Debian server at any given moment?
Unfortunately I have followed a misleading guide to set ssh and scp in order not to supply password everytime and...I messed up my ssh/scp settings as it does not work anymore.Well, in my attempt:
I moved to Code: Select allcd ~/.ssh then I created a rsa key Code: Select allssh-keygen -t rsa
Then I tried tunnelling and...it didn't work. So, ok, I tried to recover previous settings erasing all the items in the folder ~/ .ssh/. After I tried copying a file with the "usual" command that used to work before (i.e. scp file user-id@server) and...I've found out it does not work anymore!
I get this error message: ssh_exchange_identification: Connection closed by remote host
We have an Apache Subversion (http) server for hosting our codes, and, for the 3 next month, we are behind a DSL connection (max upload 100 kB/s).
When a remote co-worker try to download a new fresh copy of our projects on his computer directly over http, the transfer goes fine : with a bandwidth monitor (gnome-system-monitor or bwm-ng) we can see that the server is trying to send ~95kB/s and the connection remains usable for others task in parallel (just a bit slower, which is normal).
But : when the remote co-worker is connected through SSH to this server, and uses tunneling to communicate with Apache Subversion, the server is sending more than 200kB/s : the connection is not usable for other tasks during the transfer as with ~102kB/s actually transferred through the DSL Line, it's completely congested and more than fifty percents of the packets are lost.
I think that I understand why : TCP/IP auto-detects the max amount of successfully transmitted bytes per second, and try not send more than this maximum value.
When the Apache server is connected to the local instance of openssh-server through localhost, packets are transmitted successfully between them. Only after, openssh-server try to send it to the client (and should retry if it's not successfull) but during that time, Apache is already giving the next one... giving this saturation effect (Apache is not aware of the saturation, or at least, not enough)
I installed the PPTP Client [URL] and can successfully connect to my VPN (creates interface ppp0). The problem is, I'm trying to tunnel all of my traffic on my system through the connection. I've seen conflicting howtos and scripts including pptpclient's documentation (the ip-up and ip-down scripts don't work). How does one simply (even if I type it manually) tunnel the traffic?
System Info: OS: Debian Squeeze, Kernel 2.6.32-5-686 GUI: Gnome (standard one from netisnt unstable install) Main interface: eth1 PPTP interface: ppp0
I currently run openVPN on my Debian box that provides secure ipv4 routing from my laptop to my VPS in a different country (and from there the internet via this box). This works fine. However, id like to sort out ipv6 through this VPN as well as IPV4 and not overly sure how to do it. The remote server itself has native ipv6 configured on device eth0 and it works (ping6, traceroutes all fine,incoming to web servers etc) nicely on dual stack.
How would i go about modifying the config (both client and server if needed) to enable openVPN to act as a tunnel broker to enable the laptop to use the ipv6 through the server as well as the old v4? (the internet connection laptop end will not/does not have native ipv6 from the ISP. Currently im using he-net tunnel broker but id like to run myself through my existing openVPN). VPN config details: Its using UDP, port 1194, creates a TUN interface, redirect-gateway etc and the rest is normal config. Edit:- if it matters the clients are all running windows so i cant use sh scripts to set up stuff client end.
I've just started experimenting with SSH tunnels. I wanted a way to connect to MySQL on our website VPS but wanted the connection encrypted rather than just using PHP's mysql_connect() function and connecting to the remote IP. This seems to be working great. I'm also looking into autossh to make sure that the tunnel gets reconnected when it drops.is there a command/utility that can list the currently active SSH tunnels? Be great if there was a way of terminating an active tunnel through a command as well. Or is it a case of manually digging through the process list and killing the specific PID like I have been?
I just did an apt upgrade and for the most part everything is looking good. However when I boot up I have no network connection. Here is the result of trying to ping google: connect: Network is unreachable
I can fix it easily with a simple sudo dhclient eth0 but I was hoping someone would be able to suggest a more correct and less annoying solution. I have uninstalled network manager. This is a desktop computer with an ethernet connection and DHCP. I do not need anything fancy.
I have ssh installed and running on my laptop(Debian Sequeeze). I can run "ssh localhost" without any problem. But for some reason I cannot connect to it from other computers. They all give "connection timed out". I can connect to these computers`s ssh servers but for some reason my laptop with Debian is not accepting any connections.
I bought a bluetooth pen, I connect it via USB, my bluetooth connection is active but I can't find other therminals, and my debian machine it isn't visible to other terminals.
It seems that my bluetooth connection works, but it can't pair other terminals. I want to connect bluetooth speaker, but it seems impossible.
I'm trying to setup VNC on our debian server so the boss can remotely do admin stuff from anywhere in the world. the first step is getting it working from anywhere in the room, though. And I can't even seem to get that far.
So far I have a VNC server setup, although not without problems. I downloaded and installed vnc from the vnc site, that wouldn't work because trying to start a vnc server gave this error: "error while loading shared libraries: libstdc++-libc6.2-2.so.3: cannot open shared object file: No such file or directory"
There are lots of results on google for this error, and the solution everywhere seems to be the same. to install the package: libstdc++2.10-glibc2.2
However, trying to install this package in debian fails. both using apt-get and trying to manually download it from packages.debian.org it just doesn't seem to exist.
I've tried tightvnc from the official repositories and it gives the same error, too.
The way I got around that eventually, thanks to another tutorial, was to install the package vnc4server. then run vnc4passwd to create a password. and after that vncserver works fine, or seems to. Creates display 1.
Now, when I'm trying to connect to hostname:1 from another computer in the LAN. It gives error 10061, connection refused. I installed the debian and I don't recall setting it up to refuse connections on port 1. Is there anything I should check or change to allow the connection, or any log file in debian to check and see what's going wrong?
I'm also trying connecting internally via client on the debian machine, but I can't runvncviewer. I get the same missing shared library error as before. I guess I just worked around, not solved it.
I also can't access it with the java viewer. Trying to connect on port 5801 either from the server itself, or from another one on the lan, tells me it's refusing the connection.
To be clear, I'm certain that the vnc server is started. We have working DNS, and trying to connect directly to the internal IP:1 doesn't work either.
I've been working on building an LTSP server for diskless booting. I have a tftp server that's booting the system. I followed the steps on [URL] .... to build the LTSP server.
I had to make one change from the guide. I have a cisco router that's acting as the DHCP, I'm not very familiar with Cisco IOS so instead of playing with that, I decided to modify the default file on the PXE.
I commented the kernel append line and added the following instead
I'm mounting the nfs as a rw file system for now. I'm planning to make it read only once I have it working the way I want. In addition to this, I also chroot into the LTSP root and installed lightdm + mate. As I understood what I read, this would boot the environment on the diskless system. All of this seem to work correctly.
What I need to do next is to find a way to setup the LTSP clients to log in by authenticating on the active directory. I understand that the login account used by the LTSP client has to exist on the LTSP server.
I have successfully added the LTSP server as a worksation within the windows domain and I can log into domain accounts from the LTSP server but domain credentials do not work when using an LTSP client, I can only log in if I use an account that exists on the LTSP server. I wanted to know if there is a way to accomplish AD authentication.
Do I have to build an LDAP server on the LTSP server, sync accounts with the Active Directory to be able to log in with AD credentials?
I followed these steps to add a client to my active directory domain, everything is working as expected except that when a username has whitespace it creates a directory in /home with whitespace and gconf fail to access his config dir in the user's home. KDE also fails to start but I don't know what's failing yet. I found that the easiest way to fix these issues is to replace whitespaces by underline in homepaths so I changed the pam_mkhomedir source to replace the whitespaces and save it using the usermod command. It should work but is not... the reason is that I can't change the user data using the usermod because domain users are not in /etc/passwd.
A little background: CCNA and A+ I have preformed this task on Cisco routers Linux for 5+ years, mostly with Debian (mostly casual, a few production situations) I need to setup a linux box with Load Balancing over a cable line 8mb down, 1mb up connection and a T1 line. If this isn't possible, at the very least I need Failover (which I have admittedly not researched as fully.) I know Failover is possible, but I would really love to double my upload bandwidth as we host a small website here. Is load balancing over uneven connections possible on Debian?
Side question: If I host a website, when users connect and get responses over 2 Public IP's, what would be the reaction on the users side? Would it get filtered and or blocked by a firewall?
I'm trying to bridge connections between a wired and a wireless connection in one of my computers. I was told it was impossible due to low-level limitations in the wireless subsystem, but apparently theres a way if you somehow forward packets from one port to the other. Is there a way I can achieve this?
I have exim setup on squeeze to run as an "internet site". Outgoing mail works fine but it seems to just ignore incoming smtp requests on port 25. I can see the incoming connection via tcpdump but exim doesn't seem to talk. If I connect via telnet it rather quickly says connection refused. Is there something additional I need in the Exim conf?
I am programming on Linux middleware so I need to get a list of all active TCP connections. Is there any API to get such information? I know I can find the connections in /proc/net/tcp, but how to find the PIDs? Apparently ps or netstat command is not an option since it is a middleware.
I've created VPN server(PoPToP version 1.3.3) using webmin and all clients are connected successfully. I want to check "current active connections" from CLI(command line interface). what is the command to list all active connections.
I am running Firestarter on Ubuntu 9.10 64 bit. I have noticed several times that after closing all web apps (Firefox, Thunderbird) that some entries remain under the heading "Active connections" on the Firestarter "Status" tab. Often these show no source program. Currently I have 2 showing which show Firefox as the source. These persist after Firefox is shut down. I have verified that no Firfox process is running. And both of the IPs point to google.I have Disconnected eht0 and they still show. I have logged out and back in and they still show. I must reboot the machine to make these entries go away. Which makes me think perhaps this is a bug in Firestarter(?) Is there another way I can identify truly active connections?
I just installed Debian and am getting a problem where I can't open the list of network connections. I can use the network manager applet to connect to wireless networks, but I cannot access the network connections list from there either (right click "edit connections)
I'm not incredibly knowledgeable with Linux, but I tried a few simple things I could think of like reinstalling the packages, or restarting the interfaces. (ifdown/up wlan0)
It's strange, because when I click "network connections," I see it show up for a second on the bottom panel, I get some rotating mouse icon while I wait a few seconds and then if goes away. Is there some kind of logfile that could help me identify the problem?
Using Debian 6 on eeePC1000HEB with Ath9k (i think) wireless card. Net Interface: wlan0
I am still a noob with linux and debian in particular. I do some android development so through that I have learned a little bit about linux but only the basic command prompt commands and the basics of how linux works and such.Anyways, I was looking around on the forum and on other forums and I couldn't find any helpful information about how to set up wireless connections (such as wifi) on debian. When I installed debian on my computer it asked me for the ipw2200 files and I didn't have them at the time but now I have the latest framework files for that, I don't really know how to install them and after I install them I don't know how to turn on my wireless connections from there.
I am really sorry if someone already made a post on this subject and I am just too clutzy to find it, if that's the case please just post the link to that thread for me cause I'm dumb as crap.So basically the main problem I am trying to fix right now is that I cannot get my internet to work on my old dell inspiron 6000 laptop which I am trying to get to run debian.
On every machine that SSHes in, the connection gets dropped randomly between immediately, and 30 minutes into the session, while the user is actively using the remote system (typing, etc). Before, during and after the disconnection, the system responds to pings regularly (0% packet loss).It takes about 5-10 minutes before I can make an SSH connection again.I have tried restarting SSH on the server and rebooting the server. I even removed and reinstalled sshd and it is still happening.What might be causing these random disconnects and how might I solve this?
When I typed netstat -lna, the output: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:580 0.0.0.0:* LISTEN ... ...
Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node unix 2 [ ACC ] STREAM LISTENING 23581 ... ...
Can anyone explain to me: 1. What is "Active Internet connections" & "Active UNIX domain sockets"? 2. What is unix Proto? 3. Difference between LISTEN and LISTENING state.
I've been trying to setup Plymouth on Debian Squeeze, but have only been partially successful: Plymouth works with shutdown (i.e. I see Plymouth after I tell the computer to shut down), but not when I start up my computer (before it reaches GDM). In other words, Plymouth seems to work with my graphics, but for some reason does not show up at startup (not even briefly, as far as I can tell). I've searched the forums and followed this advice, as well as the instructions found here: [URL] but neither of those worked. I'm running Debian Testing (Squeeze) on a Thinkpad X41, which uses "Intel Corporation Mobile 915GM/GMS/910GML Express Graphics Controller" for graphics.
Daily updated Debian Testing Because Debian is the only operating system on this laptop and I keep at least two working kernels, I would like to hide Grub2's menu unless I press a key (like one could do with Grub). I can hide the menu if the line GRUB_TIMEOUT=0 is in /etc/default/grub but it doesn't appear after pressing SHIFT, which is a threat if the system cannot boot the selected kernel. Right now, the timeout is set to one second. I've read Grub2's documentation and [URL] and tried various combinations, but I haven't been able to make this work.