Slackware64 14.1 on public root server: SSH connection refused error
 

Hi,

I've just installed Slackware64 14.1 on a public root server from the French company Online. I've already made a good dozen of these installs. The company only has Debian, Ubuntu, CentOS, FreeBSD and Windows on offer, but about two years ago, I experimented a bit and managed to install Slackware on such a machine, using an Ubuntu Live Rescue session.

Since then, I have a few production servers running Slackware with Web, Mail and streaming audio services, and I'm quite happy with them.

This afternoon, I installed one of these machines, using my own documentation, but this time, for mysterious reasons, I can't seem to connect to the machine once it's installed. I fired up the Live Rescue system, mounted the partitions and chrooted into the installed system, I checked and double-checked everything, but I can't seem to find the culprit. The root user has a password, rc.sshd is running, I invoked the cacerts script from pkgtool...

... but still, I can't SSH into the box. Network configuration is fine, the machine boots and I can ping it. This is just a bare quite minimal Slackware installation with (so far) the A, AP, D, L and N package groups. (I do this usually, and upon the first reboot, install remaining groups like X later on.)

Any idea what possible causes I can investigate here? I admit I'm a bit clueless here.

Cheers,

Niki

you could check in /var/log/messages if the ssh server really starts: there should be some lines like

In the meantime, I tried something else, and it worked, though I'm not exactly sure why/how. I launched the Live Rescue session again, chrooted into my Slackware system, configured slackpkg and upgraded my existing installation (consisting of A, AP, D, L and N as stated above). Then I relaunched the cacerts installation script (on a vague whim), exited the system and rebooted the server.

Now I can SSH into my server without any problems. So is it possible that some old SSH component prevents me from connecting to the server? I'm not even sure how to formulate this otherwise.

Cheers,

Niki

This might be a good place to ask. What exactly does the cacerts script do?

https://superuser.com/questions/4373...y-ca-to-ubuntu

in short: it should be used whenever you change (add/remove/update) your system's certificates.

OpenSSL recently got a security patch. Is it possible that Online has a firewall of some kind that blocks SSH connections to servers not patched with the latest?

Seems a stretch (and not sure if it would even be feasible), but just a thought.

I know there are people who pride themselves on their "minimal" installation, but quite frankly, it's just a waste of time. A full installation will prevent a multitude of later errors, especially with the so-called "lack of package management", which is not an issue IF you have done a full install. The option to do a partial install should just be removed from the Slackware installer ... :-)

ca-certificates being part of the N series that is installed according to the initial post of this thread, I fail to see how your statement relates to the topic.

Regardless, my crystal ball tells me that your suggestion of forbidding a partial install has zero chance to retain Pat's attention. Fortunately. And it would be very easy for a semi-skilled slacker to circumvent such a limitation anyway.

I do a full install. This is just to get started, since I can't use a Slackware installation medium, and have to bootstrap Slackware remotely from inside an Ubuntu 12.04 LTS live session into which I SSH. Here's the gory details:

https://github.com/kikinovak/microli...ibox-HOWTO.txt

PS: for the record, on a server, I leave out E, KDE, KDEI, XAP and XFCE.

OK - the last statement was tongue-in-cheek - hence the smiley emoticon.

But my first point relates in that when you are chasing errors, knowing that you have a full install will certainly put libraries and packages out of the questions. Thus making the debugging that much easier.

Here's the full and final HOWTO, BTW:

https://kikinovak.wordpress.com/2015...r-une-dedibox/

In French ... :-)

It just needs PAM. :^)

OK, I experimented some more, and it looks indeed like there's some upstream security from the provider. On this second install, I installed the system from within the live session, but I upgraded everything before the initial reboot. This time it worked like a charm.

I used it for the first time yesterday. My French experience is limited to a year in high school fifteen years ago (I know Latin and Russian much better), and I was able to follow it just fine. Really, if you're reasonably familiar with the Slackware installation process it should be easy enough to figure out what's going on just by following the command lines and console output included.