sshd_config is completely default except for modifying the listening port to 59999.

I can ping the CentOS server from other servers on the LAN.

I've run commands: systemctl start sshd.services and systemctl enable sshd.services. No errors.

I've checked the iptables firewall and it currently indicates under the "filter" section :INPUT ACCEPT (0:0) --- so it would appear everything is open for accepting connections.

When I try to connect from a windows client with putty it just hanges.
When I try to connect from a linux server terminal, the message is: No route to host.

This is my first stab at CentOS and Systemd --- coming from a Slackware and Gentoo background.

What's the simple thing I'm missing?
Thx for your time and patience.

Is the routing setup correctly? (When I try to connect from a linux server terminal, the message is: No route to host.)

Hi Kerusk, thanks for your speedy reply.
I'm not sure if routing is setup correctly.
This CentOS environment has thrown me off balance.

I'm used to the old world of going to an iptables file and inputting something like: $IPT -t filter -A INPUT -p tcp --dport 59999 -j ACCEPT. Upon doing that I *~knew~* everything was set for receiving connections on that device and port.

So, I've been doing some surfing and find that many/most folks use firewalld to configure their iptables firewalls and/or firewall services under systemd regime. It turns out there's a gui "firewall-config" app and I added 59999 as a public port. Rebooted the server and now I can remote in via ssh. I don't like this at all....definitely don't understand the format of the /etc/sysconfig/iptables file.

I've got more goog-ing to do. There's got to be a way to get back to simple manual modification of such things.
So this is what web-devs go through implementing new toolchains, libraries, etc? :-)

Follow up: after CAT-ing the /etc/sysconfig/iptables file, I see no modification showing the port 59999 modification.
I have no idea what configuration file was altered to allow the opening of port 59999.

Oooof, the port 59999 settings are contained in /etc/firewalld/zones/public.xml

<<i'm gonna need a bourbon>

and then it occurs to me --- if all i have is shell access to this box once it's installed, how am i going to make modifications without the gui apps for networking services, etc?

Besides firewall settings, if you're using centos 7 selinux is on by default, and you have to tell selinux about the non-standard ssh port.

I have a couple gui-less centos7 servers, you can manage network settings, etc from the command line fairly easily.

Hi Doug, thanks for the heads up regarding selinux.
Sounds like I've got some RTFM and learning curve in the centos arena.
Coming from slackware, I'm used to setting up almost every daemon or "service" in the scripts and commands located in /etc/rc.d/.
With centos, I'm not sure when to use systemctl, what is/is not a "service" item, and what configuration files I can edit manually.
I may need to buy a centos 7 reference book to get it straight.

FYI the command I had to use to set selinux to allow a non-standard port (as root):
Read up on systemd. systemctl is used to start/stop/manage daemons. firewall-cmd is used to adjust the new firewalld (iptables replacement). journalctl is used to view the new journald (syslogd replacement). nmtui can adjust network settings for networkmanager controlled interfaces.

This is just a sampling of cli tools, many more are available.

I suggest instead you use default IANA designated port mappings (distro-agnostic /etc/services) and install fail2ban. Let me know if you need the reasoning behind that.


Note there is absolutely no reason why you can't use "iptables.service" aka old school /etc/sysconfig/iptables. (If you remove the firewalld package or disable "firewalld.service" the package will still be installed on update unless you exclude it in /etc/yum.conf.)


CentOS doesn't require 'firewall-config' to configure a fully capabe firewall. Also note changes to iptables rule sets don't require a server reboot: not on CentOS or any other Linux distribution.


Again this is not CentOS but distro-agnostic: plain old 'iptables-save' output.


Indeed. Unlike UNIX versions where you first have to portmaster and rebuild your whole ports tree, Linux distributions that come with social contracts, or invite you to fiddle with obscure compile flags, or boast about their pedigree (but in the meanwhile still don't provide packages the rest of the world has been using for decades) with CentOS you just 'yum -y install httpd mysql php' and be done with it. Now that is a hassle, right? ;-p


CentOS is pretty much like any other Linux distribution. Sure you may need to explicitly install some packages if you used the "minimal" installer but under the hood all the basic tools just work. Like Red Hat CentOS has pretty good user, admin and security documentation and a Wiki at centos.org. A GUI for configuring things is not required by CentOS but by users.

Doug G and unSpawn, thanks for your helpful suggestions. Good material and a framework to get started on. I did some skimming through the mailing list for centos and found the rhel 7 docs are essentially the applicable "manual" for centos 7. Lots of great material there to absorb. I think i can calm down now and begin. Appreciate your help.

Completed a new Cent 7 install using netinstall.iso. Put it on a USB drive and booted Dell Poweredge 2950 Server with it.
Chose all the package options under "Infrastructure Server."
1071 packages total. Current install size approx. 2.2 GB.
Don't know if I was on a slow mirror, or if the USB device made it slow to install, but it took about 16 - 17 hours to finish.
I was able to ssh into the box on Port 22 after reboot.
I did and .
I like it....no X window system.....straight to shell.....now ready to digest a little systemd, yum package manager, redhat-style services, selinux, lvm, etc.

thanks again.