New FC2 not allowing ssh connections
Bob McClure Jr
robertmcclure at earthlink.net
Sun Nov 14 02:43:10 UTC 2004
On Sat, Nov 13, 2004 at 02:27:31PM -0800, Mark Knecht wrote:
> On Sat, 13 Nov 2004 14:22:28 -0600, Bob McClure Jr
> <robertmcclure at earthlink.net> wrote:
> > On Sat, Nov 13, 2004 at 11:18:01AM -0800, Mark Knecht wrote:
> >
> >
> > > Hi,
> > > I built a new FC2 machine from scratch recently. It's been working
> > > fine for outgoing connections. Today I wanted to connect to it but
> > > haven't been able to. When I attempt to connect to it from my laptop
> > > or another FC2 desktop I get:
> > >
> > > flash mark $ ssh -X -Y -C -c blowfish -l mark 192.168.10.101
> > > ssh: connect to host 192.168.10.101 port 22: No route to host
> > > flash mark $
> >
> > That's your answer. Check routing by running (on flash)
> >
> > netstat -rn
> >
> > If that looks ok, then 192.168.10.101 is either off (if it's on, run
> > ifconfig to assure that the ethernet port is up on that IP) or there
> > is a bad cable between it and flash.
>
> No, it doesnt seem to be so simple as a bad cable. Wish it was. I'm
> suspecting maybe iptables is doing something? Anyway, more info:
>
> 1) I have 4 Linux machines here at home. Two are Gentoo, two are FC2:
>
> Shadow - Gentoo - 192.168.10.26
> Flash - Gentoo - 192.168.10.29
> Godzilla - FC2 - 192.168.10.101
> Wizard - FC2 - 192.168.10.5
>
> All 4 machines have access to the Internet. (No bad cables, and in
> fact I'm sending this email from Godzilla.) Both Gentoo machines are
> accepting ssh connections from all other machines. (Gentoo or FC2)
> Neither FC2 machine is accepting ssh connections from any other
> machine.
>
> Here on Godzilla netstat -rn looks like:
>
> [root at Godzilla root]# netstat -rn
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt Iface
> 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
> 0.0.0.0 192.168.10.3 0.0.0.0 UG 0 0 0 eth0
> [root at Godzilla root]#
>
> The second entry seems a bit bogus. What's going on there?
That's Automatic Private IP Addressing (APIPA) address space of
169.254.0.0/16. I think Windoze uses it if it can't get a DHCP
lease. That's all I know about it, and that's probably wrong. :-)
You can ignore it.
> I can ssh to flash (gentoo) from Godzilla (FC2) and get netstat info.
> It looks better:
>
> flash root # netstat -rn
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt Iface
> 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
> 0.0.0.0 192.168.10.3 0.0.0.0 UG 0 0 0 eth0
> flash root #
>
> However, I cannot ssh from flash to Godzilla. On flash I have sshd running:
> flash root # ps aux | grep ssh
> root 7643 0.0 0.2 3168 1424 ? Ss 09:43 0:00 /usr/sbin/sshd
> root 8473 0.0 0.3 6000 1920 ? Ss 14:23 0:00 sshd: root at pts/1
> root 8489 0.0 0.0 1388 488 pts/1 S+ 14:25 0:00 grep ssh
> flash root #
>
> Here on Godzilla I have sshd running also:
>
> [root at Godzilla root]# ps aux | grep ssh
> mark 2748 0.0 0.0 3308 712 ? S 10:54 0:00
> /usr/bin/ssh-agent /etc/X11/xinit/Xclients
> root 3170 0.0 0.1 3664 1492 ? S 11:07 0:00 /usr/sbin/sshd
> root 22818 0.0 0.0 3584 596 pts/1 S 14:26 0:00 grep ssh
> [root at Godzilla root]#
>
>
> What am I missing???
>
> Thanks,
> Mark
I gather you are behind a NAT firewall in which the inside address is
192.168.10.3. If you suspect IPTables, try this as root on Godzilla:
service iptables status
If it reports it's on with a giant laundry list, turn it off with
service iptables stop
Turn it off permanently with
chkconfig iptables off
To verify that sshd on Godzilla is listening, do this (again on
Godzilla)
netstat -lpn | fgrep :22
You should get something that looks like
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 732/sshd
Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
robertmcclure at earthlink.net http://www.bobcatos.com
Grace happens.
More information about the Redhat-install-list
mailing list