[sllug-members]: SSH question

Remo Mattei remo at italy1.com
Fri Apr 18 10:34:03 MDT 2008 

why don't you try to disable IPTABLES and see if it works for a min? 
just make sure you can accept everything do itpables -P INPUT ACCEPT 
(policy changed from DENY to ACCEPT) and/or iptables -F to flush it but 
then the policy is still in DENY ;) test it and see.. if that work then 
you know it's iptables rules that have problems.

Just my 2 cents.

Remo

Mark K. Spute wrote:
> Dan Witt wrote:
>> Mark K. Spute wrote:
>>> I ran
>>>
>>> ssh -p 22 root at 127.0.0.1
>>>
>>> from the server console and it gave:
>>>
>>> ssh: connet to host 127.0.0.1 port 22: Connection refused
>>>
>>> I tried it again with:
>>>
>>> ssh -p 3022 root at 127.0.0.1
>>>
>>> and I got:
>>>
>>> The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
>>> RSA key fingerprint is 23:3f: . . .
>>> Are you sure you want to continue connecting (yes/no)?
>>>
>>> Does this mean it is listening on this port, but it doesn't recognize 
>>> itself?
>>
>> Hey Mark, it appears that you've successfully changed the SSH port but 
>> iptables might be blocking port 3022. If 3022 is being blocked, you 
>> won't be able to connect.
>>
>> Check your iptables script in:
>>
>> /etc/sysconfig/iptables
>>
>> There might be a line in there that reads something like:
>>
>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 
>> -j ACCEPT
>>
>> Just change the port from 22 to 3022 and restart iptables.
>>
>> You might also want use iptables to block any unknown IP addresses 
>> from hitting port 3022 on your server. Here's an example for the 
>> filter table:
>>
>> #Log any attempts to connect on port 3022
>> -A INPUT -i eth0 -p tcp -m tcp --dport 3022 -j LOG
>> #Allow my work IP to connect on port 3022
>> -A INPUT -i eth0 -s 123.123.23.31 -p tcp -m tcp --dport 3022 -j ACCEPT
>> #Allow my Mom to connect on port 3022
>> -A INPUT -i eth0 -s 121.121.43.11 -p tcp -m tcp --dport 3022 -j ACCEPT
>> #Block any other IP from trying to connect on 3022
>> -A INPUT -i eth0 -p tcp -m tcp --dport 3022 -j DROP
>>
>> Good luck!
>>
>> -Dan Witt
> 
> Okay, I updated my iptables as you suggested above and restarted 
> iptables.  Now I can login from machines behind my firewall (using 
> 127.0.0.1)  However, I tried to use putty to login to my public IP 
> address (216.126.226.210) and I get a fatal error.  It says Network 
> Error: connection refused.
> 
> Is this still an iptables issue?  (I know nothing about iptables, so I 
> am hesitant to get in there and mess around.)
> 
> Mark
> ______________________________________________________________________
> See http://www.sllug.org/ for latest SLLUG news, information, links.
> Join SLLUG and other UT LUG members on irc.FreeNode.net channel #Utah
> sllug-members at sllug.org
> http://www.sllug.org/cgi-bin/mailman/listinfo/sllug-members
> 
> !DSPAM:4808cb1b144089868013992!
>

More information about the sllug-members mailing list