iptables (Re: Connection Refused on ssh)

John J. Boyer director at chpi.org
Fri Oct 8 19:30:10 UTC 2004 

Janina,

Turning off iptables at least produced a change. Now it says "Permission 
denied: PublicKey/interactive. The -v option prints out a lot of messages, 
but nothing that seems particularly enlightening, excebpt that it is 
definitely accessing the user directory on the target machine.

Thanks,
John


On Fri, 8 Oct 2004, Janina Sajka wrote:

> Yes, but you still haven't shown us anything that confirms whether (or
> not) sshd is actually running.
> 
> I've suggested nmap (which is installed with a Fedora or Redhat
> "everything" install). Others have suggested more primitive strategies,
> such as looking for pidof sshd, or telnet [address] 22, which also
> works.
> 
> Is there actually an sshd listening at that machine/s address, whatever
> it happens to be?
> 
> PS: To get iptables out of the way (certainly an important thing when
> debugging) do:
> 
> service iptables stop
> 
> John J. Boyer writes:
> > John,
> > 
> > I really think the problem may be with iptables. We've eliminated just
> > about everything else. H?owever, there is no ma pagel for netconfig, and
> > when I tried running it, I wasn't sure what to do. Really, all I need is
> > to let one IP address use ssh. There is a man mage for iptables, but it
> > looks so complicated that I wouldn't want to mess with it unless I knew
> > exactly what I was doing.
> > 
> > Thanks,
> > John
> > 
> > 
> > On Fri, 8 Oct 2004, John Heim wrote:
> > 
> > > At 11:22 AM 10/7/2004, Mike Gorse you wrote:
> > > >Also, are you sure that sshd is running on the machine (ie, pidof sshd 
> > > >returns something)?  If so, then try using ipchains or iptables to make 
> > > >sure it isn't being firewalled.  At one point we had a RH box at work on 
> > > >which I was trying to enable ssh, but the person who installed rh had 
> > > >selected an option for a firewall, so I wound up needing to edit a file in 
> > > >/etc/sysconfig (the file did say that manually editing it was not 
> > > >recommended, but it didn't say how I was supposed to edit it if not 
> > > >manually) to tell it to accept connections on port 22 as it did for 23 and 
> > > >others.
> > > 
> > > 
> > > You can run  netconfig. It would allow you to allow ssh connections through 
> > > your firewall. When you exit, it saves it's settings in 
> > > /etc/sysconfig/iptables. That file is the one that says you shouldn't edit 
> > > it manually.
> > > 
> > > That netconfig program is pretty limited in what it can do.   And the file 
> > > it creates has the same format as iptables-save.  So what you can do is 
> > > issue iptables commands until you've got your firewall configured just the 
> > > way you want it thand do this:
> > > 
> > > $ iptables-save > /etc/sysconfig/iptables
> > > 
> > > The next time you reboot, your firewall will be just like it was when you 
> > > issued the above command.
> > > 
> > > 
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > Blinux-list mailing list
> > > Blinux-list at redhat.com
> > > https://www.redhat.com/mailman/listinfo/blinux-list
> > > 
> > 
> > -- 
> > John J. Boyer; Executive Director, Chief Software Developer
> > Computers to Help People, Inc.
> > http://www.chpi.org
> > 825 East Johnson; Madison, WI 53703
> > 
> > 
> > _______________________________________________
> > Blinux-list mailing list
> > Blinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/blinux-list
> 
> 

-- 
John J. Boyer; Executive Director, Chief Software Developer
Computers to Help People, Inc.
http://www.chpi.org
825 East Johnson; Madison, WI 53703

More information about the Blinux-list mailing list