Could anybody tell me what the necessary and sufficient conditions are for a PC running RedHat 9 to accept ssh (scp etc.) connections? My box is connected to a local gateway and thus I set "no firewall" through redhat-config-securitylevel, yet I get a "Connection refused" (port 22) if I try to ssh it from other machines in the same network (ping works).

I didn't have this problem on another machine, on which I installed RedHat 9 from scratch; on the problematic one I upgraded a non-networked RedHat 7.3, so I believe that must be be related to the problem.

Any suggestions?

Thanx

And ssh server is running.

yeap:
root 589 0.3 0.0 3504 0 ? SW 21:23 0:00 /usr/sbin/sshd

Does a port scan from a remote box show that 22 is open? And is there a firewall on any of the remote boxes.

Humm. Port 22 is reported `closed' by nmap on the other box.
Yeah, the other box (which is connected to my ISP) has a firewall.

See if ssh 127.0.0.1 works.

Sorry, I forgot to say, I had checked that out before: it does.

Then I dont know either the external boxes have firewalls limiting what gets out or the hosts.deny or hosts.allow files are limiting ssh.

I set up the firewall on the other box using redhat-config-securitylevel, and I marked the ethernet interface going to this box as a `trusted device', specifically allowing SSH connections.

The hosts.deny file is empty, the hosts.allow file has ALL:ALL in it.

On the computer your trying to ssh from can you ssh to other boxes besides the one the doesnt work? If you cant test it maybe try killing the firewall. Run iptables -L to make sure there are no rules left and everything is set to accept. Then try to connect to the box. If all that doesnt work I'm out of idea's.

> On the computer your trying to ssh from can you ssh to other boxes
> besides the one the doesnt work?
Sorry, I forgot to tell you before: YES.

I don't know much about iptables, here is the output of iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- bud-ink00.chello.hu anywhere udp spt:domain
ACCEPT udp -- bud-ink01.chello.hu anywhere udp spt:domain
REJECT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp reject-with icmp-port-unreachable

Dear jstu,

thank you for your help. I just found the problem: there was a file /etc/sysconfig/ipchains with stuff in it, which I commented out, and now everything is fine. Isn't it a bug, by the way, that redhat-config-securitylevel does not delete or rename that file when one sets "no firewall"? And/or shouldn't it disable the ipchains services when one does not want a firewall?

Best --

You would think so. If you want to run a firewall I would suggest learning iptables. The redhat gui tools are good but they prevent you from really know whats going on behind the scenes.

mistake