Slackware64 14.1 on public root server: SSH connection refused error
Hi,
I've just installed Slackware64 14.1 on a public root server from the French company Online. I've already made a good dozen of these installs. The company only has Debian, Ubuntu, CentOS, FreeBSD and Windows on offer, but about two years ago, I experimented a bit and managed to install Slackware on such a machine, using an Ubuntu Live Rescue session. Since then, I have a few production servers running Slackware with Web, Mail and streaming audio services, and I'm quite happy with them. This afternoon, I installed one of these machines, using my own documentation, but this time, for mysterious reasons, I can't seem to connect to the machine once it's installed. I fired up the Live Rescue system, mounted the partitions and chrooted into the installed system, I checked and double-checked everything, but I can't seem to find the culprit. The root user has a password, rc.sshd is running, I invoked the cacerts script from pkgtool... ... but still, I can't SSH into the box. Network configuration is fine, the machine boots and I can ping it. This is just a bare quite minimal Slackware installation with (so far) the A, AP, D, L and N package groups. (I do this usually, and upon the first reboot, install remaining groups like X later on.) Any idea what possible causes I can investigate here? I admit I'm a bit clueless here. Cheers, Niki |
you could check in /var/log/messages if the ssh server really starts: there should be some lines like
Code:
May 7 18:58:09 toscibo sshd[2051]: Server listening on 0.0.0.0 port 22. |
In the meantime, I tried something else, and it worked, though I'm not exactly sure why/how. I launched the Live Rescue session again, chrooted into my Slackware system, configured slackpkg and upgraded my existing installation (consisting of A, AP, D, L and N as stated above). Then I relaunched the cacerts installation script (on a vague whim), exited the system and rebooted the server.
Now I can SSH into my server without any problems. So is it possible that some old SSH component prevents me from connecting to the server? I'm not even sure how to formulate this otherwise. Cheers, Niki |
This might be a good place to ask. What exactly does the cacerts script do?
|
Code:
# cat /var/log/setup/setup.11.cacerts Code:
man 8 update-ca-certificates Code:
UPDATE-CA-CERTIFICATES(8) System Manager's Manual UPDATE-CA-CERTIFICATES(8) in short: it should be used whenever you change (add/remove/update) your system's certificates. |
OpenSSL recently got a security patch. Is it possible that Online has a firewall of some kind that blocks SSH connections to servers not patched with the latest?
Seems a stretch (and not sure if it would even be feasible), but just a thought. |
I know there are people who pride themselves on their "minimal" installation, but quite frankly, it's just a waste of time. A full installation will prevent a multitude of later errors, especially with the so-called "lack of package management", which is not an issue IF you have done a full install. The option to do a partial install should just be removed from the Slackware installer ... :-)
|
Quote:
Regardless, my crystal ball tells me that your suggestion of forbidding a partial install has zero chance to retain Pat's attention. Fortunately. And it would be very easy for a semi-skilled slacker to circumvent such a limitation anyway. |
Quote:
https://github.com/kikinovak/microli...ibox-HOWTO.txt PS: for the record, on a server, I leave out E, KDE, KDEI, XAP and XFCE. |
Quote:
But my first point relates in that when you are chasing errors, knowing that you have a full install will certainly put libraries and packages out of the questions. Thus making the debugging that much easier. |
Quote:
https://kikinovak.wordpress.com/2015...r-une-dedibox/ |
Quote:
In French ... :-) |
It just needs PAM. :^)
|
OK, I experimented some more, and it looks indeed like there's some upstream security from the provider. On this second install, I installed the system from within the live session, but I upgraded everything before the initial reboot. This time it worked like a charm.
|
Quote:
|
All times are GMT -5. The time now is 09:06 AM. |