LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-06-2014, 09:59 PM   #16
Isaac Velando
LQ Newbie
 
Registered: Feb 2014
Location: Texas
Distribution: Arch, Ubuntu Server, CentOS
Posts: 29

Rep: Reputation: 21

Based on your previous output of chkconfig --list, sshd is enabled on runlevel 5 so that's not the issue; runlevel 5 is I believe standard convention for graphical logins like you seem to be using presently, which is fine.

Ignore the systemctl comment; that's the tool to configure services under the systemd init daemon. CentOS uses either SysV (5.x) or Upstart (6.x), and the chkconfig/runlevel style of service management applies here. These are just different processes for managing the system and its services; distributions like Arch, Fedora, OpenSuse, and possibly the next version of Debian use systemd by default, but that's besides the point.

I'm assuming you haven't yet discovered the problem causing your ssh issues? If not, the next step would be:
Code:
/usr/sbin/sshd -t
and see if it outputs anything; if so you have a misconfigured /etc/ssh/sshd_config and need to fix that followed by
Code:
service sshd start
Otherwise proceed with
Code:
grep 'sshd' /var/log/messages | less
grep 'sshd' /var/log/secure | less
and scan the latest entries for any trouble signs - warnings and the like. If you find anything and want to output it here you could run
Code:
grep 'sshd' /var/log/messages | tail -n 10
grep 'sshd' /var/log/secure | tail -n 10
or however many lines are necessary.

Last edited by Isaac Velando; 02-06-2014 at 10:02 PM.
 
1 members found this post helpful.
Old 02-07-2014, 10:09 AM   #17
Ryanms3030
Member
 
Registered: Jan 2014
Distribution: Debian, Mint, CentOS, Ubuntu
Posts: 261

Original Poster
Rep: Reputation: Disabled
I'm still having trouble. But maybe I'm looking at the wrong thing. I just tried to ssh into the server and get:

connection timed out

When I go physically log on to the server and type: service sshd status the output is:
Code:
openssh-daemon (pid  1804) is running...

I restarted sshd and still can't log on remotely. Next I did service iptables restart and get:

Code:
iptables: Setting chains to policy ACCEPT: filter mangle na[  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules: iptables-restore: line 39 failed
                                                           [FAILED]
After restarting iptables I am able to ssh into the server. But I'm starting to think the firewall is causing the problem. Below is a copy of my iptables. 2020 is the ssh port. I manually added rules for samba and for 9091 for Transmmission torrent server but that is commented out. Other lines were added automatically from KVM. I have tried commenting out line 39 but if I do it just fails and a different line. Is there anything in the iptables that stands out as a problem? Can I just set up a more vanilla iptables that will still work? I just want to be able to use ssh and samba on the server.



Code:
# Generated by iptables-save v1.4.7 on Tue Feb  4 17:58:35 2014
*mangle
:PREROUTING ACCEPT [3940:5229103]
:INPUT ACCEPT [3940:5229103]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1792:96503]
:POSTROUTING ACCEPT [1792:96503]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Tue Feb  4 17:58:35 2014
# Generated by iptables-save v1.4.7 on Tue Feb  4 17:58:35 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2020 -j ACCEPT
#-A INPUT -p tcp --dport 9091 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
COMMIT
# Completed on Tue Feb  4 17:58:35 2014
 
Old 02-07-2014, 11:42 AM   #18
DavidMcCann
Senior Member
 
Registered: Jul 2006
Location: London
Distribution: CentOS, Salix
Posts: 4,585

Rep: Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440
Most of the discussion here is about things I have no desire to learn, but I set my services and adjust my firewall with the GUI tools in System Administration. It might just be worth trying, now you're in run-level 5.
 
Old 02-07-2014, 01:13 PM   #19
Ryanms3030
Member
 
Registered: Jan 2014
Distribution: Debian, Mint, CentOS, Ubuntu
Posts: 261

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by DavidMcCann View Post
Most of the discussion here is about things I have no desire to learn, but I set my services and adjust my firewall with the GUI tools in System Administration. It might just be worth trying, now you're in run-level 5.
I might do that. The last time I used the gui firewall to make changes it wiped out a bunch of other configurations so. Since this server is a learning tool for me I do want to learn what is going on under the hood with iptables and other services.
 
Old 02-08-2014, 09:51 PM   #20
Ryanms3030
Member
 
Registered: Jan 2014
Distribution: Debian, Mint, CentOS, Ubuntu
Posts: 261

Original Poster
Rep: Reputation: Disabled
So, I solved my problems. It was wifi/network related. I made a couple of changes:

1. I connected the computer directly to my router via Ethernet instead of using wifi. I previously avoided this because I am forced to run it "headless" to be able to connect it directly to the router and I have not been comfortable with the idea of not having a gui to fall back on.

2. I switched it to runlevel 3. I don't think that was part of the problem but since I'm going to try to administer the system 100% remotely now there's no reason to boot into the gui by default.

3. I set a static ip on the ethernet. I had been using DCHP on the wifi.


Here is what I think the real problem was:

1. I was using wifi with NetworkManager.
2. When I rebooted it would come up to the log in screen and I don't think the wifi was connecting via NetworkManager until I logged into the computer.

Maybe I could have just set NM to start on boot? Or manually configure my wlan0 adapter in the config file? Regardless, of what the real fix was I probably should be connected with wire, static ip and headless
 
Old 02-10-2014, 08:27 AM   #21
schneidz
LQ Guru
 
Registered: May 2005
Location: boston, usa
Distribution: fc-15/ fc-20-live-usb/ aix
Posts: 5,145

Rep: Reputation: 886Reputation: 886Reputation: 886Reputation: 886Reputation: 886Reputation: 886Reputation: 886
i think the real problem was that the server changed its address upon each reboot therefore the router had no idea where to send ssh packets. setting up static ip is the way to go.
 
Old 02-10-2014, 11:58 AM   #22
Ryanms3030
Member
 
Registered: Jan 2014
Distribution: Debian, Mint, CentOS, Ubuntu
Posts: 261

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by schneidz View Post
i think the real problem was that the server changed its address upon each reboot therefore the router had no idea where to send ssh packets. setting up static ip is the way to go.
When I was using DHCP, I was using a ip reservation on the router for the server. It was not changing ip address and I would confirm that by ifconfig.

Once I would log onto the account physically at the server and the network manager kicked in and connected to the wifi I would be able to connect ssh using the same ip address I had been using.

...I'm sure there is why none of the servers at my work are using wifi ;-) amongst other reasons
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Using SSH to start a program anupamsr Linux - General 3 08-02-2006 01:48 PM
I want to start a ssh server. The_Messiah Linux - Networking 4 03-30-2005 01:56 AM
I turned off SSH, but I cant get it back! How do you start SSH on boot? nmoog Slackware 2 02-08-2004 05:18 PM
ssh to start at boot-up - AIX 4.3.2 ajoshay9 AIX 4 01-21-2004 08:44 PM
how to start up ssh deamon bennethos Linux - Newbie 2 10-21-2003 08:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration