Find the answer to your Linux question:
Results 1 to 4 of 4
It appears i cant connect linux VPS server via SSH or i cant SCP any file to it and i cant wget any file TO it (from inside it) while ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User postcd's Avatar
    Join Date
    Apr 2011
    Posts
    324

    When i start CSF i cant connect VPS or download any data into it It a


    It appears i cant connect linux VPS server via SSH or i cant SCP any file to it and i cant wget any file TO it (from inside it) while CSF (Config Server Firewall, LFD is running. Just after isntall in default configuration and after changing TESTING mode to LIVE mode.

    Trying to wget & install comething => stuck
    Code:
    [root@pvbvfxby ~]# wget http://www.inetbase.com/scripts/ddos/install.sh;chmod 0700 install.sh;
    --2014-04-07 08:25:26--  http://www.inetbase.com/scripts/ddos/install.sh
    Resolving www.inetbase.com... 184.173.190.146
    Connecting to www.inetbase.com|184.173.190.146|:80...

    Trying to SCP something into VPS:
    Code:
    amnesia@amnesia:~$ scp install.sh root@vpsipthere:/root
    ERROR: Got error response from SOCKS server: 6 (TTL expired).
    FATAL: failed to begin relaying via SOCKS.
    ssh_exchange_identification: Connection closed by remote host
    lost connection

    Nothing in deny file/s
    Code:
    [root@pvbvfxby log]# cat /etc/*deny*
    My computer IP not in iptables:
    Code:
    [root@pvbvfxby log]# iptables -L
    Chain INPUT (policy DROP)
    target     prot opt source               destination         
    ACCEPT     tcp  --  google-public-dns-b.google.com  anywhere            tcp dpt:domain 
    ACCEPT     udp  --  google-public-dns-b.google.com  anywhere            udp dpt:domain 
    ACCEPT     tcp  --  google-public-dns-b.google.com  anywhere            tcp spt:domain 
    ACCEPT     udp  --  google-public-dns-b.google.com  anywhere            udp spt:domain 
    ACCEPT     tcp  --  google-public-dns-a.google.com  anywhere            tcp dpt:domain 
    ACCEPT     udp  --  google-public-dns-a.google.com  anywhere            udp dpt:domain 
    ACCEPT     tcp  --  google-public-dns-a.google.com  anywhere            tcp spt:domain 
    ACCEPT     udp  --  google-public-dns-a.google.com  anywhere            udp spt:domain 
    LOCALINPUT  all  --  anywhere             anywhere            
    ACCEPT     all  --  anywhere             anywhere            
    INVALID    tcp  --  anywhere             anywhere            
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp-data 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:domain 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:pop3 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imap 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtps 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:submission 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imaps 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:pop3s 
    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ftp-data 
    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ftp 
    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:domain 
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-request limit: avg 1/sec burst 5 
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply limit: avg 1/sec burst 5 
    ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded 
    ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable 
    LOGDROPIN  all  --  anywhere             anywhere            
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy DROP)
    target     prot opt source               destination         
    ACCEPT     tcp  --  anywhere             google-public-dns-b.google.com tcp dpt:domain 
    ACCEPT     udp  --  anywhere             google-public-dns-b.google.com udp dpt:domain 
    ACCEPT     tcp  --  anywhere             google-public-dns-b.google.com tcp spt:domain 
    ACCEPT     udp  --  anywhere             google-public-dns-b.google.com udp spt:domain 
    ACCEPT     tcp  --  anywhere             google-public-dns-a.google.com tcp dpt:domain 
    ACCEPT     udp  --  anywhere             google-public-dns-a.google.com udp dpt:domain 
    ACCEPT     tcp  --  anywhere             google-public-dns-a.google.com tcp spt:domain 
    ACCEPT     udp  --  anywhere             google-public-dns-a.google.com udp spt:domain 
    LOCALOUTPUT  all  --  anywhere             anywhere            
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
    ACCEPT     tcp  --  anywhere             anywhere            tcp spt:domain 
    ACCEPT     udp  --  anywhere             anywhere            udp spt:domain 
    ACCEPT     all  --  anywhere             anywhere            
    INVALID    tcp  --  anywhere             anywhere            
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp-data 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:domain 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:pop3 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:auth 
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https 
    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ftp-data 
    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ftp 
    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:domain 
    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:auth 
    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ntp 
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply 
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-request 
    ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded 
    ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable 
    LOGDROPOUT  all  --  anywhere             anywhere            
    
    Chain ALLOWIN (1 references)
    target     prot opt source               destination         
    
    Chain ALLOWOUT (1 references)
    target     prot opt source               destination         
    
    Chain DENYIN (1 references)
    target     prot opt source               destination         
    
    Chain DENYOUT (1 references)
    target     prot opt source               destination         
    
    Chain INVALID (2 references)
    target     prot opt source               destination         
    INVDROP    all  --  anywhere             anywhere            state INVALID 
    INVDROP    tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
    INVDROP    tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 
    INVDROP    tcp  --  anywhere             anywhere            tcp flags:FIN,SYN/FIN,SYN 
    INVDROP    tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN,RST 
    INVDROP    tcp  --  anywhere             anywhere            tcp flags:FIN,RST/FIN,RST 
    INVDROP    tcp  --  anywhere             anywhere            tcp flags:FIN,ACK/FIN 
    INVDROP    tcp  --  anywhere             anywhere            tcp flags:PSH,ACK/PSH 
    INVDROP    tcp  --  anywhere             anywhere            tcp flags:ACK,URG/URG 
    INVDROP    tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW 
    
    Chain INVDROP (10 references)
    target     prot opt source               destination         
    DROP       all  --  anywhere             anywhere            
    
    Chain LOCALINPUT (1 references)
    target     prot opt source               destination         
    ALLOWIN    all  --  anywhere             anywhere            
    DENYIN     all  --  anywhere             anywhere            
    
    Chain LOCALOUTPUT (1 references)
    target     prot opt source               destination         
    ALLOWOUT   all  --  anywhere             anywhere            
    DENYOUT    all  --  anywhere             anywhere            
    
    Chain LOGDROPIN (1 references)
    target     prot opt source               destination         
    DROP       tcp  --  anywhere             anywhere            tcp dpt:bootps 
    DROP       udp  --  anywhere             anywhere            udp dpt:bootps 
    DROP       tcp  --  anywhere             anywhere            tcp dpt:bootpc 
    DROP       udp  --  anywhere             anywhere            udp dpt:bootpc 
    DROP       tcp  --  anywhere             anywhere            tcp dpt:sunrpc 
    DROP       udp  --  anywhere             anywhere            udp dpt:sunrpc 
    DROP       tcp  --  anywhere             anywhere            tcp dpt:auth 
    DROP       udp  --  anywhere             anywhere            udp dpt:auth 
    DROP       tcp  --  anywhere             anywhere            tcp dpts:epmap:netbios-ssn 
    DROP       udp  --  anywhere             anywhere            udp dpts:epmap:netbios-ssn 
    DROP       tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds 
    DROP       udp  --  anywhere             anywhere            udp dpt:microsoft-ds 
    DROP       tcp  --  anywhere             anywhere            tcp dpt:isakmp 
    DROP       udp  --  anywhere             anywhere            udp dpt:isakmp 
    DROP       tcp  --  anywhere             anywhere            tcp dpt:login 
    DROP       udp  --  anywhere             anywhere            udp dpt:who 
    DROP       tcp  --  anywhere             anywhere            tcp dpt:efs 
    DROP       udp  --  anywhere             anywhere            udp dpt:router 
    LOG        tcp  --  anywhere             anywhere            limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *TCP_IN Blocked* ' 
    LOG        udp  --  anywhere             anywhere            limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *UDP_IN Blocked* ' 
    LOG        icmp --  anywhere             anywhere            limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *ICMP_IN Blocked* ' 
    DROP       all  --  anywhere             anywhere            
    
    Chain LOGDROPOUT (1 references)
    target     prot opt source               destination         
    LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *TCP_OUT Blocked* ' 
    LOG        udp  --  anywhere             anywhere            limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *UDP_OUT Blocked* ' 
    LOG        icmp --  anywhere             anywhere            limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *ICMP_OUT Blocked* ' 
    DROP       all  --  anywhere             anywhere
    when i do: service csf stop
    connections starts working, when i start, it fails to connect, wget..
    "Avoid the Gates of Hell. Use Linux affordable VPS."

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,596
    It is possible that the SELinux services are enabled and blocking the ssh connection (can be either client, server, or both), or the server's /etc/ssh/sshd_config file is not set up properly. If you are trying to ssh into as root, that is disabled by default, otherwise you need a valid user ID on the server to connect as.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  3. #3
    Linux User postcd's Avatar
    Join Date
    Apr 2011
    Posts
    324
    Code:
    [root@pvbvfxby /]# vi /etc/csf/csf.conf
    [root@pvbvfxby /]# vi /etc/selinux/config
    [root@pvbvfxby /]# vi /boot/grub/grub.conf
    [root@pvbvfxby /]# vi /selinux/enforce
    above commands = file not found

    Code:
    [root@pvbvfxby /]# setenforce 0
    setenforce: SELinux is disabled
    [root@pvbvfxby /]# setenforce 1
    setenforce: SELinux is disabled
    [root@pvbvfxby /]# setenforce 0
    setenforce: SELinux is disabled
    cat /etc/ssh/sshd_config | grep -v "#"
    Code:
    Protocol 2
    SyslogFacility AUTHPRIV
    PasswordAuthentication yes
    ChallengeResponseAuthentication no
    GSSAPIAuthentication yes
    GSSAPICleanupCredentials yes
    UsePAM yes
    AcceptEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    AcceptEnv LC_IDENTIFICATION LC_ALL
    X11Forwarding no
    Please any idea?
    "Avoid the Gates of Hell. Use Linux affordable VPS."

  4. #4
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,596
    You need to add this line to /etc/ssh/sshd_config:

    PermitRootLogin yes

    Then restart the sshd service: service sshd restart
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •