Unable to ssh into a linux machine

4

1

I have a Linux machine running Centos 7. I am trying to ssh into the machine using putty or WinScp and unable to do that.

I have opened the ssh port using: sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

I have paled the public key inside the authorized_key file. I have edited the /etc/ssh/sshd_config file and enabled the PublickeyAuthentication.

After that i have restarted the sshd service: systemctl restart sshd.service.

Still, i am not able to reach the servers. I thought it might be an internet connection issues but I am able to go online from the machine. The error i receive from putty upon connection is : Network error: Connection timed out.

What am i missing? how do i fix that issue? Any help would be appreciated. Thank you.

Dany Lavrov

Posted 2017-12-01T20:49:26.467

Reputation: 53

Answers

0

You need to properly troubleshoot the issue - step by step.

  1. is port opened (netstat)
  2. are packets reaching host (tcpdump)
  3. how machine replies; where the reply packets go (tcpdump)
  4. check all firewall rules; it is possible that other rule matches (iptables)
  5. check routing; you may even have multiple routing tables (ip route)

It would be easier to troubleshoot firewall if you could switch it off temporarily but that is not always an option.

Mariusz Zieliński

Posted 2017-12-01T20:49:26.467

Reputation: 161

Please ask additional questions and I will keep updating answer as we go. – Mariusz Zieliński – 2017-12-05T05:00:42.320

After using netstat i saw that the ports hasn't been actually open, I haven't saved the iptables configuration. I ended up changing the ssh port in the sshd_config file end opening the port / saving it in the iptables. – Dany Lavrov – 2017-12-06T00:02:07.513

2

I believe --dport is part of the tcp module and requires the -m tcp option to use it. Full command to accept incoming tcp port 22 would then be: 

sudo iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

mjb2kmn

Posted 2017-12-01T20:49:26.467

Reputation: 526

I have added this rule. It did not change the outcome, still cant connect. – Dany Lavrov – 2017-12-01T21:11:16.423

2

iptables -A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT -m comment --comment "ALLOW ESTABLISHED connections"
iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -j ACCEPT -m comment --comment "ALLOW new SSH connections"

replace venet0 with your networkinterface, like eth0

if it doesn't work, what is the output of netstat -tulpen | grep ':22' or lsof -4 and iptables -L -v -n

-m tcp is not requierd for --dport

FaxMax

Posted 2017-12-01T20:49:26.467

Reputation: 121

Asked: 2017-12-01T20:49:26.467

Viewed: 132 times

Active: 2017-12-04T12:21:04.077