|
Cannot ssh in to remote machine
Hey all, my problem is fairly straight forward: I was able to log into a client's box remotely but I can't any longer. My computer and the remote are both CentOS 5.2. My putty session just hangs and eventually errors.
NOTES: I remotely logged into their windows server and used putty to get into the linux box in question (from 10.0.0.3 ssh -> 10.0.0.2). Here's what I was able to dredge: I used the 'last' utility to see the last time I was able to login from my home: Sat May 2 19:04 - 19:25 --- I attempted a simple telnet session from my home to their box: echo 'helo' | telnet mail.domain.com 22 Trying www.xxx.yyy.zzz... telnet: connect to address www.xxx.yyy.zzz: Connection timed out If I change it to port 25 it works: # echo 'helo' | telnet mail.domain.com 25 Trying www.xxx.yyy.zzz... Connected to mail.domain.com. Escape character is '^]'. Connection closed by foreign host. So port forwarding is not the issue. I went to http://www.canyouseeme.org (from their windows box) for a sanity check though. This site reported that it was able to get through on port 22. --- nmap, iptables -L, and netstat -ant all show ssh as funtional. --- If I pick through some of the logs I see entries like this: Code:
Apr 16 15:42:37 localhost sshd[31913]: Address aaa.bbb.ccc.ddd maps to mail.example.org.ccc.bbb.aaa.in-addr.arpa, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!--- I then vi ~/.ssh/known_hosts and removed the previous key from my server and saved. This didn't help - duh. --- When I saw the above I checked /etc/hosts.deny on the remote box: empty --- grep denied /var/log/audit/audit.log (nothing) grep fail /var/log/audit/audit.log (a few things that looked appropriate) --- I tightened the first rule and added the second: Code:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -s 10.0.0.0/24Then: 'service iptables restart' and still can't get in from home. --- When I tail -f various logs (/var/log/{message,secure,audit}) while attempting an ssh session the logs don't budge. It's like I'm not hitting the box at all. Again though, I was able to at one time. --- SELinux is fully functional by the way. Past greping the the audit log for failures I don't know what to do with SELinux (newb). --- The clients' router is a consumer grade actiontec dsl modem. I shut off remote management for both ssh and telnet. If these are on, you'll end up telnet/sshing into the dsl modem. I re-checked the port forwarding on the device as well. Both 'advanced port-forwarding' and 'applications' are doing the same thing forwarding all TCP port 22 requests to 10.0.0.2. This works for me at my home so it seems good. === At this point I'm drawing a blank. If there's anything else I'm missing please correct my troubleshooting. Thanks in advance- TT |
RE: Cannot ssh in to remote machine
Update: I don't believe this is a routing or port-forwarding issue. I'm now noticing gazillions of these:
Code:
tail -f /var/log/audit/audit.logOn a personal note: since Google crawls the web and caches sites like this I feel like I should put a shout out to the douche-bags @ Xeex XEEX-COMMUNICATIONS-2 for trying to jack my server. Nice try F-tards. |
Cannot ssh in to remote machine
ok, I checked one of the other posts and found a work-around:
I was doing it like this: ssh mail.domain.com like I do with all of my other connections. When I specify the user root I am prompted for a password. ssh root@mail.domain.com root@mail.domain.com's password: Last login: Wed Jun 10 13:30:24 2009 from mail.example.org then, of course, I am given a shell: [root@localhost ~]# === I'm not sure what causes this. Please let me know. For all of my other servers I only have to: ssh mail.domain.com Thanks, TT |
| All times are GMT -5. The time now is 12:47 AM. |