PDA

View Full Version : Cannot SSH to Sles11sp1 Server



sjfast911
14-Jun-2012, 14:02
Hello,

I recently setup a Sles11sp1 server on a VM session. The problem is I cannot SSH to it. The server has network connectivity. I can ping the gateway. I can ssh to other servers on the same subnet. I checked SSHD and it is running. The server is listening on port22. Remote Administration is turned on. Any suggestions?

Scott

ab
14-Jun-2012, 14:54
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is the firewall allowing connections to TCP 22? A service may listen,
but the kernel does not need to allow packets to arrive. From another
Linux box try this to test connectivity to the SSH service on your
broken box:

netcat -zv broken.box.goes.here 22

Post the output. We're looking for it to say 'open' in which case the
next step may be to get debugging output from an SSH client:

ssh -vvv youruserhere@broken.box.goes.here

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP2e0ZAAoJEF+XTK08PnB5oYQP/0OMXNK87NtIVKHP1i2ciUXQ
Tnw33HQGaHcBfDH9+txRvdCBnVeP/o68dp1GWreIBbzDpGTODQe0tdNY/QZ0wB1j
AXoPw5WCIhGNaJ8DXo0rSAHxDyWSNv5PdEE0bs+p0c2gO643SM LeyEQgvCH8o2am
B3heooKwtHb6ofr28pcs5/MazPBGxf6fBvF/RU3zH9Cnl2X0//GPqB9K9SyLdpk1
vM2l5PY/Xcc6b8GvV0GN7DJr/N16mOszW7ZYTDu8zoNtyUOKQDlESaRw8TNTJZ3v
S6DHxF4Lu80SOlUIrKqNXOJwrjHjftll9FzOLwhb+Fa8FWrjBt HKyXKmCOklm7eM
gtHOIXXSTdaOmwTxiiIHnGsnimFLEdav9jBLaofZvniQNFE3la 2cStCgj2PZK5fP
vi6alYUWdQCTHXtdOtJ3deIm7AadTdL1fKLbu5Zz03/c5GHPmZOzrj82i9tCAAv0
lTYhRByZAR/I6sYUCjvKTy+DGz2JwETR8VlMX7CO5BbHXDMDsn8ntwkNANZk/CAz
dttRjcFNqAsgtnXPUt/EPzMvurab17jLMyrn0kODWhhxci4O9f6lobGM1C4ZZw5t
0k6FV/RdiGeRF2jnafDCJEAUvXd9zxegBOYeh6Ju8x71hfi9VKFqEmm5 bMhxmzLO
DR0ZkAstFmjiUVLcdEF/
=19Yf
-----END PGP SIGNATURE-----

malcolmlewis
14-Jun-2012, 14:55
Hello,

I recently setup a Sles11sp1 server on a VM session. The problem is I
cannot SSH to it. The server has network connectivity. I can ping the
gateway. I can ssh to other servers on the same subnet. I checked SSHD
and it is running. The server is listening on port22. Remote
Administration is turned on. Any suggestions?

Scott



Hi
Check the firewall (via YaST) and ensure the sshd server port is open.
Else add some verboseness to you ssh command and post the output around
code tags (remove any sensitive data...)


ssh -vv username@host


--
Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 3.0.31-0.9-default
up 1 day 10:01, 3 users, load average: 0.20, 0.20, 0.22
CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU

smflood
14-Jun-2012, 15:04
On 14/06/2012 14:04, sjfast911 wrote:

> I recently setup a Sles11sp1 server on a VM session. The problem is I
> cannot SSH to it. The server has network connectivity. I can ping the
> gateway. I can ssh to other servers on the same subnet. I checked SSHD
> and it is running. The server is listening on port22. Remote
> Administration is turned on. Any suggestions?

When you set up the server did you allow SSH through the firewall? By
default, the SSH port is blocked. See step 12 @
http://www.suse.com/documentation/sles11/book_quickstarts/data/sec_sles_installquick.html

HTH.
--
Simon
Novell/SUSE/NetIQ Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------

sjfast911
14-Jun-2012, 15:15
The firewall is turned off. Here are the results from the netcat:

pwausoinf06:~ # netcat -zv 10.139.248.191 22
Warning: forward host lookup failed for pwausosmt201.app.hscint.net: Unknown host : No such file or directory

Thanks
Scott

sjfast911
14-Jun-2012, 15:21
That was it. Thanks for the help!!

Scott

ab
14-Jun-2012, 16:33
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Apparently not, per your other post. I'm glad opening that port fixed it.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP2gRRAAoJEF+XTK08PnB54L8P/Rg5X3uh+MzpUd9wy0z6b6YJ
U5pIiI9sXFpZe5Wiin1Hn2ALqarO9zgckrYRm9RASnfatg+VW5 9TFedpGJ0tsKXa
HRBZTZjAOVq/rWcQX5o0uxtVyPYISPRFAGSEqgX+Vq+8KSeVk4Q9W3Ews+an4H 2T
ZEGOiMgU8NaXTy6gs3tqpA/BHXccWPPZBfGkLQFmC6FdECNZFXwsYMqXoCPFfa5y
C1IWjKf+MSDW+vcCqMbmLuECEEBShpgoi7gp4XZpf03UHEWiiF AFzQXSYLOhT0QM
JHo8AAfsJzFYtenOQXeJQKn2fRt1AWFw1xswoLDc66Cc4II4fq VyyDlPCP07Ky6r
NMTYJCmMT54kU1HXuAY+41RQOAs7SxtLrLizarw5FiV5vw//MmwMP/IC4dVOkgaI
BfE87+z3y0M1dvy+fSZ4qnPOwkcRc/sxwU2eU8tzbMR4DUfE3zqqeaDnRGc7j4lc
X3cJtuzHrWqqUAOv63w9AXB9yQs2NMe384yWQKQQyR2yWgZpc3 wMlIZYp6ZeA3tq
sgIHYg31NxIr+BQ3RuU+GogN5cABVJpaWi7i1+lsMDhcsCkBjw rIq6MlWODjBjkL
1/PA3OaZpBmADlxQFRgj8jU0wYvPr3yKlK5A0L1QqK6EWrVsJC1l L3RxJ4jhoDro
Ta0qfcKJLQKti1mhTPFQ
=f5oZ
-----END PGP SIGNATURE-----

sjfast911
15-Jun-2012, 16:34
Well I guess there is more than one place to turn off the firewall. Cause I checked the area where you turn on/off Remote Administration and there is an option in that area to turn off the firewall. It said disabled. But afer reading his suggestion and looking at the documentation I did a search for Firewall in Yast. Which it was not turned off. So I turned it off. Now I know what to check for.

Scott

smflood
15-Jun-2012, 22:24
On 15/06/2012 16:44, sjfast911 wrote:

> Well I guess there is more than one place to turn off the firewall.
> Cause I checked the area where you turn on/off Remote Administration and
> there is an option in that area to turn off the firewall. It said
> disabled. But afer reading his suggestion and looking at the
> documentation I did a search for Firewall in Yast. Which it was not
> turned off. So I turned it off. Now I know what to check for.

Instead of turning off the firewall add the SSH service (port 22) to the
list of allowed services in the firewall. See
http://www.suse.com/documentation/sles11/book_security/data/sec_fire_suse.html
for more information.

HTH.
--
Simon
Novell/SUSE/NetIQ Knowledge Partner