iptables (Re: Connection Refused on ssh)
John J. Boyer
director at chpi.org
Fri Oct 8 19:30:10 UTC 2004
Janina,
Turning off iptables at least produced a change. Now it says "Permission
denied: PublicKey/interactive. The -v option prints out a lot of messages,
but nothing that seems particularly enlightening, excebpt that it is
definitely accessing the user directory on the target machine.
Thanks,
John
On Fri, 8 Oct 2004, Janina Sajka wrote:
> Yes, but you still haven't shown us anything that confirms whether (or
> not) sshd is actually running.
>
> I've suggested nmap (which is installed with a Fedora or Redhat
> "everything" install). Others have suggested more primitive strategies,
> such as looking for pidof sshd, or telnet [address] 22, which also
> works.
>
> Is there actually an sshd listening at that machine/s address, whatever
> it happens to be?
>
> PS: To get iptables out of the way (certainly an important thing when
> debugging) do:
>
> service iptables stop
>
> John J. Boyer writes:
> > John,
> >
> > I really think the problem may be with iptables. We've eliminated just
> > about everything else. H?owever, there is no ma pagel for netconfig, and
> > when I tried running it, I wasn't sure what to do. Really, all I need is
> > to let one IP address use ssh. There is a man mage for iptables, but it
> > looks so complicated that I wouldn't want to mess with it unless I knew
> > exactly what I was doing.
> >
> > Thanks,
> > John
> >
> >
> > On Fri, 8 Oct 2004, John Heim wrote:
> >
> > > At 11:22 AM 10/7/2004, Mike Gorse you wrote:
> > > >Also, are you sure that sshd is running on the machine (ie, pidof sshd
> > > >returns something)? If so, then try using ipchains or iptables to make
> > > >sure it isn't being firewalled. At one point we had a RH box at work on
> > > >which I was trying to enable ssh, but the person who installed rh had
> > > >selected an option for a firewall, so I wound up needing to edit a file in
> > > >/etc/sysconfig (the file did say that manually editing it was not
> > > >recommended, but it didn't say how I was supposed to edit it if not
> > > >manually) to tell it to accept connections on port 22 as it did for 23 and
> > > >others.
> > >
> > >
> > > You can run netconfig. It would allow you to allow ssh connections through
> > > your firewall. When you exit, it saves it's settings in
> > > /etc/sysconfig/iptables. That file is the one that says you shouldn't edit
> > > it manually.
> > >
> > > That netconfig program is pretty limited in what it can do. And the file
> > > it creates has the same format as iptables-save. So what you can do is
> > > issue iptables commands until you've got your firewall configured just the
> > > way you want it thand do this:
> > >
> > > $ iptables-save > /etc/sysconfig/iptables
> > >
> > > The next time you reboot, your firewall will be just like it was when you
> > > issued the above command.
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Blinux-list mailing list
> > > Blinux-list at redhat.com
> > > https://www.redhat.com/mailman/listinfo/blinux-list
> > >
> >
> > --
> > John J. Boyer; Executive Director, Chief Software Developer
> > Computers to Help People, Inc.
> > http://www.chpi.org
> > 825 East Johnson; Madison, WI 53703
> >
> >
> > _______________________________________________
> > Blinux-list mailing list
> > Blinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/blinux-list
>
>
--
John J. Boyer; Executive Director, Chief Software Developer
Computers to Help People, Inc.
http://www.chpi.org
825 East Johnson; Madison, WI 53703
More information about the Blinux-list
mailing list