SSH configuration

[Allblack]

I had an old P200 sitting under my desk and decided to install RH8 on it. I opted for the server install and basically went for the default settings.
SSH is running and the machine is listening on port 22 but I can't get in.

I have chosen medium security and if I am not mistaken that blocks port 22. I don't have any graphical functionality on this machine and redhat-config-securitylevel does not work. Is there an easy way to open this port?

Do I have to manually edit iptables? What do I need to do?

[Dolda2000]

You'll probably need to edit your iptables config manually, yes. Unfortunately, I don't know where these firewall configurators save their configuration, but I do know that RedHat's standard iptables configuration file name is /etc/sysconfig/iptables. Check that file and see if there is anything usable in there.

[nikhil]

hi

I installed redhat9 with medium security and ssh and it allowed me in.
Are you sure you have to modify iptables to release port 22??
Are you trying to login as root or as a normal user?
is ssh listening on port 22 in the first place?

[craig_mcd]

From the server run.

iptables -L

That will list what rules are currenty running. Check the man page for iptables on how to edit/replace rules. You will need to edit the iptables script so that the effects are permanent.
It is most likely in the place that Dolda has previously posted.

If you are confused with how to edit the rules just ask, the man page is quite informative but can be a bit overwhelming.

btw - Are you getting an error or is your connection just timing out ?

[Allblack]

SSH is listening on port 22 and I get a connection reset error.

I did some reading on iptables and tried to add some commands which then show up when I run iptables -L .

I added -A INPUT -s 192.168.1.25 -j ACCEPT and I believe this should accept everything if I am not mistaken.

It still didn't let me in. I wonder if it is conflicting with Chain RH-Lokkit?

Can someone explain what /etc/sysconfig/iptables is for? I thought that was the configuration file but the stuff you see under iptables -L is a lot different. It's quite confusing for someone who is new to iptables I guess.

[Allblack]

Looks like I got it to work. In my INPUT chain was a reference to the RH-Lokkit chain and I guessed that past it on to that chain, which blocked it.
I flushed that chain. Can someone show me the location of Dolda's post on saving the configuration?

Cheers

[Dolda2000]

You should probably add a specific rule to let port 22 through instead, for a more stable configuration. Try this:

Code:

iptables -I INPUT -p tcp --dport 22 -j ACCEPT

The save format for iptables is very different from what you see when you use iptables -L. Can you give a sample from it (or the entire file, preferrably), so that I can validate it?

[Allblack]

I would defenitly make it more stable if it was a production server. I am just using this one to learn so it's ok if I screw up

I still don't understand the /etc/sysconfig/iptables file completely.
I assume it stores the changes you make with iptables command?

On my home machine I am not using the iptables firewall as I have a hardware router. The /etc/sysconfig/iptables does not exist and iptables -L shows empty chains.

If I add some rules would the /etc/sysconfig/iptables files be created?
How do you save the changes as it looks like you need to run /etc/sysconfig/iptables save .

Thanx

[nikhil]

so does this mean that I get a pc and install redhat on it along with ssh and iptables, I wont be able to ssh to it because iptables blocks that port?

[Allblack]

so does this mean that I get a pc and install redhat on it along with ssh and iptables, I wont be able to ssh to it because iptables blocks that port?

I think that's what happened to me. I have opted for medium security and I was unable to SSH into it. Don't take my word for it though as I have no Linux experience.