Hello,
I have a CENTOS 5 box that can reach the internet and can ping to/from all windows system on my home network. The catch is that I can not connect to the box using SSH from any windows machine, though they can easily ping the linux box and vice-versa.
Suggestion of a possible solution would be most appreciated.
Many thanks!
John
I have a CENTOS 5 box that can reach the internet and can ping to/from all windows system on my home network. The catch is that I can not connect to the box using SSH from any windows machine, though they can easily ping the linux box and vice-versa.
Is there a firewall running on the Linux machine, and if so, is it allowing tcp port 22 through? Are you able to ssh from other Linux systems on your home network (if there are any) or have you only tried sshing from Windows systems? Is sshd running?
Barry
Barry,
I will check on firewall, though I have not deliberately activated one. This machine has run for several years without this occurance. I will check on port 22. All other machnes on the LAN are Windows.
Many thanks for getting back to me.
John
On Mon, Sep 30, 2013 at 11:31 PM, Barry Brimer lists@brimer.org wrote:
I have a CENTOS 5 box that can reach the internet and can ping to/from
all
windows system on my home network. The catch is that I can not connect
to
the box using SSH from any windows machine, though they can easily ping
the
linux box and vice-versa.
Is there a firewall running on the Linux machine, and if so, is it allowing tcp port 22 through? Are you able to ssh from other Linux systems on your home network (if there are any) or have you only tried sshing from Windows systems? Is sshd running?
Barry _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Surprisingly (to me, anyway), the SSH daemon is off by default in CentOS; you need to 'chkconfig sshd on' and 'service sshd start' as root in order to be able to ssh in.
Tony.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of John McKelvey Sent: 01 October 2013 12:00 To: CentOS mailing list Subject: Re: [CentOS] CENTOS 5 incoming SFTP
Barry,
I will check on firewall, though I have not deliberately activated one. This machine has run for several years without this occurance. I will check on port 22. All other machnes on the LAN are Windows.
Many thanks for getting back to me.
John
On Mon, Sep 30, 2013 at 11:31 PM, Barry Brimer lists@brimer.org wrote:
I have a CENTOS 5 box that can reach the internet and can ping to/from
all
windows system on my home network. The catch is that I can not connect
to
the box using SSH from any windows machine, though they can easily ping
the
linux box and vice-versa.
Is there a firewall running on the Linux machine, and if so, is it allowing tcp port 22 through? Are you able to ssh from other Linux systems on your home network (if there are any) or have you only tried sshing from Windows systems? Is sshd running?
Barry _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- John McKelvey 10819 Middleford Pl Ft Wayne, IN 46818 260-489-2160 jmmckel@gmail.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
----- No virus found in this message. Checked by AVG - www.avg.com Version: 2014.0.4142 / Virus Database: 3604/6709 - Release Date: 09/29/13
______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
On Tue, Oct 1, 2013 at 10:23 AM, Tony Sweeney tsweeney@omnifone.com wrote:
Surprisingly (to me, anyway), the SSH daemon is off by default in CentOS; you need to 'chkconfig sshd on' and 'service sshd start' as root in order to be able to ssh in.
That must depend on the type of install you choose.
2013/10/1 Tony Sweeney tsweeney@omnifone.com
Surprisingly (to me, anyway), the SSH daemon is off by default in CentOS; you need to 'chkconfig sshd on' and 'service sshd start' as root in order to be able to ssh in. r several years without this occurance. I will check on port 22. All other machnes on the LAN are Windows.
On default install ssh daemon is turned on, maybe you are using custom spin or customized install cd or kickstart?
-- Eero
Hello...
OK, I have been checking... NSLOOKUP ... sees the linux box... Linux box can ping all other boxes on the LAN (they are all windows) as well as internet.
With firewalls off on both any windows box as well as firewall off on linux box it can not be pinged, much less move files or log on from any of the lAN's windows boxes. SSHD is running on linux box. Port 22 is open for TCP in IPTABLES.
John
On Tue, Oct 1, 2013 at 5:39 PM, John R Pierce pierce@hogranch.com wrote:
On 10/1/2013 1:42 PM, Eero Volotinen wrote:
On default install ssh daemon is turned on, maybe you are using custom
spin
or customized install cd or kickstart?
its also enabled on a 'minimal' install.
-- john r pierce 37N 122W somewhere on the middle of the left coast
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Sat, 2013-10-05 at 18:04 -0400, John McKelvey wrote:
Hello...
OK, I have been checking... NSLOOKUP ... sees the linux box... Linux box can ping all other boxes on the LAN (they are all windows) as well as internet.
<snip> I was thinking that it can be a DNS issue, however you are able to see the Linux box from the Windows machines using NSLOOKUP on the same LAN. What changed before you started to experience this issue, I recall in one of your previous post, you mentioned that "it have been working like this for years". Did the IP or MAC address of the Linux server changed?
With firewalls off on both any windows box as well as firewall off on linux box it can not be pinged, much less move files or log on from any of the lAN's windows boxes. SSHD is running on linux box. Port 22 is open for TCP in IPTABLES.
If the firewall is off on the Linux server and you are still not able to ping it you can check the sysctl.conf or /proc/sys/net/ipv4/icmp_echo_ignore_all. Are there any ACLs on the port that they Linux box is connected to that could be preventing inbound traffic to this server?
John
On Tue, Oct 1, 2013 at 5:39 PM, John R Pierce pierce@hogranch.com wrote:
On 10/1/2013 1:42 PM, Eero Volotinen wrote:
On default install ssh daemon is turned on, maybe you are using custom
spin
or customized install cd or kickstart?
its also enabled on a 'minimal' install.
-- john r pierce 37N 122W somewhere on the middle of the left coast
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Sat, Oct 5, 2013 at 5:04 PM, John McKelvey jmmckel@gmail.com wrote:
Hello...
OK, I have been checking... NSLOOKUP ... sees the linux box... Linux box can ping all other boxes on the LAN (they are all windows) as well as internet.
With firewalls off on both any windows box as well as firewall off on linux box it can not be pinged, much less move files or log on from any of the lAN's windows boxes. SSHD is running on linux box. Port 22 is open for TCP in IPTABLES.
Is everything on the same subnet or is there some router/firewall device between the linux and windows boxes? It doesn't make much sense to be able to ping one direction but not the other without some firewall in the way. It also doesn't make sense to say your 'firewall is off' in linux and then talk about ports being open in iptables. If your firewall is off, you should just see a policy of ACCEPT in iptables and nothing about ports.
In any case, if you run tcpdump you should be able to see if the ping packets are reaching the linux box (or tcp port 22 for ssh). If you see packets arriving at the interface but nothing responds, it is probably iptables blocking them. If the packets you send don't arrive at all, something external is blocking them.
John McKelvey wrote on Mon, 30 Sep 2013 23:27:55 -0400:
The catch is that I can not connect to the box using SSH
That's obviously not true or just half of the story. Did you actually try *sshing* in? Your title mentions sftp, not ssh. So, what software are you using to connect? I would normally recommend using SCP (and not sftp) with WinSCP. If you do that you can have the sftp subsystem of OpenSSH shut off.
Kai
On Mon, Sep 30, 2013 at 11:27 PM, John McKelvey jmmckel@gmail.com wrote:
Hello,
I have a CENTOS 5 box that can reach the internet and can ping to/from all windows system on my home network. The catch is that I can not connect to the box using SSH from any windows machine, though they can easily ping the linux box and vice-versa.
Suggestion of a possible solution would be most appreciated.
Many thanks!
others have mentioned it as well, it sounds to me like there's a local firewall (probably iptables) running on the linux box. Although I thought the default in the 5 series of redhat/centos was to leave port 22 open. it could also be that you don't have the ssh daemon turned on/possibly even installed (?)
I'd make sure you have ssh turned on (from the linux machine, ssh to localhost, telnet localhost 22, ps -ef | grep sshd, service sshd status, chkconfig --list | grep ssh ) if all that works and looks OK, then try turning off firewall (service iptables stop) then try to ssh in from your other machines if that's ok, then back to the linux machine's console and do service iptables start iptables -I INPUT -s ${cdir of your lan[1]} -p tcp --dport 22 -j ACCEPT service iptables save and I'd think you should be set.
[1] if your LAN is 192.168.0.0 with a netmask of 255.255.255.0 the CDIR would be 192.168.0.0/24, not sure how much you've dealt with that. googl will be your friend if you have an odd netmask.
some of these options may be off, I don't use centos 5 much these days and all I'm putting in here is from memory, so I might be missing some stuff, but I think it's reasonably close.
-
Barry Brimer -
Earl Ramirez -
Eero Volotinen -
John McKelvey -
John R Pierce -
Kai Schaetzl -
Les Mikesell -
Tony Sweeney -
zGreenfelder