[X-Unix] SSH connection

William H. Magill magill at mcgillsociety.org
Wed Dec 7 19:38:26 PST 2005 

On 07 Dec, 2005, at 22:24, SeaSoft Systems wrote:
>> From: Ted <tlanden at mac.com>
>>
>> Firewall on ibook needs to be open...
>>
>> System Preferences - Sharing - Firewall tab ... Check Remote Login-
>> SSH and click start.
>>
>>
>
> Thanks Ted, but that didn't help. I've now tried it both ways  
> (ibook firewall on *and*  off) with the same result ("connect to  
> host xxx.xxx.xxx.xxx port 22: Connection refused")
>
> As an aside: What you say is a little counterintuitive to me; it  
> would seem to imply that if the OSX ibook firewall is *off* that  
> the system would block some ports, at the very least port 22. Is  
> that actually the case? I would have thought that if the firewall  
> was off that everything would get in.

Yes but no.

There are two components.

Component 1 -- Sharing/Services is used to enable the daemon which  
will listen for any selected service. If "Remote Login" is NOT  
checked you will never connect because nobody is listening. (She  
could ssh out, as YOUR daemon is the one which would be listening.)

Component 2 -- Sharing/Firewall is a separate activity. If the  
Firewall is ON, then "remote login" needs to be checked to allow  
access on port 22. If the Firewall is "OFF" then there is no  
intervention by the local host.

However, as another said, her ISP could easily be blocking any access  
on port 22.

Many ISPs are finally taking the same approach to security which  
Apple takes with OS X.
They lock it down as tightly as possible when it ships.

The assumption is that if "grandma-user" knows enough to "need" some  
particular kind of access, "She will know enough to know what she  
needs to get that access." Otherwise, she is protected from being  
exposed to something she knows nothing about.

The Message "port 22: Connection refused" has nothing to do with  
either the password or userid involved. The rejection is occurring at  
some point in the process where port 22 is being passed -- could be a  
router, could be a host computer.

Note that I said router here, not server. There is no server  
involved. (A router could be a switch, but the effect is the same.)

T.T.F.N.
William H. Magill
# Beige G3 [Rev A motherboard - 300 MHz 768 Meg] OS X 10.2.8
# Flat-panel iMac (2.1) [800MHz - Super Drive - 768 Meg] OS X 10.4.1
# PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg] Tru64 5.1a
# XP1000  [Alpha 21264-3 (EV6) - 256 meg] FreeBSD 5.3
# XP1000  [Alpha 21264-A (EV 6.7) - 384 meg] FreeBSD 5.3
magill at mcgillsociety.org
magill at acm.org
magill at mac.com
whmagill at gmail.com

More information about the X-Unix mailing list