Printable Version of Topic

Click here to view this topic in its original format

Linuxhelp _ Technical Support _ Need help with ssh

Posted by: mfuller May 13 2009, 09:23 PM

Greetings all.

I'm somewhat of a newbie to Linux (most of my experience has been with SCO) so please bear with me. \

I've got a new server (RedHat Enterprise 5) that I initially set up in my office without any problem -
i.e. I could connect via ssh with a terminal emulator, no problem. My office, FWIW, uses the 192.168.0.xx class C IP addressing.

Before I shut down and moved the server I reset the server IP address and default gateway to what I thought would be correct for the network, thinking this would be a plug-it-in-and-go thing.

Today I moved the server to its offical home. The new site has a somewhat different network setup (class A 10.10.x.x.) and try as I might I could not connect via ssh (or telnet for that matter)
from any other computer in the network - even after completely disabling the firewall and enabling telnet. I could connect using ssh on the server itself (ssh -l myname 10.10.10.20) but from
any other pc on the network, no luck - the login just sat and eventually timed out. I did not receive a "connection refused" message.

I know the machine is on the network - I can see the other machines and ping them without any problem.

What I've done: I added the test pc's IP address to /etc/hosts.allow file. I've verified that the sshd daemon is running.
I've looked at the iptables listing & don't see any red flags, but the whole iptables thing is new to me, so I could be very, very wrong.

I'm sure I'm missing something stupid and/or blindingly obvious & hope that someone wiser that I can point it out..



Posted by: michaelk May 14 2009, 06:52 AM

Can you ping this server from the other computers on the network?
Are you sure there are no other computers with the same IP address?
Are all computers on the same subnet etc?

Posted by: mfuller May 14 2009, 10:36 AM

QUOTE (mfuller @ May 13 2009, 09:23 PM) *
Greetings all.

I'm somewhat of a newbie to Linux (most of my experience has been with SCO) so please bear with me. \

I've got a new server (RedHat Enterprise 5) that I initially set up in my office without any problem -
i.e. I could connect via ssh with a terminal emulator, no problem. My office, FWIW, uses the 192.168.0.xx class C IP addressing.

Before I shut down and moved the server I reset the server IP address and default gateway to what I thought would be correct for the network, thinking this would be a plug-it-in-and-go thing.

Today I moved the server to its offical home. The new site has a somewhat different network setup (class A 10.10.x.x.) and try as I might I could not connect via ssh (or telnet for that matter)
from any other computer in the network - even after completely disabling the firewall and enabling telnet. I could connect using ssh on the server itself (ssh -l myname 10.10.10.20) but from
any other pc on the network, no luck - the login just sat and eventually timed out. I did not receive a "connection refused" message.

I know the machine is on the network - I can see the other machines and ping them without any problem.

What I've done: I added the test pc's IP address to /etc/hosts.allow file. I've verified that the sshd daemon is running.
I've looked at the iptables listing & don't see any red flags, but the whole iptables thing is new to me, so I could be very, very wrong.

I'm sure I'm missing something stupid and/or blindingly obvious & hope that someone wiser that I can point it out..


Posted by: OaXlin May 14 2009, 10:54 AM

Here are your primary things to check

1) Is the service listening on the correct IP address? By default SSH normally listens on all addresses, so this is probably not the problem unless you already changed it once... but still a good thing to check.
/etc/ssh/sshd_config (this is on debian... may be in a different place on redhat)
You may need to change the ListenAddress value
You could also check by tying to connect to the machine from itself using the 10.10.x.x address... weird but hey it's an easy test.

2) Can you connect to SSH from other machines on the local network?
If no, then the problem is probably your sshd_config, or iptables
If yes, then the problem is probably iptables, nat or port forwarding not being setup properly

Posted by: mfuller May 14 2009, 10:57 AM

I do not receive a ping response from the server - there is a notice logged in SELinux troubleshooter
(going off memory here, I'm not at the machine) that states the system 'saw' the ping but didn't respond
because icmp is disabled. So I know the pings are getting through, FWIW.

I'll double check on the subnet but I'm fairly certain the computers at that location are all on the same subnet.
I had their network guy verify that the IP address I assigned was unused but I'll revisit that as well.

Any other suggestions?

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)