Unable to ssh remotely #86
Comments
|
Is your gateway setting correct? That's the first thing that comes to mind when networking works only on the same subnet IPs.
What does /var/log/secure say after the failed connection?
Have you tried ssh -vv to see how the ssh connection responds?
Lee
On Apr 16, 2017, at 20:08, Jim Lamb <[email protected]<mailto:[email protected]>> wrote:
I am unable to ssh remotely unless coming from same subnet. Please advise me of fix action or things to try
-
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<#86>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AICv3H_nL1gyjgGtJQC8jmIu7emvlQqAks5rwrr2gaJpZM4M-yMd>.
|
|
Check the TCP WRAPPERS (/etc/hosts.allow, /etc/hosts.deny), sshd_config (/etc/ssh/sshd_config), and your Firewall (/root/iptables.sh), and networking (/etc/sysconfig/network_scripts/ifcfg-*) configuration files. |
|
Thanks. I will check all of these things Wednesday and get back to you guys. |
|
I forgot to mention that this is RHEL6 /etc/hosts.allow /etc/hosts.deny /root/iptables.sh - not found /etc/ssh/sshd_config Port 22 /etc/sysconfig/network_scripts/ifcfg-em1 |
|
/etc/sysconfig/iptables is where the firewall ACL lives.
You can try "service iptables stop" to rule that out as the problem.
Lee
On Apr 19, 2017, at 04:54, Jim Lamb <[email protected]<mailto:[email protected]>> wrote:
I forgot to mention that this is RHEL6
/etc/hosts.allow
ALL: 127.0.0.1 [::1}
sshd: ALL
/etc/hosts.deny
ALL: ALL
/root/iptables.sh - not found
/etc/ssh/sshd_config
Port 22
ListenAddress 192.168.1.31
Protocol 2
SyslogFacility AUTHPRIV
LogLevel INFO
AllowGroups sshusers
LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
MaxAuthTries 3
MaxSessions 3
HostbasedAuthentication no
IgnoreRhosts yes
PermitEmptyPasswords no
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
GatewayPorts no
X11Forwarding no
PrintLastLog yes
UsePrivilegeSeparation yes
PermitUserEnvironment no
ClientAliveInterval 900
ClientAliveCountMax 0
Banner /etc/issue
Subsystem sftp /usr/libexec/openssh/sftp-server
RhostsRSAAuthentication no
Compression delayed
KerberosAuthentication no
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
Macs hmac-sha2-512,hmac-sha2-256,hmac-sha1
/etc/sysconfig/network_scripts/ifcfg-em1
DEVICE=eth0
TYPE=Ethernet
UUID=.......e8e
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
NAME="System eth0"
IPV6_AUTOCONF=no
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=yes
IPADDR=192.168.1.31
PREFIX=24
GATEWAY=192.168.1.1
DNS1=8.8.8.8
DNS2=4.4.4.4
HWADDR=...:A8
-
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#86 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AICv3D_jRGS_NvMSmKBPiRzgOW8FfP3fks5rxdnLgaJpZM4M-yMd>.
|
|
Did that and still have issue |
|
You have not posted the results from 'ssh -vv 192.168.1.31' from the other subnet, nor said whether there is anything useful/relevant in /var/log/secure. |
|
Can't post the results. It is on a secure network. Entry in /var/log/secure says Connection closed by 192.168.1.31 There are other machines reachable on that subnet from the subnet I am using to try to reach this machine |
|
?Make sure the user account that is trying to connect is in the sshusers group. You might also verify that /etc/security/limits.conf maxlogins is set to 10. There was some earlier revisions that had set it to 3 which causes issues sometimes if you have to many connections. Stig says 10 is proper setting.
Lee
…________________________________
From: Jim Lamb <[email protected]>
Sent: Wednesday, April 19, 2017 9:23 AM
To: fcaviggia/hardening-script-el6
Cc: Meinecke, Lee; Comment
Subject: Re: [fcaviggia/hardening-script-el6] Unable to ssh remotely (#86)
Can't post the results. It is on a secure network. Entry in /var/log/secure says Connection closed by 192.168.1.31 There are other machines reachable on that subnet from the subnet I am using to try to reach this machine
-
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#86 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AICv3JUfcWCN96-AhezZDBRPjlwGGrH2ks5rxhjagaJpZM4M-yMd>.
|
|
Im thinking the route from the ssh server you are attempting to connect to is not in place. other points of interest but not necessary yet: /etc/ssh/sshd_config /etc/sysconfig/network_scripts/ifcfg-em1 |
|
@jlamb85 Did you get it to work? If you no longer have the problem then you should close the issue |
I am unable to ssh remotely unless coming from same subnet. Please advise me of fix action or things to try
The text was updated successfully, but these errors were encountered: