[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] can't ssh into server




Christopher Johnson wrote:
Petre Scheie wrote:

I did that, actually, and yes, sshd is running.

Petre

Martin Stevens wrote:

ps -A | grep ssh

On Mon, 2003-10-13 at 16:51, Petre Scheie wrote:

I installed k12ltsp ver. 3.1.1 on a new server this weekend. During the installation, I chose the Medium security level and told it to allow incoming ssh, http and mail connections. The installation went fine, but I couldn't ssh into the server from another box. I could ssh into the box from itself, which tells me that sshd is running and accepting connections, just not from outside itself. So, I logged in as root, chose Security Settings from the menu, and just turned off the firewall. No joy, still couldn't ssh in. But I didn't like not having an firewalling, so I set it back to Medium. But now the clients stopped stopped booting; I think they were not getting an IP address from the dhcp. Logged in on the console as root, and noticed on the firewall settings that allowing incoming dhcp connections was not checked, so I toggled it on, but still the clients wouldn't boot. So, I turned the firewall off, and now the clients boot, but I have no firewall, and I *still* can't ssh into the box. I assume the Security Settings/Firewall GUI is just a front-end to the iptables rules, but perhaps not, as I don't seem to be getting what I expect when I make changes in the GUI. Any suggestions?

Petre

Yes. It would be worth taking a look at the actual iptables rules. Please attach /etc/sysconfig/iptables and we can suggest changes.

Sorry, forgot to bottom-post (I prefer top-posts, but we've been through all that)

Now isn't that puzzling: There is no iptables file in /etc/sysconfig, nor even an ipchains file.

I fooled around with it a bit more last night: Using the Security Settings GUI, if I turn the firewall off, then I can ssh into the box and thin clients can connect and boot. However, if I turn the firewall on, and using the Custom settings I allow incoming ssh, dhcp, www, and mail, I can still ssh into the box, but the thin clients seem to fail at the tftp stage; that is, they get an IP address, but then stall when downloading the kernel. To add insult to injury, Red Hat seems to have dumbed-down the Security Setting GUI in the change from 8 to 9: I'm running k12ltsp version 3.0.1, which is based on RH8, here at work, while at home (where I'm having the problem) I'm running k12ltsp ver. 3.1.1 which is RH9-based. On RH8, the Security Setting GUI has an additional field for allowing you to define specific ports for allowed connections; on RH9, there are just the five or six services like ssh, http, etc., listed, but no option for allowing specific ports to be open. In my case, I suspect that I need to allow connections to port 69 for tftp, but the ftp option in the GUI refers only to ports 20 and 21.

Turning the firewall on & off via the GUI does have an effect, so I'd think that would mean there's an iptables config file somewhere. 'locate' only finds things like the /lib/iptables/ directory and /sbin/iptables binary.

Petre






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]