LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-19-2009, 11:35 AM   #1
Orange Sunshine
Member
 
Registered: Jul 2004
Location: Kansas
Posts: 37

Rep: Reputation: 15
noob question about SSH


I just downloaded CentOS 5 from here http://mirror.centos.org/centos/5/isos/ and installed it without any problems that I know of.

I am having trouble connecting to the machine via SSH and I can't figure out why. I have NEVER set up SSH and am pretty new to Linux so this very well could be a glaringly obvious mistake or something basic that I just don't know to do.

The first thing I did was search the net for "how to set up ssh on centos" and it returned a few pages that I read through and followed directions. The first was http://wiki.centos.org/HowTos/Network/SecuringSSH . I went through this page and disabled root logins, limited users to 1 user:

AllowUsers testUser

Disabled protocol 1, changed to a non-standard port (I used 2369), then logged into my router and forwarded TCP for port 2369 to 192.168.1.111 (which is the IP I got when I did an ifconfig on my CentOS box. Those are the only changes I made, I didn't filter at the firewall or set up any keys.

I then downloaded SSH Secure Shell for Windows so that I could connect to my CentOS box. After installing, opening, and trying Quick Connect I realized that I have no idea what I need to put in the hostname. So I searched and found how to change or set up my host name here http://www.electrictoolbox.com/chang...stname-centos/ . I followed all the steps so that my /etc/sysconfig/network file looks like this:

NETWORKING="yes"
GATEWAY="10.1.1.1"
HOSTNAME="www.testsshaddress.com"

...and my /etc/hosts file looks like this:

192.168.1.111 www.testsshaddress.com localhost localhost.localdomain

This could be where I went wrong as I have no idea if those host names have to be anything in particular or if I can just make them up as I am just trying to get SSH working within my local network at the moment. Anyway, I can type "hostname" at prompt and get the correct hostname that I set up "www.testsshaddress.com".

So I went to my Windows SSH client and used www.testsshaddress.com for the Host Name, testUser for the User Name, 2369 for the Port Number, and tried Authentication Method as "Profile Settings" and "Password". It tries for a while and then fails giving me the message:

The host 'www.testsshaddress.com' is unreachable.
The host may be down, or there may be a problem with the network connection.
Sometimes such problems can also be caused by a misconfigured firewall.

I also tried with my local IP for the Host Name (192.168.1.111) and got the same message. This is a different message than the one you get when you just type random letters into the host name which results in:

The host 'www.dfkjnisoidnf.com' is unknown.

so I am assuming that it is at least recognizing the host but something is still going wrong. Looking at the error I go I tried to look into making some changes to the iptables and found a page that led me to typing this at prompt:

iptables -A INPUT -p tcp --dport 2369 -j ACCEPT

That's all I did with iptables as I found that whole thing very confusing. Is that maybe where I need to make changes? Sorry for the huge post. I tend to over explain things on forums to try to make everything as clear as possible.

Any help is greatly appreciated!
 
Old 11-19-2009, 11:40 AM   #2
rayfordj
Member
 
Registered: Feb 2008
Location: Texas
Distribution: Fedora, RHEL, CentOS
Posts: 488

Rep: Reputation: 78
if it is a firewall configuration on the CEntOS system a quick clearing of the rules and testing should indicate it as so...



Code:
service iptables stop

likewise, while what you used will accept the port connection it will only do so after all other rules. if using a stock/default netfilter ruleset it will be rejected before it ever reaches your accept rule.

you can restart the firewall with
Code:
service iptables start
you might try
Code:
iptables -I INPUT -p tcp --dport 2369 -j ACCEPT
the -I will tell it to INSERT it at the top of the INPUT chain rather than append -A to the end of it.

I recommend just using the IP of the linux system for now.

 
Old 11-19-2009, 12:32 PM   #3
Orange Sunshine
Member
 
Registered: Jul 2004
Location: Kansas
Posts: 37

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by rayfordj View Post
if it is a firewall configuration on the CEntOS system a quick clearing of the rules and testing should indicate it as so...



Code:
service iptables stop

likewise, while what you used will accept the port connection it will only do so after all other rules. if using a stock/default netfilter ruleset it will be rejected before it ever reaches your accept rule.

you can restart the firewall with
Code:
service iptables start
you might try
Code:
iptables -I INPUT -p tcp --dport 2369 -j ACCEPT
the -I will tell it to INSERT it at the top of the INPUT chain rather than append -A to the end of it.

I recommend just using the IP of the linux system for now.

Worked like a charm, thanks! Now I just have to figure out how to get it to a point where I can connect to it from anywhere and not just within my local network...
 
Old 11-19-2009, 01:09 PM   #4
pcunix
Member
 
Registered: Dec 2004
Location: MA
Distribution: Various
Posts: 149

Rep: Reputation: 23
Quote:
Originally Posted by Orange Sunshine View Post
Worked like a charm, thanks! Now I just have to figure out how to get it to a point where I can connect to it from anywhere and not just within my local network...
That only depends upon your firewall - your Internet firewall. If that's the Linux box, you just have to allow the ssh port in.

If it's an appliance router, you need to get that port transferred to the Linux box. Depending on your router, you may want to look under Gaming, Port Forwarding or DNAT - the idea is to forward a connection coming in the public IP to an internal IP. Usually very simple once you figure out what they want you do do, though I have found a few that require an astonishing number of steps :-)

If you can't figure it out, start a new thread and post your router mfg/model and say you can't figure out how to get the public IP to send your 2369 to 192.168.1.111
 
Old 11-19-2009, 01:21 PM   #5
Orange Sunshine
Member
 
Registered: Jul 2004
Location: Kansas
Posts: 37

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by pcunix View Post
That only depends upon your firewall - your Internet firewall. If that's the Linux box, you just have to allow the ssh port in.

If it's an appliance router, you need to get that port transferred to the Linux box. Depending on your router, you may want to look under Gaming, Port Forwarding or DNAT - the idea is to forward a connection coming in the public IP to an internal IP. Usually very simple once you figure out what they want you do do, though I have found a few that require an astonishing number of steps :-)

If you can't figure it out, start a new thread and post your router mfg/model and say you can't figure out how to get the public IP to send your 2369 to 192.168.1.111
Yes, I actually have done that already. I have a DD-WRT router and have forwarded port 2369 to my CentOS box (192.168.1.111). I guess the only problem then is the fact that I don't have a static public IP address. I will be downloading ddclient (http://www.dyndns.com/support/clients/#linux) which is an update client and using dyndns.com service to forward a domain to my current IP. I think I understand this part ok. Does this sound like the correct sequence of steps?

The part I am a little unclear of is that eventually I will be using this box as a web server. I have a domain name bought from Godaddy so how will I make it so that whenever people type www.mydomain.com it will go to my CentOS box? Would I just change the DNS servers that Godaddy is using for that domain to DNS servers I get from dyndns? Then it would lookup my IP and forward to my box? The only problem I see with this is that I don't want to use one of dyndns's domain names. When people go to www.mydomain.com I want it to actually show www.mydomain.com in the address and not be forwarded to something like mydomain.dyndns.com or whatever. Does this make sense?
 
Old 11-19-2009, 02:40 PM   #6
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,033

Rep: Reputation: 69
I'm not familiar with godaddy, but basically you have to go to the control panel of that domain and edit the dns. Leave the dns name servers to their default dns server but change the ip address from theirs to your external ip address of your router at home. You already have portforwarding enabled on that router to take ssh requests to your internal computer so that part is done. Also, I'm not sure but in your sshd_config file, if there's an 'AllowTcpForwarding' option you may have to enable it by putting yes after it.

If the external ip address of your router is not static, then simply update the ip address in the dns settings of your godaddy control panel. I have noticed that my dynamic external ip address remains the same until I have reset my modem or have my modem off for a certain amount of time. That's really the only time a dynamic ip changes. Good luck.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
A few noob questions about sudo and ssh... trist007 Linux - Newbie 6 02-09-2009 08:40 PM
SSH connect troubles... NOOB!! Mathijs Linux - Networking 7 03-14-2005 11:44 AM
noob with a noob question phoonerorlater Linux - Newbie 2 09-29-2004 03:43 PM
noob needs help with ssh animalflstc Linux - Newbie 14 09-04-2004 03:35 PM
Complete noob question from a noob noob_hampster Linux - Software 2 09-04-2003 12:03 AM


All times are GMT -5. The time now is 02:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration