cannot login via ssh after installation

Discussion in 'Installation/Configuration' started by sone, Aug 15, 2005.

  1. jopa123

    jopa123 New Member

    And I have rebooted.
     
  2. falko

    falko Super Moderator Howtoforge Staff

    Hm...
    Did you use the local IP address to connect to SSH?
     
  3. jopa123

    jopa123 New Member

    If by local address you mean 192.168.2.26, then yes. I tried it from the Windows machine. No luck. If by local address you mean 127.0.0.1. I don't think I've tried that. I will this evening.
     
  4. falko

    falko Super Moderator Howtoforge Staff

    Yes, I meant that address.
    Everything you posted indicates it should work.
    Did you switch off the firewall on your Windows system? Maybe that's the problem?
     
  5. jopa123

    jopa123 New Member

    The firewall is on on both my home Windows machine (same network where the Linux box is) and here at work.

    I'm thinking it has to be something in the encryption, ISPConfig firewall, or host files since it was working fine before the install.

    The only other option I can think of in my limited knowledge is that somehow my atheros/madwifi/wireless config is setup incorrectly and will not allow pings, etc, to pass through.

    Thoughts?
     
  6. jopa123

    jopa123 New Member

    another clue?

    This may be another clue. I tried turning off the Windows firewall, I still cannot ping or ssh into the Linux box.

    Just for grins. I ssh'd from the Linux box to itself, both through the router (192.168.2.26) and through the localhost (127.0.0.1) both pinged just fine. So I downloaded and installed putty. I can ssh into the box from itself with both IP's. Does that help at all?

    thanks again for all of your help.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the output of:

    iptables -L

    If its still the same then your prior post in this thread, its definately not a problem of your linux server. And you used putty as SSH client on windows?
     
  8. jopa123

    jopa123 New Member

    I rebooted and here's the iptables -L readout. They seem the same to me. Yes, I am using putty for ssh on all machines involved.

    Chain FORWARD (policy DROP)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    DROP all -- anywhere anywhere

    Chain INPUT (policy DROP)
    target prot opt source destination
    DROP tcp -- anywhere 127.0.0.0/8
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT all -- anywhere anywhere
    DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain INT_IN (0 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain INT_OUT (0 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere
    ACCEPT all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere

    Chain PAROLE (9 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere

    Chain PUB_IN (4 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
    ACCEPT icmp -- anywhere anywhere icmp echo-reply
    ACCEPT icmp -- anywhere anywhere icmp time-exceeded
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    PAROLE tcp -- anywhere anywhere tcp dpt:ftp
    PAROLE tcp -- anywhere anywhere tcp dpt:ssh
    PAROLE tcp -- anywhere anywhere tcp dpt:smtp
    PAROLE tcp -- anywhere anywhere tcp dpt:domain
    PAROLE tcp -- anywhere anywhere tcp dpt:http
    PAROLE tcp -- anywhere anywhere tcp dpt:81
    PAROLE tcp -- anywhere anywhere tcp dpt:pop3
    PAROLE tcp -- anywhere anywhere tcp dpt:https
    PAROLE tcp -- anywhere anywhere tcp dpt:10000
    ACCEPT udp -- anywhere anywhere udp dpt:domain
    DROP icmp -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain PUB_OUT (4 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere

    If it looks the same to you and it is not the Linux server, I would have to guess that I have 2 other places to look, the Atheros/Madwifi/network configuration or the router.

    Does the fact that I can ping and ssh the machine from itself, through the router (192.168.2.26), prove that the router is configured properly?
     
  9. falko

    falko Super Moderator Howtoforge Staff

    Can you switch off the firewall and try again? If it still doesn't work, at least we know it's not the firewall.
     
  10. jopa123

    jopa123 New Member

    Falko,

    Good call! I turned off the firewall and I can ssh from my windows box on the network. Don't know why I didn't think of that. Now what? Do I have to see how the firwewall is configured for ssh?

    Thanks again.
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Do you use the ISPConfig firewall or the firewall of your linux distribution?
     
  12. jopa123

    jopa123 New Member

    Till,

    It's the ISPConfig firewall. FC4's forewall is turned off. Actuall was never started.
     
  13. falko

    falko Super Moderator Howtoforge Staff

    Can you double-check that there's no other firewall interfering with ISPConfig's firewall?
    Is SELinux disabled on your system?
     
  14. jopa123

    jopa123 New Member

    falko,

    Sorry for the previous mispellings. I really need to learn how to type.

    Not sure how to check if selinux is enabled. Here's is my /etc/selinux/config file

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    # enforcing - SELinux security policy is enforced.
    # permissive - SELinux prints warnings instead of enforcing.
    # disabled - SELinux is fully disabled.
    SELINUX=disabled
    # SELINUXTYPE= type of policy in use. Possible values are:
    # targeted - Only targeted network daemons are protected.
    # strict - Full SELinux protection.
    SELINUXTYPE=targeted
    ~
    ~
    ~
    ~
    ~
    "config" 10L, 447C

    --------------------------
    and here is my /etc/sysconfig/system-config-securitylevel file:


    # Configuration file for system-config-securitylevel

    --disabled
    ~
    ~
    ~
    "/etc/sysconfig/system-config-securitylevel" 3L, 65C

    ----------

    I will try to check via the gui when I get home.

    I don't know of any other firewall that could be running outside of FC4 and ISPconfig. Not really sure how to check, tho. I followed the perfect setup to the letter.
     
  15. falko

    falko Super Moderator Howtoforge Staff

    Looks ok. :confused: :confused:
     
  16. jopa123

    jopa123 New Member

    Falko,

    Yea, very confusing. Hey, I'd be glad to PM you access info if you want to look around inside the box. Like I said it's a learning machine.

    I know this is not your job, but I'm extremely curious as to what I did wrong.
     
  17. jopa123

    jopa123 New Member

    Just a thought. Is it possible that there is some sort of possible conflict with the way the madwifi drivers were written? After the ISPConfig install I had to reinstall the drivers for the wireless card. Just spitballing.
     
  18. till

    till Super Moderator Staff Member ISPConfig Developer

    I dont think that ISPConfig and madwifi may conflict as ISPConfig does not install any drivers at all and even network configuartion is disbled by default.
     
  19. jopa123

    jopa123 New Member

    Till

    Yea, I didn't think so. It was a shot in the dark.

    One more thing I may not have mentioned. This issue effects the http services as well. I cannot login to the ISPConfig control panel (https://xxx.xx.xxxxx.xxx:81) if the firewall is turned on. So it is not isolated to ssh.

    I'm stumped.
     
  20. falko

    falko Super Moderator Howtoforge Staff

    I think it could be a conflict with your WLAN card.
     

Share This Page