Hello i have setup my system using the ubuntu ispconfig guide and was testing out some of the apps. When i connect to ssh useing putty a command window pops up with out me having to enter any password. Althrough i cant enter any commands it just sits there. How can i fix this problem?

Is there a command prompt in the window or does the window times out with a connection error after some minutes?

I enter in the ip of my server and click connect then a back window with a green cursor shows up in the right corner of the screen. i cant type in any commands and it will just sit there. so what is going on?

Please post the output of netstat -tap from your server.

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.localdo:32769 *:* LISTEN -
tcp 0 0 localhost.localdo:32770 *:* LISTEN -
tcp 0 0 localhost.localdo:mysql *:* LISTEN -
tcp 0 0 *:netbios-ssn *:* LISTEN -
tcp 0 0 *:81 *:* LISTEN -
tcp 0 0 localhost.localdom:7634 *:* LISTEN -
tcp 0 0 *:ftp *:* LISTEN -
tcp 0 0 monitorwaves.no-:domain *:* LISTEN -
tcp 0 0 localhost.locald:domain *:* LISTEN -
tcp 0 0 localhost.localdoma:ipp *:* LISTEN -
tcp 0 0 localhost.localdoma:953 *:* LISTEN -
tcp 0 0 *:smtp *:* LISTEN -
tcp 0 0 *:microsoft-ds *:* LISTEN -
tcp 0 0 monitorwaves.no-i:42405 66.117.38.132:20046 TIME_WAIT -
tcp 0 0 monitorwaves.no-i:53088 209.50.189.200:www ESTABLISHED13186/firefox-bin
tcp 0 0 localhost.localdoma:ipp localhost.localdo:58372 ESTABLISHED-
tcp 0 0 monitorwaves.no-i:43849 72.14.219.104:www ESTABLISHED13186/firefox-bin
tcp 1 0 localhost.localdo:53272 localhost.localdoma:ipp CLOSE_WAIT -
tcp 0 0 monitorwaves.no-i:44877 64.233.179.99:www ESTABLISHED13186/firefox-bin
tcp 0 0 localhost.localdo:35295 localhost.localdo:32769 ESTABLISHED-
tcp 1 0 localhost.localdo:40186 localhost.localdoma:ipp CLOSE_WAIT -
tcp 0 0 localhost.localdo:58372 localhost.localdoma:ipp ESTABLISHED7989/gnome-cups-ico
tcp 0 0 monitorwaves.no-i:48062 63.236.80.73:www TIME_WAIT -
tcp 0 0 localhost.localdo:32769 localhost.localdo:35295 ESTABLISHED-
tcp6 0 0 *:imaps *:* LISTEN -
tcp6 0 0 *:pop3s *:* LISTEN -
tcp6 0 0 *:pop3 *:* LISTEN -
tcp6 0 0 *:imap2 *:* LISTEN -
tcp6 0 0 *:www *:* LISTEN -
tcp6 0 0 *:tproxy *:* LISTEN -
tcp6 0 0 *:ssh *:* LISTEN -
tcp6 0 0 ip6-localhost:953 *:* LISTEN -
tcp6 0 0 *:https *:* LISTEN -
admin@monitorwaves:~$

ok for some reson out of the blue my website stoped working! i have not changed any thing.

this is what i get when trying to view the page!

Your browser sent a request that this server could not understand.

Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

and now when i try connecting to the ssh i get a user name login

have i been hacked? :(

You can scan your system for rootkits/trojans, etc. like this: http://www.howtoforge.com/faq/1_38_en.html

Ok once i get home i will install the software and have a scan.

Its weird when i got home my site was down and i tryed a ssh login and when i did i get the UserLogin:_________ which i did not enter any information in cause it was some kind of hack. I have rewritten the ssh keys and it the site is back up again, but now i dont get the UserLogin:_______ when i try to connect via ssh. So how can i fix the problem?

Do you work with preshared SSH kys or with username / password login? If you installed preshared keys, there will be no login prompt.

My web server was working when i was at school but now it again was stoped. I have not changed any settings since it was working last. I have also scanned my system here is my out put.


* Check: SSH
Searching for sshd_config...
Found /etc/ssh/sshd_config
Checking for allowed root login... Watch out Root login possible. Possible risk!
info: PermitRootLogin yes
Hint: See logfile for more information about this issue
Checking for allowed protocols... [ OK (Only SSH2 allowed) ]
* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning! ]
Checking boot.local/rc.local file...
- /etc/rc.local [ Not found ]
- /etc/rc.d/rc.local [ Not found ]
- /usr/local/etc/rc.local [ Not found ]
- /usr/local/etc/rc.d/rc.local [ Not found ]
- /etc/conf.d/local.start [ Not found ]
- /etc/init.d/boot.local [ Not found ]
Checking rc.d files... [ Not found ]

How can i fix the ssh problems? And are there any howtos on setting up snort?

What's in /etc/ssh/sshd_config?

I have regenerated my openssl keys and tryed a ispconfig restart because it worked for my yesterday morning but not i am still having the same problem so how can i get my web server work.

from the server i am geting the message object not found but i have checked and i know it is there. also some times a get a different message when i try to connected over the internet so here is the address plz tell me what you get. http://www.monitorwaves.webhop.org/


# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes


# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

I have changed loginroot from yes to no are there any other changes you think i should make?

from the server i am geting the message object not found but i have checked and i know it is there. also some times a get a different message when i try to connected over the internet so here is the address plz tell me what you get. http://www.monitorwaves.webhop.org/
This site is working for me, I don't see any errors.




# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes


# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

I have changed loginroot from yes to no are there any other changes you think i should make?
Please add
PasswordAuthentication no
if you want to use usernames and passwords to login. Restart SSH afterwards: /etc/init.d/ssh restart

well here is what i am getting

http://img95.imageshack.us/my.php?image=screenshot4tq.png
http://img95.imageshack.us/my.php?image=screenshot11fz.png

so what is that about? I have never had it do this to me.

I found this forum were the guy is having the same exact problem as i am but mine was working fine and then if just stoped. He fixed his by restarting which i have dont but does not help what or my other options for fixing this proble?

http://www.howtoforge.com/forums/showthread.php?t=761

Are you talking about SSH or about the ISPConfig web interface.

When I use http://monitorwaves.no-ip.org:81/, I see your normal web page. :confused: Looks like some major misconfiguration...

I can login to the ispconfig page just fine but i can not see the normal page from the server. When i try to see if over the net or from a nother computer on my lan i works. What misconfigurations are you talking about?

I can login to the ispconfig page just fine but i can not see the normal page from the server. When i try to see if over the net or from a nother computer on my lan i works. What misconfigurations are you talking about?

I guess you checked twice that port 80 is forwarded correctly from your router to your server?

Have you checked that your internet service provider does not block port 80?

I enter in the ip of my server and click connect then a back window with a green cursor shows up in the right corner of the screen. i cant type in any commands and it will just sit there. so what is going on?
We use Putty at my work and quite often get this, it's just a case of closing the window and trying to connect again (it's the connection failing/timing out).

i have properly cofigured my router for the port. I have setup a DNS name for the server which is monitorwaves.no-ip.org and i have setup a webhop which redirects the dns like monitorwaves.no-ip.org:8081 www.monitorwaves.webhop.org . My isp does block port 80 that is why i use 8081 but when i first setup my server i had it running just fine over the net and my lan for about 3 weeks. As you can see from my screen shots that it is not working propery from my server computer (i cant view the page from the server comuter) but it does work over my lan and the net. So what i am asking is how can i view my normal website from my server computer like i use to be able to do. Thanks

Aiken thanks for trying to help me out with my ssh but i have recently found out that my school has bocked port 443 so no one on our lan can connect to any ssh sites because kids were useing ssh as a tunnel for there proxys :(

Here are some more screenshots:
http://img240.imageshack.us/my.php?image=screenshot2dp.png My site working through a proxy
http://img46.imageshack.us/my.php?image=screenshot10ci.png trying a direct connect not working

Is your server's IP address 70.34.184.212?

Yes thats right my ip is 70.34.184.212

Here are some more screenshots:
http://img240.imageshack.us/my.php?image=screenshot2dp.png My site working through a proxy
http://img46.imageshack.us/my.php?image=screenshot10ci.png trying a direct connect not working
It looks like there's something in you http config file that's telling the server to treat local requests differently from remote requests. Can you post details of the conf file?

If you ping the domain from the server and from another computer on the lan is the ip addresses it resolve to in each case the same? If not then it's most likely some virtual hosts setting that is treating requests to those ip addresses differently.

What happens if you try accessing that page from the server using https?

Here is my http.conf file /etc/apache2/http.conf

# This is here for backwards compatability reasons and to support
# installing 3rd party modules directly via apxs2, rather than
# through the /etc/apache2/mods-{available,enabled} mechanism.
#
#LoadModule mod_placeholder /usr/lib/apache2/modules/mod_pl

Kind of strang

Can anyone help me fix this?

http://monitorwaves.no-ip.org:81/ is working for me so I guess it must a misconfiguration of your router/whatever...

I did not change any setting on my router and you can see from my screenshots that it's not working for me so please some one help me. :(

Try updating it with some open source firmware... that helped me fix a problem like that.... (google it)

Oh as a warning that voids you're warrenty so be careful

I dont think firmware will help fix this problem. It was working fine and then just stoped.

Do you remember changing anything right before it stopped working?

No i had not changed any thing thats what is so strange about the problem