My Centos 4.1 only accept connections from localhost, my file conf is default. error: ssh: connect to host 192.168.1.78 port 22: No route to host thanks
On Tue, 25 Oct 2005, Mauricio Merlin wrote:> My Centos 4.1 only accept connections from localhost, my file conf > is default. > > error: ssh: connect to host 192.168.1.78 port 22: No route to hostI can't recall if RHEL/CentOS compiles OpenSSH against libwrap, but my gut tells me that your /etc/hosts.{allow,deny} files need tweaking. -- Paul Heinlein <> heinlein at madboa.com <> madboa.com
On 10/25/05, Mauricio Merlin <mauricio at cimed.ind.br> wrote:> My Centos 4.1 only accept connections from localhost, my file conf is > default. > error: ssh: connect to host 192.168.1.78 port 22: No route to host > >Have you checked your iptables rules? -- Jim Perrin System Administrator - UIT Ft Gordon & US Army Signal Center
Based on your question, I'll consider that you're pretty much using a standard iptables config. edit /etc/sysconfig/iptables Add the following line, somewhere in the middle - it allows inbound connections to TCP port 22: -A RH-Firewall-1-INPUT -p tcp --dport 22 -j ACCEPT If you want to restrict access to a single IP address try this, - it allows inbound connections to port 22 from ip address 1.2.3.4: -A RH-Firewall-1-INPUT -p tcp -s 1.2.3.4/32 --dport 22 -j ACCEPT Then restart iptables /etc/rc.d/init.d/iptables restart; Cheers! -Ben On Tuesday 25 October 2005 09:54, Mauricio Merlin wrote:> My Centos 4.1 only accept connections from localhost, my file conf is > default. > error: ssh: connect to host 192.168.1.78 port 22: No route to host > > > thanks > _______________________________________________ > CentOS mailing list > CentOS at centos.org > lists.centos.org/mailman/listinfo/centos >-- "The best way to predict the future is to invent it." - XEROX PARC slogan, circa 1978
On Tue Oct 25 17:54 , Mauricio Merlin <mauricio at cimed.ind.br> sent:>My Centos 4.1 only accept connections from localhost, my file conf is >default. >error: ssh: connect to host 192.168.1.78 port 22: No route to host > > >thanks >_______________________________________________ >CentOS mailing list >CentOS at centos.org >lists.centos.org/mailman/listinfo/centos >This isn't an SSH problem and it's not a firewall problem either as that would produce a "connection refused" message or similar. You will need to allow incoming SSH connections on the machine to which you are connecting but you don't appear to have got to that stage yet. "No route to host" would indicate that there's a basic network connectivity problem between the two machines in question. Check you can ping the machines from each other, I suspect you can't. Most likely you've got a typo in a netmask or something similar. Charlie
On Tue, 25 Oct 2005 10:54:16 -0700, Benjamin Smith <lists at benjamindsmith.com> wrote:> Based on your question, I'll consider that you're pretty much > using a standard iptables config. > > edit /etc/sysconfig/iptables > > Add the following line, somewhere in the middle - it allows > inbound connections to TCP port 22: > > -A RH-Firewall-1-INPUT -p tcp --dport 22 -j ACCEPT > > If you want to restrict access to a single IP address try this, > it allows inbound connections to port 22 from ip address 1.2.3.4: > > -A RH-Firewall-1-INPUT -p tcp -s 1.2.3.4/32 --dport 22 -j ACCEPT > > Then restart iptables > /etc/rc.d/init.d/iptables restart;If you also wish to throttle new connections to the sshd daemon (a most useful security measure in my opinion) then you can add this to the top of your INPUT chain as well: # sshd new connection attempts throttled to 4/min./IP addr. -A INPUT -p tcp -m tcp -m state -m recent -i eth0 --dport 22 -- state NEW -j DROP --update --seconds 60 --hitcount 4 --name DEFAULT --rsource # Add new sshd connection attempt to recent ip list -A INPUT -p tcp -m tcp -m state -m recent -i eth0 --dport 22 -- state NEW --set --name DEFAULT --rsource You can alter the comparison period and connection rate values by altering the arguments for --seconds and --hitcount appropriately. For example, to permit no more than twelve connections from a single IP address within any five minute period then use --seconds 300 --hitcount 12. Regards, Jim -- *** e-mail is not a secure channel *** mailto:byrnejb.<token>@harte-lyne.ca James B. Byrne Harte & Lyne Limited vox: +1 905 561 1241 9 Brockley Drive fax: +1 905 561 0757 Hamilton, Ontario <token> = hal Canada L8E 3C3