Posted by hbhb, 08-01-2013, 02:10 PM | Hi,
I have setup a new server /etc/hosts.allow to allow sshd IP from another IP.
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd: XXX.XX.XX.XX YYY.YY.YY.YY ZZZ.ZZ.ZZ.ZZ
My problem is, I cannot seem to SSH into this server even though I have specifically added the IP above into /etc/hosts.allow
# ssh root@XXX.XX.XX.XX
ssh: connect to host XXX.XX.XX.XX port 22: Connection timed out
This happens only to XXX, but YYY & ZZZ is OK.
How do I fix this?
|
Posted by hbhb, 08-01-2013, 02:16 PM | I have a reason to believe that my server has blocked outgoing port to 22
How do I enable my server to access into port 22?
This server has no special firewall, except iptables
|
Posted by tnhadmin, 08-01-2013, 02:16 PM | You need to check if any other firewall is installed in the server such as iptables, apf or csf.
|
Posted by tnhadmin, 08-01-2013, 02:18 PM | You can check /etc/ssh/sshd_config and check what port is mentioned there.
|
Posted by hbhb, 08-01-2013, 02:53 PM | Ah, I finally found the solution.
It's not /etc/ssh/sshd_config but /etc/sysconfig/iptables
I don't know much about Iptables rules yet, but does anybody knows why there are other server that takes a long time to ssh into?
#ssh root@BB.BB.BBB.B
The authenticity of host 'BB.BB.BBB.B (BB.BB.BBB.B)' can't be established..
[wait 15-20 seconds]
root@BB.BB.BBB.B's password:
How can I get rid of that latency?
Other servers works OK & fast even though I see the authenticity warning.
|
Posted by serve-you, 08-01-2013, 04:13 PM | Long delay usually means it's trying to do a reverse lookup or trying other auth methods first. You can set UseDNS no in your sshd_config & restart sshd to see if that helps. Otherwise check if GSSAPIAuthentication is enabled in sshd_config. You can get more details by using -vv in your ssh command to see wtf it's trying to do.
|
Posted by whmcsguru, 08-03-2013, 03:15 PM | if you're seeing a long delay, try switching out your resolvers.
Change /etc/resolv.conf (the nameserver section) to:
This will alternate between Google and OpenDNS resolvers which haven't changed in years, and provide excellent public dns lookups
|
|
Add to Favourites
Print this Article |