The typical /etc/hosts in Debian-based distributions places host and alias entries in the wrong order. Replace the 127.0.0.1 loopback address localhost and machine entry names with something in this format:
and add this entry (substitute whatever IP address your router actually uses on the network.)
192.168.1.1 router
Don't change anything else. While the router entry probably isn't really necessary, if you have to use nmap to troubleshoot the network, it will save you trouble if nmap will provide you with information about what it thinks your router is doing.
A good command for nmap ssh troubleshooting:
$ nmap -p 54321 --open -sV 192.168.1.1/24
change the numeric IP to match your LAN router if need be and 54321=whatever port you actually set ssh to.
If you don't have nmap installed, install it:# aptitude install nmap
These should be the only user entries in the file.
ALL: LOCAL @192.0.0.1/24
ALL: sshd
If your LAN runs a different IP range, use that in place of the numeric IP in the LOCAL entry.
/etc/hosts.deny
Remember that any unsuccessful SSH connection attempt will result in the entry for the computer you are trying to legitimately connect from added to the ";forbidden hosts" list which is what hosts.deny is, which will have frustrating results. I recommend renaming the file to /etc/hosts.deny-temp and recreating the file afterwards. (see below) If you find localhost or 127.0.0.1 or anything else you know to be a legitimate connection in this file, delete the entries. If you find any entries for off-system connections you didn't put there, that's what the file is for, leave them in.
Once you've finished, restart networking by:
# /etc/init.d/networking restart
That's all for today-- come back next Monday to learn how to set up secure Internet access even with dynamic IP addresses, and how to set up NX Server.
