|
noob question about SSH
I just downloaded CentOS 5 from here http://mirror.centos.org/centos/5/isos/ and installed it without any problems that I know of.
I am having trouble connecting to the machine via SSH and I can't figure out why. I have NEVER set up SSH and am pretty new to Linux so this very well could be a glaringly obvious mistake or something basic that I just don't know to do. The first thing I did was search the net for "how to set up ssh on centos" and it returned a few pages that I read through and followed directions. The first was http://wiki.centos.org/HowTos/Network/SecuringSSH . I went through this page and disabled root logins, limited users to 1 user: AllowUsers testUser Disabled protocol 1, changed to a non-standard port (I used 2369), then logged into my router and forwarded TCP for port 2369 to 192.168.1.111 (which is the IP I got when I did an ifconfig on my CentOS box. Those are the only changes I made, I didn't filter at the firewall or set up any keys. I then downloaded SSH Secure Shell for Windows so that I could connect to my CentOS box. After installing, opening, and trying Quick Connect I realized that I have no idea what I need to put in the hostname. So I searched and found how to change or set up my host name here http://www.electrictoolbox.com/chang...stname-centos/ . I followed all the steps so that my /etc/sysconfig/network file looks like this: NETWORKING="yes" GATEWAY="10.1.1.1" HOSTNAME="www.testsshaddress.com" ...and my /etc/hosts file looks like this: 192.168.1.111 www.testsshaddress.com localhost localhost.localdomain This could be where I went wrong as I have no idea if those host names have to be anything in particular or if I can just make them up as I am just trying to get SSH working within my local network at the moment. Anyway, I can type "hostname" at prompt and get the correct hostname that I set up "www.testsshaddress.com". So I went to my Windows SSH client and used www.testsshaddress.com for the Host Name, testUser for the User Name, 2369 for the Port Number, and tried Authentication Method as "Profile Settings" and "Password". It tries for a while and then fails giving me the message: The host 'www.testsshaddress.com' is unreachable. The host may be down, or there may be a problem with the network connection. Sometimes such problems can also be caused by a misconfigured firewall. I also tried with my local IP for the Host Name (192.168.1.111) and got the same message. This is a different message than the one you get when you just type random letters into the host name which results in: The host 'www.dfkjnisoidnf.com' is unknown. so I am assuming that it is at least recognizing the host but something is still going wrong. Looking at the error I go I tried to look into making some changes to the iptables and found a page that led me to typing this at prompt: iptables -A INPUT -p tcp --dport 2369 -j ACCEPT That's all I did with iptables as I found that whole thing very confusing. Is that maybe where I need to make changes? Sorry for the huge post. I tend to over explain things on forums to try to make everything as clear as possible. Any help is greatly appreciated! |
if it is a firewall configuration on the CEntOS system a quick clearing of the rules and testing should indicate it as so...
Code:
service iptables stoplikewise, while what you used will accept the port connection it will only do so after all other rules. if using a stock/default netfilter ruleset it will be rejected before it ever reaches your accept rule. you can restart the firewall with Code:
service iptables startCode:
iptables -I INPUT -p tcp --dport 2369 -j ACCEPTI recommend just using the IP of the linux system for now. :study: |
Quote:
|
Quote:
If it's an appliance router, you need to get that port transferred to the Linux box. Depending on your router, you may want to look under Gaming, Port Forwarding or DNAT - the idea is to forward a connection coming in the public IP to an internal IP. Usually very simple once you figure out what they want you do do, though I have found a few that require an astonishing number of steps :-) If you can't figure it out, start a new thread and post your router mfg/model and say you can't figure out how to get the public IP to send your 2369 to 192.168.1.111 |
Quote:
The part I am a little unclear of is that eventually I will be using this box as a web server. I have a domain name bought from Godaddy so how will I make it so that whenever people type www.mydomain.com it will go to my CentOS box? Would I just change the DNS servers that Godaddy is using for that domain to DNS servers I get from dyndns? Then it would lookup my IP and forward to my box? The only problem I see with this is that I don't want to use one of dyndns's domain names. When people go to www.mydomain.com I want it to actually show www.mydomain.com in the address and not be forwarded to something like mydomain.dyndns.com or whatever. Does this make sense? |
I'm not familiar with godaddy, but basically you have to go to the control panel of that domain and edit the dns. Leave the dns name servers to their default dns server but change the ip address from theirs to your external ip address of your router at home. You already have portforwarding enabled on that router to take ssh requests to your internal computer so that part is done. Also, I'm not sure but in your sshd_config file, if there's an 'AllowTcpForwarding' option you may have to enable it by putting yes after it.
If the external ip address of your router is not static, then simply update the ip address in the dns settings of your godaddy control panel. I have noticed that my dynamic external ip address remains the same until I have reset my modem or have my modem off for a certain amount of time. That's really the only time a dynamic ip changes. Good luck. |
| All times are GMT -5. The time now is 08:39 PM. |