lost ssh access of remote machine RHEL4..How to get it back?

dsids · 07-28-2006, 04:39 AM

Hi there is a machine RHEL4 which is controlled by ssh. It is remote so can onle be managed by the administrators down here though shell. But after installing an rpm tripwire package I have lost shell access..When I try to connect, it gives me the following error
# ssh 172.17.1.197
ssh: connect to host 172.17.1.197 port 22: Connection refused

Its an production server so its very important to have the ssh access back...How can I get back the access?

Please adivse..Its urgent..

Thank you
Danish

fatra2 · 07-28-2006, 04:50 AM

Hi there,

After installing this "tripwire" rpm, have you looked that the port22 (used by ssh) is still open? Is the deamon (sshd) running? It could be that the port was closed during the installation, or that the deamon was turned off.

If everything seems to be in working order, you can also try accessing, through port22, the machine with the domain name, instead of the IP address. I had to do that once before.

dsids · 07-28-2006, 05:17 AM

I tried it with the domain name but its not working..giving me the error name or service not known

#ssh -D 22 [machine_name_with_domain.com]
ssh [machine_name_with_domain.com]: name or service not known..

Also, there is a terminal open which is on my boss's comp to the remote server..and that is working fine..but it is not accepting any new connections...

Thanks

Danish

vimal · 07-28-2006, 05:31 AM

Hello dsids,

If you have access to the remote machine only via ssh, you will have to inform the DC or the network admins to work it out and set the connection up for you.

Thanks..

dsids · 07-28-2006, 05:34 AM

Quote:

Originally Posted by vimal

Hello dsids,

If you have access to the remote machine only via ssh, you will have to inform the DC or the network admins to work it out and set the connection up for you.

Thanks..

Vimal had been so easy, I wouldve never asked in the forum...sshd is unning on the remote machine...

Thanks

vimal · 07-28-2006, 05:53 AM

Quote:

Originally Posted by dsids

Hi there is a machine RHEL4 which is controlled by ssh. It is remote so can onle be managed by the administrators down here though shell. But after installing an rpm tripwire package I have lost shell access..When I try to connect, it gives me the following error
# ssh 172.17.1.197
ssh: connect to host 172.17.1.197 port 22: Connection refused

Its an production server so its very important to have the ssh access back...How can I get back the access?

Please adivse..Its urgent..

Thank you
Danish

Hi dsids,

From your posting above you have said that you had had lost access to the machine via ssh. And from the post it seems that you can only access the machine through SSH. I didn't read your second post, since i opened the page and went for some urgent work and so didnt see the second post come in. So I didn't know about a terminal that is opened from your boss's computer and its running fine. If such a case doesn't exist, then how could you establish a ssh connection with the server? If you have VNC or something like that you could do it ofcourse. So dont think i just saw it simply.....

If you can access the machine via your boss' machine, just check the settings in the tripwire configuration file. Tripwire comes with a tight configuration by default. Wish you good luck....

Thanks....

dsids · 07-28-2006, 06:03 AM

Well, the connection with the server was established before installing tripwire. After the installation of tripwire no new connections can be established..My boss even tried to
#ssh localhost

on the remote server but it gave the error..connection refused..
Yes we are checking the tripre cfg file, but BTW I was wondering
would SELinux on the remote RHEL4 server have anything to do with this?

Thanks
Danish

billymayday · 07-28-2006, 06:13 AM

It looks like it is related to tripwire, and SELinux sounds like a red herring (but you may want to come back to it).

I don't know tripwire, but have you checked out the configuration to make sure that isn't your problem?

Can you turn tripwire off?

dsids · 07-28-2006, 06:30 AM

Yes we have uninstalled tripwire rpm and also I did a nmap from my machine using varios kinds if flags

#nmap -sTU ipaddres
#nmap -sF ipaddress
#nmap -sX ipaddress
#namp -sN ipaddress

and it shows no information about port 22, only open ports are mentioned, so Im confused now because a terminal to the remote server
is open but nmap shows no information of port 22...

billymayday....I downloaded the same tripwire rpm pn my system and am trying to go through the cfg file

THanks
Danish

billymayday · 07-28-2006, 06:32 AM

Do you want to double check that sshd is still listening with netstat?

dsids · 07-28-2006, 06:45 AM

The funny thing is by doing netstat
it shows my boss's ip on port 22

Danish

dsids · 07-28-2006, 06:50 AM

yooohhhhhhhooooooooooo!!! it was the damn SELinux. Although something was did which should not have been done, but it was the only way out,

I ran the command

@setenforce 0

and restarted the machine...

and lo! the access the access was back...I knew it was the damn SELinux...

Thank you all very much

Danish

dsids · 07-28-2006, 06:51 AM

most probably it was something to do with tripwire..Ill have to go through the cfg file and logs..

Your advise too would be greatly appreciated

Thanks

Danish