Hey all, my problem is fairly straight forward: I was able to log into a client's box remotely but I can't any longer. My computer and the remote are both CentOS 5.2. My putty session just hangs and eventually errors.
NOTES:
I remotely logged into their windows server and used putty to get into the linux box in question (from 10.0.0.3 ssh -> 10.0.0.2). Here's what I was able to dredge:
I used the 'last' utility to see the last time I was able to login from my home:
Sat May 2 19:04 - 19:25
---
I attempted a simple telnet session from my home to their box:
echo 'helo' | telnet mail.domain.com 22
Trying
www.xxx.yyy.zzz...
telnet: connect to address
www.xxx.yyy.zzz: Connection timed out
If I change it to port 25 it works:
# echo 'helo' | telnet mail.domain.com 25
Trying
www.xxx.yyy.zzz...
Connected to mail.domain.com.
Escape character is '^]'.
Connection closed by foreign host.
So port forwarding is not the issue.
I went to
http://www.canyouseeme.org (from their windows box) for a sanity check though. This site reported that it was able to get through on port 22.
---
nmap, iptables -L, and netstat -ant all show ssh as funtional.
---
If I pick through some of the logs I see entries like this:
Code:
Apr 16 15:42:37 localhost sshd[31913]: Address aaa.bbb.ccc.ddd maps to mail.example.org.ccc.bbb.aaa.in-addr.arpa, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
aaa.bbb.ccc.ddd used to map to mail.example.org.ccc.bbb.aaa.in-addr.arpa, but I put a call into the ISP a few months ago to correct this, now it's correct: aaa.bbb.ccc.ddd <=> mail.example.org (fwd/rev)
---
I then vi ~/.ssh/known_hosts and removed the previous key from my server and saved. This didn't help - duh.
---
When I saw the above I checked /etc/hosts.deny on the remote box: empty
---
grep denied /var/log/audit/audit.log (nothing)
grep fail /var/log/audit/audit.log (a few things that looked appropriate)
---
I tightened the first rule and added the second:
Code:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -s 10.0.0.0/24
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -s aaa.bbb.ccc.ddd
These rules both work on other servers. I copy/pasted them to avoid type-o's.
Then: 'service iptables restart' and still can't get in from home.
---
When I tail -f various logs (/var/log/{message,secure,audit}) while attempting an ssh session the logs don't budge. It's like I'm not hitting the box at all. Again though, I was able to at one time.
---
SELinux is fully functional by the way. Past greping the the audit log for failures I don't know what to do with SELinux (newb).
---
The clients' router is a consumer grade actiontec dsl modem. I shut off remote management for both ssh and telnet. If these are on, you'll end up telnet/sshing into the dsl modem.
I re-checked the port forwarding on the device as well. Both 'advanced port-forwarding' and 'applications' are doing the same thing forwarding all TCP port 22 requests to 10.0.0.2. This works for me at my home so it seems good.
===
At this point I'm drawing a blank. If there's anything else I'm missing please correct my troubleshooting.
Thanks in advance-
TT