MinhTech.com

Yet another technology tutorial blog.

Fedora Linux 14 Unable to ssh to Server

By • Feb 12th, 2011 • Category: Linux

Here are some troubleshooting tips if you are unable to connect to your Fedora Linux 14 server via ssh.

First, Check iptables:

> su –
> head -20 /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 9090
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
Protocol 2
> /etc/init.d/sshd status
openssh-daemon (pid 1309) is running…
> /etc/init.d/iptables status
Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 ACCEPT all — 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 ACCEPT all — 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Log into root and check the port binding. In this example, we are binding sshd to port 9090 and confirm that sshd is running. Then we check iptables and notice there is no explicit rule to allow access to port 9090.

> iptables -A INPUT -i eth0 -p tcp --dport 9090 -j ACCEPT

So we create a firewall rule to allow access to port 9090 via interface eth0. Omitting the interface parameter would allow access to port 9090 via all network interfaces.

Next, check SELinux:

> /etc/init.d/sshd start
> /etc/init.d/sshd status
openssh-daemon is stopped
> cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted

In this case, we attempt to start sshd but it is not running, and then check the SELinux configuration. SELinux policy is enforcing. You could edit the config file and make SELinux policy permissive or disabled but that is not recommended. Instead, you should configure SELinux to allow sshd to bind to port 9090.

> semanage port -a -t ssh_port_t -p tcp 9090

is a technology junkie.
Email this author | All posts by

One Response »

  1. We learnt installing openfire XMPP server in the previous posts, now we’ll take a look at changing default port of admin console as a one of the security measures. Default port is 9090 as we use serverip:9090 to login.

Leave a Reply