[SOLVED] New CentOS install - cannot remote in via ssh
CentOSThis forum is for the discussion of CentOS Linux. Note: This forum does not have any official participation.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Fedora, CentOS, and would like to get back to Gentoo
Posts: 332
Rep:
New CentOS install - cannot remote in via ssh
sshd_config is completely default except for modifying the listening port to 59999.
I can ping the CentOS server from other servers on the LAN.
I've run commands: systemctl start sshd.services and systemctl enable sshd.services. No errors.
I've checked the iptables firewall and it currently indicates under the "filter" section :INPUT ACCEPT (0:0) --- so it would appear everything is open for accepting connections.
When I try to connect from a windows client with putty it just hanges.
When I try to connect from a linux server terminal, the message is: No route to host.
This is my first stab at CentOS and Systemd --- coming from a Slackware and Gentoo background.
What's the simple thing I'm missing?
Thx for your time and patience.
Distribution: Fedora, CentOS, and would like to get back to Gentoo
Posts: 332
Original Poster
Rep:
Hi Kerusk, thanks for your speedy reply.
I'm not sure if routing is setup correctly.
This CentOS environment has thrown me off balance.
I'm used to the old world of going to an iptables file and inputting something like: $IPT -t filter -A INPUT -p tcp --dport 59999 -j ACCEPT. Upon doing that I *~knew~* everything was set for receiving connections on that device and port.
So, I've been doing some surfing and find that many/most folks use firewalld to configure their iptables firewalls and/or firewall services under systemd regime. It turns out there's a gui "firewall-config" app and I added 59999 as a public port. Rebooted the server and now I can remote in via ssh. I don't like this at all....definitely don't understand the format of the /etc/sysconfig/iptables file.
I've got more goog-ing to do. There's got to be a way to get back to simple manual modification of such things.
So this is what web-devs go through implementing new toolchains, libraries, etc? :-)
Distribution: Fedora, CentOS, and would like to get back to Gentoo
Posts: 332
Original Poster
Rep:
Follow up: after CAT-ing the /etc/sysconfig/iptables file, I see no modification showing the port 59999 modification.
I have no idea what configuration file was altered to allow the opening of port 59999.
Distribution: Fedora, CentOS, and would like to get back to Gentoo
Posts: 332
Original Poster
Rep:
and then it occurs to me --- if all i have is shell access to this box once it's installed, how am i going to make modifications without the gui apps for networking services, etc?
Distribution: Fedora, CentOS, and would like to get back to Gentoo
Posts: 332
Original Poster
Rep:
Hi Doug, thanks for the heads up regarding selinux.
Sounds like I've got some RTFM and learning curve in the centos arena.
Coming from slackware, I'm used to setting up almost every daemon or "service" in the scripts and commands located in /etc/rc.d/.
With centos, I'm not sure when to use systemctl, what is/is not a "service" item, and what configuration files I can edit manually.
I may need to buy a centos 7 reference book to get it straight.
FYI the command I had to use to set selinux to allow a non-standard port (as root):
Code:
semanage port -a -t ssh_port_t -p tcp <port#>
Read up on systemd. systemctl is used to start/stop/manage daemons. firewall-cmd is used to adjust the new firewalld (iptables replacement). journalctl is used to view the new journald (syslogd replacement). nmtui can adjust network settings for networkmanager controlled interfaces.
This is just a sampling of cli tools, many more are available.
I'm used to the old world of going to an iptables file and inputting something like: $IPT -t filter -A INPUT -p tcp --dport 59999 -j ACCEPT.
I suggest instead you use default IANA designated port mappings (distro-agnostic /etc/services) and install fail2ban. Let me know if you need the reasoning behind that.
Quote:
Originally Posted by Sum1
So, I've been doing some surfing and find that many/most folks use firewalld to configure their iptables firewalls and/or firewall services under systemd regime.
Note there is absolutely no reason why you can't use "iptables.service" aka old school /etc/sysconfig/iptables. (If you remove the firewalld package or disable "firewalld.service" the package will still be installed on update unless you exclude it in /etc/yum.conf.)
Quote:
Originally Posted by Sum1
It turns out there's a gui "firewall-config" app and I added 59999 as a public port. Rebooted the server and now I can remote in via ssh.
CentOS doesn't require 'firewall-config' to configure a fully capabe firewall. Also note changes to iptables rule sets don't require a server reboot: not on CentOS or any other Linux distribution.
Quote:
Originally Posted by Sum1
I don't like this at all....definitely don't understand the format of the /etc/sysconfig/iptables file.
Again this is not CentOS but distro-agnostic: plain old 'iptables-save' output.
Quote:
Originally Posted by Sum1
So this is what web-devs go through implementing new toolchains, libraries, etc? :-)
Indeed. Unlike UNIX versions where you first have to portmaster and rebuild your whole ports tree, Linux distributions that come with social contracts, or invite you to fiddle with obscure compile flags, or boast about their pedigree (but in the meanwhile still don't provide packages the rest of the world has been using for decades) with CentOS you just 'yum -y install httpd mysql php' and be done with it. Now that is a hassle, right? ;-p
Quote:
Originally Posted by Sum1
Sounds like I've got some RTFM and learning curve in the centos arena.
Coming from slackware, I'm used to setting up almost every daemon or "service" in the scripts and commands located in /etc/rc.d/.
With centos, I'm not sure when to use systemctl, what is/is not a "service" item, and what configuration files I can edit manually.
I may need to buy a centos 7 reference book to get it straight.
CentOS is pretty much like any other Linux distribution. Sure you may need to explicitly install some packages if you used the "minimal" installer but under the hood all the basic tools just work. Like Red Hat CentOS has pretty good user, admin and security documentation and a Wiki at centos.org. A GUI for configuring things is not required by CentOS but by users.
Distribution: Fedora, CentOS, and would like to get back to Gentoo
Posts: 332
Original Poster
Rep:
New CentOS install - cannot remote in via ssh
Doug G and unSpawn, thanks for your helpful suggestions. Good material and a framework to get started on. I did some skimming through the mailing list for centos and found the rhel 7 docs are essentially the applicable "manual" for centos 7. Lots of great material there to absorb. I think i can calm down now and begin. Appreciate your help.
Distribution: Fedora, CentOS, and would like to get back to Gentoo
Posts: 332
Original Poster
Rep:
Completed a new Cent 7 install using netinstall.iso. Put it on a USB drive and booted Dell Poweredge 2950 Server with it.
Chose all the package options under "Infrastructure Server."
1071 packages total. Current install size approx. 2.2 GB.
Don't know if I was on a slow mirror, or if the USB device made it slow to install, but it took about 16 - 17 hours to finish.
I was able to ssh into the box on Port 22 after reboot.
I did
Code:
systemctl start sshd.service
and
Code:
systemctl enable sshd.service
.
I like it....no X window system.....straight to shell.....now ready to digest a little systemd, yum package manager, redhat-style services, selinux, lvm, etc.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.