Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> Unable to SSH into server from new SL laptop
sirjames2004
 Posted: Apr 8 2013, 09:33 PM
Quote Post


SLF Newbie


Group: Members
Posts: 5
Member No.: 2375
Joined: 24-March 13









I have an interesting problem. I've had a linux server (Fedora) running in my home for a while now, and it's running SSH over a non-standard port. I've been able to ssh/putty into it from all my other machines, within and outside of my home network, without issue.

However, I just installed SL on my main laptop, and I'm not able to to SSH from it to my home server from outside my network. Inside my network it works like a charm. I've tried doing it from multiple outside networks (work, school, Starbucks) just to verify it wasn't a network issue on their end.

I figure it's gotta be something on the client side obviously. I've already disabled SELinux in the /etc/selinux/config file, but other than that, I'm kinda stumped. Anyone have any ideas? Thanks in advance!
PMEmail Poster
^
helikaon
 Posted: Apr 9 2013, 05:44 AM
Quote Post


SLF Administrator
*******

Group: Admins
Posts: 836
Member No.: 4
Joined: 8-April 11









QUOTE (sirjames2004 @ Apr 8 2013, 09:33 PM)
I have an interesting problem. I've had a linux server (Fedora) running in my home for a while now, and it's running SSH over a non-standard port. I've been able to ssh/putty into it from all my other machines, within and outside of my home network, without issue.

However, I just installed SL on my main laptop, and I'm not able to to SSH from it to my home server from outside my network. Inside my network it works like a charm. I've tried doing it from multiple outside networks (work, school, Starbucks) just to verify it wasn't a network issue on their end.

I figure it's gotta be something on the client side obviously. I've already disabled SELinux in the /etc/selinux/config file, but other than that, I'm kinda stumped. Anyone have any ideas? Thanks in advance!


Hi,
so, if i understand it well, you are able to login from outside to you home linux server from other devices using SSH. But from this particular laptop, you cant?
SELinux has nothing to do with this. Have you been altering IPtables (firewall) on your laptop?

Please, try verbosive ssh login and post here what this says:
CODE

ssh -vvv username@ip-address


cheers,

--------------------
PMEmail Poster
^
sirjames2004
 Posted: Apr 21 2013, 12:20 AM
Quote Post


SLF Newbie


Group: Members
Posts: 5
Member No.: 2375
Joined: 24-March 13









QUOTE (helikaon @ Apr 8 2013, 11:44 PM)

Hi,
so, if i understand it well, you are able to login from outside to you home linux server from other devices using SSH. But from this particular laptop, you cant?
SELinux has nothing to do with this. Have you been altering IPtables (firewall) on your laptop?

Please, try verbosive ssh login and post here what this says:
CODE

ssh -vvv username@ip-address


cheers,


That is correct. I'm unable to ssh into my home network from the outside, but only from this particular machine. The output from ssh -vvv wasn't very enlightening. I replaced my ip address and the port number with x's:

CODE
[user@localhost ~]$ ssh -p xxxx xxx.xxx.xxx.xxx -vvv
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port xxxx.
debug1: connect to address xxx.xxx.xxx.xxx port xxxx: Connection timed out
ssh: connect to host xxx.xxx.xxx.xxx port xxxx: Connection timed out


I'm doing some tweaking with my local firewall, but there shouldn't be any outbound rules preventing the ssh connection from going out. I'll let you know once I've tested it from an outside environment again.
PMEmail Poster
^
sirjames2004
 Posted: Apr 26 2013, 01:03 AM
Quote Post


SLF Newbie


Group: Members
Posts: 5
Member No.: 2375
Joined: 24-March 13









I reconstructed my iptables rule file and it still doesn't work from the outside. My firewall script for my SL laptop is as follows:

CODE

!/bin/bash
iptables -F
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables-save > /etc/sysconfig/iptables
service iptables restart
iptables -L -v


What's also weird is that when I go to check the status of the iptables service, it outputs my rules rather than just a generic message saying it's running or not running:

CODE

[root@localhost ~]$ service iptables status
Table: filter
Chain INPUT (policy DROP)
num  target     prot opt source               destination        
1    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

Chain FORWARD (policy DROP)
num  target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination        
1    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 0


Is my local firewall corrupt, or am I going in the wrong direction with this entirely?
PMEmail Poster
^
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll