Impossibile inviare a una delle mie macchine virtuali


0

Ho appena creato 4 VM molto identiche tra loro, ma non sono sicuro del motivo per cui per una VM non sono in grado di ssh da SecureCRT.

Il sistema operativo host è Windows 10 All Four VM come CentOS (due Centos 6.8 e due Centos 7)

Tutti e quattro possono fare ssh l'un l'altro.

Sono bloccato con quello che devo fare per farlo riparare. La porta 22 è aperta su tutte e quattro le macchine virtuali.

Ho provato a fare telnet per ogni IP macchina da cmd (windows) e per quello che sta avendo problemi dice: C: \ WINDOWS \ system32> telnet 192.168.1.4 22 Connessione a 192.168.1.4 ... Impossibile aprire la connessione a l'host, sulla porta 22: Connessione non riuscita C: \ WINDOWS \ system32> ssh è sicuramente aperto sull'host, quindi perché visualizzo questo messaggio? -

Confuso e incerto su cosa devo fare per farlo riparare.

[root@agent2 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67
   23  1575 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
   75 11903 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   75 11903 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   75 11903 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    3   252 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
   70 11531 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0           
    0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 27 packets, 3669 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            udp dpt:68
   55  8531 OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDI_public  all  --  enp0s3 *       0.0.0.0/0            0.0.0.0/0           [goto] 
    0     0 FWDI_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDO_public  all  --  *      enp0s3  0.0.0.0/0            0.0.0.0/0           [goto] 
    0     0 FWDO_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDI_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FWDI_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FWDI_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDI_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDO_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FWDO_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 FWDO_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   66 10104 IN_public  all  --  enp0s3 *       0.0.0.0/0            0.0.0.0/0           [goto] 
    9  1799 IN_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain IN_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   75 11903 IN_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   75 11903 IN_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   75 11903 IN_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain IN_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
    1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 ctstate NEW

Chain IN_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination         
[root@agent2 ~]# 

[root@puppet ~]# ss -lntp
State       Recv-Q Send-Q                                       Local Address:Port                                         Peer Address:Port 
LISTEN      0      5                                                       :::5666                                                   :::*      users:(("nrpe",3398,5))
LISTEN      0      5                                                        *:5666                                                    *:*      users:(("nrpe",3398,4))
LISTEN      0      128                                                     :::111                                                    :::*      users:(("rpcbind",1454,11))
LISTEN      0      128                                                      *:111                                                     *:*      users:(("rpcbind",1454,8))
LISTEN      0      128                                                     :::80                                                     :::*      users:(("httpd",2095,4),("httpd",2122,4),("httpd",2123,4),("httpd",2124,4),("httpd",2125,4),("httpd",2126,4),("httpd",2127,4),("httpd",2128,4),("httpd",2129,4),("httpd",2130,4),("httpd",3148,4),("httpd",4383,4),("httpd",4716,4))
LISTEN      0      128                                                     :::47316                                                  :::*      users:(("rpc.statd",1525,11))
LISTEN      0      128                                                      *:51796                                                   *:*      users:(("rpc.statd",1525,9))
LISTEN      0      128                                                     :::22                                                     :::*      users:(("sshd",1957,4))
LISTEN      0      128                                                      *:22                                                      *:*      users:(("sshd",1957,3))
LISTEN      0      128                                              127.0.0.1:631                                                     *:*      users:(("cupsd",1580,7))
LISTEN      0      128                                                    ::1:631                                                    :::*      users:(("cupsd",1580,6))
LISTEN      0      100                                                    ::1:25                                                     :::*      users:(("master",2054,13))
LISTEN      0      100                                              127.0.0.1:25                                                      *:*      users:(("master",2054,12))
LISTEN      0      128                                                     :::443                                                    :::*      users:(("httpd",2095,6),("httpd",2122,6),("httpd",2123,6),("httpd",2124,6),("httpd",2125,6),("httpd",2126,6),("httpd",2127,6),("httpd",2128,6),("httpd",2129,6),("httpd",2130,6),("httpd",3148,6),("httpd",4383,6),("httpd",4716,6))
[root@puppet ~]# 

Pubblicare l'output di netstat -lptne iptables -nvLsulla macchina virtuale Linux con SSH non funzionante.
Mark Riddell,

Devo farlo, sono in carica e una volta che mi dirigo, devo fare e incollare la risposta. Quello che ho fatto l'osservatore la scorsa notte è una volta che ho ucciso il demone sshd e riavviato, quindi posso fare ssh a box non funzionante. Questo è solo strano ...
studente

Non ho potuto rispondere così modificato il mio post originale con l'output che hai richiesto.
studente

Hai dimenticato l'output di ss -lntp cui è la versione moderna di netstat -lntp.
MariusMatutiae,

Aggiunto. Ci deve essere qualcosa che mi sta causando per non fare ssh. Questo sta anche mostrando CRITICAL in nagios come connection_refused. È necessario indagare su ciò che sta accadendo. Credo che qualcosa abbia a che fare con il networking. Ma non so nel dettaglio qual è la causa principale.
studente
Utilizzando il nostro sito, riconosci di aver letto e compreso le nostre Informativa sui cookie e Informativa sulla privacy.
Licensed under cc by-sa 3.0 with attribution required.