I've used CentOS 5 and 6, and have just got a box with CentOS 7. I've switched it to use iptables, as I use that everywhere else. I've done the following:
* reconfigured sshd to accept connections (for the moment) on 22 and NNNN
* "netstat -tulpn | grep NNNN" reports that it's running, and I can ssh -p NNNN localhost fine
* configured iptables to accept connections from my allowed IP addresses (this is the same config I use elsewhere, so fairly confident in it)
* used semanage to allow ssh on port NNN. If I run "semanage port -l | grep ssh", then I get "NNNN, 22", as expected
But when I try connecting from a remote host with "ssh -p NNNN host", the connection times out.
What am I missing please?
Cheers,
Neil
Can't access ssh on non-standard port
Re: Can't access ssh on non-standard port
Post the output of iptables-save
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Can't access ssh on non-standard port
Here it is, with IP addresses changed to XXX and the port number as NNNN
Code: Select all
# Generated by iptables-save v1.4.21 on Fri Nov 14 11:37:39 2014
*filter
:INPUT DROP [19198:2345794]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [690:86864]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -s XX.XX.XX.XX/32 -p tcp -m tcp --dport NNNN -j ACCEPT
-A INPUT -s XX.XX.XX.XX/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s XX.XX.XX.XX/32 -p tcp -m tcp --dport NNNN -j ACCEPT
-A INPUT -s XX.XX.XX.XX/32 -p tcp -m tcp --dport NNNN -j ACCEPT
-A INPUT -s XX.XX.XX.XX/32 -p tcp -m tcp --dport NNNN -j ACCEPT
-A INPUT -s XX.XX.XX.XX/32 -p tcp -m tcp --dport NNNN -j ACCEPT
-A INPUT -s XX.XX.XX.XX/32 -p tcp -m tcp --dport NNNN -j ACCEPT
-A INPUT -s XX.XX.XX.XX/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s XX.XX.XX.XX/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s XX.XX.XX.XX/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s XX.XX.XX.XX/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s XX.XX.XX.XX/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s XX.XX.XX.XX/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
-A INPUT -p icmp -m icmp --icmp-type 13 -j DROP
-A INPUT -p icmp -m icmp --icmp-type 14 -j DROP
-A INPUT -p icmp -j ACCEPT
COMMIT
# Completed on Fri Nov 14 11:37:39 2014
Re: Can't access ssh on non-standard port
Well, turns out that the hosting provider (this is my first box with a new provider) has an additional level of port filtering that I wasn't aware of.
Having ruled out everything else, I emailed their support asking if it was down to them, and it was.
Neil
Having ruled out everything else, I emailed their support asking if it was down to them, and it was.
Neil