I have a system with centOS 7 installed. And on the second system I have windows 10. Both the machines are connected to private network. Now, I want to access the centOS machine remotely over ssh.
I checked the IP address of my windows machine, and then I edited the
/etc/ssh/sshd_config
file on the centOS system, With the following entries
ListenAddress <Ip_address_of_window_machine>
But when I restart the ssh service using the following command
systemctl restart sshd.service
I get the following error
bind to port 22 on <ip-address> failed. cannot assign requested address
But when I configure entries like this
ListenAddress 0.0.0.0
ListenAddress [::]
it works fine. But I want to bound my ssh to just particular iP-address
The ListenAddress configuration options tells sshd process to bind to a specific network interface on the server. If you want restrict access to a CentOS host then you need to use firewall. Though firewalld is the proper way to go (with zones and so on), old good iptables will do the job:
sudo iptables -A INPUT -p tcp -s a.b.c.d --dport ssh -j ACCEPT
sudo iptables -A INPUT -p tcp --dport ssh -j REJECT
Where a.b.c.d is the ip address of windows hosts.
NOTICE: By configuring firewall over the networks you can easily lock yourself out!
Related
I installed centos 7 and cPanel; disabled/masked firewalld and installed and enabled iptables. As soon as I enabled iptables, I disconnected from WHM and SSH. When I disable iptables in rescue mode, I can connect to server via SSH and WHM.
I checked the rules in /etc/sysconfig/iptables, but there is no any rule that rejects access to SSH or WHM ports.
My next step was to install CSF.
Any idea how to fix it?
The quick solution to get rid of the issue is flushing all the Iptables rules with the command
iptables -F
However since you want to keep the Iptables running you will have to configure it to open the required ports with the command
iptables -A INPUT -p tcp --dport 22 -j ACCEPT --- 22 is for SSH , same way you will have to open other ports.
I have a webapp running on a Raspberry Pi, which is behind a NAT, and I'm trying to make a tunnel to the company's server so that I can access it from the web. Right now I've been able to establish a tunnel using ssh -fN -R 192.168.0.28:54321:localhost:443 username#192.168.0.28 (both the server and the RPi are in the same LAN at the time), and doing curl -k https://192.168.0.28:54321 returns the contents of the webpage hosted in the RPi, but only if I do it from the server. I have set GatewayPorts yes and AllowTcpForwarding yes (which anyway is the default).
It was the firewall on the server blocking the port. ¬¬
To open said port, the command is sudo iptables -I INPUT -p tcp --dport 54321 -j ACCEPT, which says that any connection comming to the TCP port 54321 must be accepted.
Is it possible to access my Apache server from outside the VirtualBox on Google Chrome browser? Its running on CentOS 7 on VirtualBox.
I have tried connecting to the ip address of the CentOS virtual machine but it didn't work. Its using 'Bridged Adapter' networking in the VM settings and i checked the ip address using the 'ip addr' command. Thanks.
Of course you can. Though you need to add a tunnel to allow access to your Centos 7 machine web service from the host machine.
For example, my VM's bridge IP address (the interface that connects to the world) is 192.168.1.38 and its interface is enp0s3. Let's say I'm running the web service on my second interface, enp0s8 with IP 192.168.100.101 on port 8000. Here's how you create the tunnel:
iptables -t nat -A PREROUTING -p tcp -i enp0s3 --dport 80 -j DNAT --to-destination 192.168.100.101:8000
services iptables save
That's it. You should be able to go to your host's Chrome browser and type in the url 192.168.1.38 and be presented with your web service. If it's still not working I'd suggest looking into your iptables rules to see if any is blocking this traffic.
I am not able to access Amazon EC2 instance via ssh as i am behind a firewall.
So, i thought of running ssh on port other than 22, like 80 or 443.
I tried starting Amazon EC2 instance via Web Management Console with following 'user data':
#!/bin/bash -ex
perl -pi -e 's/^#?Port 22$/Port 80/' /etc/ssh/sshd_config
service sshd restart || service ssh restart
The idea being that the above script would execute on instance startup and switch ssh from port 22 to port 80. (Ref: http://alestic.com/2010/12/ec2-ssh-port-80)
But ssh is still not accessible on port 80.
Apparently 'user data' script is not being executed on start up?
I can 'only' start stop instances via Web Management Console, not from command-line (being behind firewall)
Any ideas?
To connect to an AWS instance through ssh from a port different than default 22:
Open the security group of your instance so that it allows connections to that port from the source that you choose (0.0.0.0/0 for any source).
In your instance:
It is a new instance you could use an user-data script like this one:
#!/bin/bash -ex
perl -pi -e 's/^#?Port 22$/Port 443/' /etc/ssh/sshd_config
service sshd restart || service ssh restart
Please note that this only works if you are launching a new instance:
User data scripts and cloud-init directives only run during the first boot cycle when an instance is launched.
If it is not a new Instance, edit the /etc/ssh/sshd_config file adding/changing Port 22 to the port that you want (i.e: Port 443) to connect through ssh and then do service ssh restart and you should be done.
Note: I did this with an Ubuntu instance, with another Linux instances may be slightly different.
The amazon firewall blocks all ports other than 22. You first have to enable port 80/443/whatever.
HOWTO:
Go to "security groups" -> click on the group you chose for your instance, then on the "Inbound" tab.
There you can add your ports.
EDIT: If by chance you also installed apache or some other webserver, port 80 will be used and cannot be used by sshd. I do not know which operating system is installed on your server, but maybe some webserver is already included?
EDIT 2: As per the last comment, it seems nowadays all ports are blocked by default. So you will have to open port 22 if you need it. Wasn't the case eight years ago, but configurations change ;)
Here is what I came up with to run sshd on 443 and 22 having rhel8 on ec2
make sure your security groups allow connection from your network/ip to the desired ports (in my case 22 and 443)
tcp 443 1.2.3.4/32 #allow access to 443 from IP 1.2.3.4
tcp 22 1.2.3.4/32 #allow access to 22 from IP 1.2.3.4
Login to the EC2 and
#install semanage with
sudo yum install -y policycoreutils-python-utils
#delete 443 from http ports
sudo semanage port -d -t http_port_t -p tcp 443
#add 443 to ssh ports
sudo semanage port -m -t ssh_port_t -p tcp 443
Edit /etc/ssh/sshd_config
Port 22
Port 443
Restart sshd
sudo service sshd restart
I've setup a VM on Fedora 17 with KVM and have configured a bridge network for the KVM. Both the host and the VM use manual IP configuration, with the host's IP as 192.168.0.2, the VM's 192.168.0.10.
From the VM I can connect to the host without any problems, but from the host I can't SSH to the VM,even though I still can ping the KVM from the host. Trying to ssh just gives me the result "no route to host".
Oh, I have iptables disabled so I don't think this is the problem of the firewall.
Also ensure that the kernel is configure for ip forwarding:
$ sudo sysctl -a | grep net.ipv4.ip_forward
net.ipv4.ip_forward = 1
It should have a value of 1, not 0. If needed, enable with these commands:
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
There are two ways :
* Using proxy tunnel to create a channel for host from guest :
From guest run following command :
ssh -L 2000:localhost_ip:2000 username#hostip
explore ssh man to get the inside.
* Difficult to setup, but proper configuration while running guest :
follow
http://www.cse.iitd.ernet.in/~prathmesh/random.html#Connecting_qemu_guest_to_real_network