Knowledgebase

SSH & Hosts.allow

Posted by hbhb, 08-01-2013, 02:10 PM
Hi, I have setup a new server /etc/hosts.allow to allow sshd IP from another IP. # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # sshd: XXX.XX.XX.XX YYY.YY.YY.YY ZZZ.ZZ.ZZ.ZZ My problem is, I cannot seem to SSH into this server even though I have specifically added the IP above into /etc/hosts.allow # ssh root@XXX.XX.XX.XX ssh: connect to host XXX.XX.XX.XX port 22: Connection timed out This happens only to XXX, but YYY & ZZZ is OK. How do I fix this?
Posted by hbhb, 08-01-2013, 02:16 PM
I have a reason to believe that my server has blocked outgoing port to 22 How do I enable my server to access into port 22? This server has no special firewall, except iptables
Posted by tnhadmin, 08-01-2013, 02:16 PM
You need to check if any other firewall is installed in the server such as iptables, apf or csf.
Posted by tnhadmin, 08-01-2013, 02:18 PM
You can check /etc/ssh/sshd_config and check what port is mentioned there.
Posted by hbhb, 08-01-2013, 02:53 PM
Ah, I finally found the solution. It's not /etc/ssh/sshd_config but /etc/sysconfig/iptables I don't know much about Iptables rules yet, but does anybody knows why there are other server that takes a long time to ssh into? #ssh root@BB.BB.BBB.B The authenticity of host 'BB.BB.BBB.B (BB.BB.BBB.B)' can't be established.. [wait 15-20 seconds] root@BB.BB.BBB.B's password: How can I get rid of that latency? Other servers works OK & fast even though I see the authenticity warning.
Posted by serve-you, 08-01-2013, 04:13 PM
Long delay usually means it's trying to do a reverse lookup or trying other auth methods first. You can set UseDNS no in your sshd_config & restart sshd to see if that helps. Otherwise check if GSSAPIAuthentication is enabled in sshd_config. You can get more details by using -vv in your ssh command to see wtf it's trying to do.
Posted by whmcsguru, 08-03-2013, 03:15 PM
if you're seeing a long delay, try switching out your resolvers. Change /etc/resolv.conf (the nameserver section) to: This will alternate between Google and OpenDNS resolvers which haven't changed in years, and provide excellent public dns lookups


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
internal server error 500 here (Views: 594)
How to add & assign IP ? (Views: 630)
Site Partially Hacked. Wordpress Issue or Host Issue? (Views: 578)
Building a SAN (Views: 690)
Serious Security Issues at K-Disk.net - Sites getting hacked every day (Views: 613)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.