[Novalug] LAN trouble

Jared Scott jared@jaredscott.com
Wed Nov 20 14:56:23 EST 2013


On redhat/centos the yum package for ssh is:

For ssh (client):
yum list openssh

For sshd (server):
yum list openssh-server




On Wed, Nov 20, 2013 at 2:28 PM, Beartooth <beartooth@beartooth.info> wrote:

> On Tue, 19 Nov 2013, greg pryzby wrote:
>
> > It could be something different because connection refused means
> > network is working, but an ssh/iptables issue.
> >   ping IP-ADDRESS-HERE
>
> [btth@Hbsk3 ~]$ ping 192.168.1.124
> PING 192.168.1.124 (192.168.1.124) 56(84) bytes of data.
> >From 192.168.1.105 icmp_seq=1 Destination Host Unreachable
> >From 192.168.1.105 icmp_seq=2 Destination Host Unreachable
> >From 192.168.1.105 icmp_seq=3 Destination Host Unreachable
> >From 192.168.1.105 icmp_seq=4 Destination Host Unreachable
> ^C
> --- 192.168.1.124 ping statistics ---
> 6 packets transmitted, 0 received, +4 errors, 100% packet loss,
> time 5000ms
> pipe 4
> [btth@Hbsk3 ~]$
>
> > If ping works, then it is probably ssh or iptables
> >   ssh -vvvv IP-ADDRESS-HERE
>
> [btth@Hbsk3 ~]$ ssh -vvvv 192.168.1.124
> OpenSSH_6.1p1, OpenSSL 1.0.0-fips 29 Mar 2010
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 50: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to 192.168.1.124 [192.168.1.124] port 22.
> debug1: connect to address 192.168.1.124 port 22: No route to
> host
> ssh: connect to host 192.168.1.124 port 22: No route to host
> [btth@Hbsk3 ~]$
>
> > It is possible that ssh isn't running, or it is getting denied before
> > asking for password.
> >
> > On the machine not accepting the connection, you can check out if
> > iptables is blocking
> >   sudo iptables -L
>
>         Each is refusing the other.
>
>         Btw, this is not a new problem. It's just one I've
> disremembered to ask.
>
>         When incommunicability strikes a pair, I may see either
> connection refused or no route to host. I hadn't realized they
> might be different problems.
>
>         My first response is normally to go to the second
> machine, and run in the other direction.
>
>         If that succeeds, I try again from the first. If that
> fails again, I try ssh back from inside the connection I got in
> the first reversal.
>
>         Iptables gave great long responses (like eight screens)
> on both. I can post one from the machine I'm on now, or email
> myself from the other, or both, if asked.
>
> > If it isn't 'blank' (no rules), the easiest is to turn off the
> > firewall and try again from client
> >   sudo service iptables stop
>
>         Using a gnome-terminal tab in which I'm already root (no
> sudo) I get an odd-looking response:
>
> [root@Hbsk3 ~]# service iptables stop
> Redirecting to /bin/systemctl stop  iptables.service
> [root@Hbsk3 ~]#
>
> > Here is how to allow ssh via iptables and tell if it is allowed
> >
> http://www.thegeekstuff.com/2011/03/iptables-inbound-and-outbound-rules/
>
>         Youchhh! I got less than halfway through that before
> being utterly lost. And I'll have to tackle the one before it, at
> least. I know as much about chains as I do about the love-life of
> the inventors of cuneiform Hittite, or less.
>
>         Is there a site somewhere that explains the thoughts
> first, before it opens the firehose of detail?
>
>         Btw, the broadest band I can get here (and have) is
> cable; FiOS may come, someday ....
>
>         Just now, thanks to something on list today, I tried "yum
> reinstall ssh" Both machines claimed to lack it. I have one of
> them running "yum whatprovides ssh" now.
>
> --
> Beartooth Staffwright, Not Quite Clueless Power User
> Remember I know little (precious little!) of where up is.
>
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20131120/77c5fe62/attachment.htm>


More information about the Novalug mailing list