Ho appena creato 4 VM molto identiche tra loro, ma non sono sicuro del motivo per cui per una VM non sono in grado di ssh da SecureCRT.
Il sistema operativo host è Windows 10 All Four VM come CentOS (due Centos 6.8 e due Centos 7)
Tutti e quattro possono fare ssh l'un l'altro.
Sono bloccato con quello che devo fare per farlo riparare. La porta 22 è aperta su tutte e quattro le macchine virtuali.
Ho provato a fare telnet per ogni IP macchina da cmd (windows) e per quello che sta avendo problemi dice: C: \ WINDOWS \ system32> telnet 192.168.1.4 22 Connessione a 192.168.1.4 ... Impossibile aprire la connessione a l'host, sulla porta 22: Connessione non riuscita C: \ WINDOWS \ system32> ssh è sicuramente aperto sull'host, quindi perché visualizzo questo messaggio? -
Confuso e incerto su cosa devo fare per farlo riparare.
[root@agent2 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
23 1575 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
75 11903 INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
75 11903 INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
75 11903 INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
3 252 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
70 11531 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 27 packets, 3669 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68
55 8531 OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public all -- enp0s3 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public all -- * enp0s3 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_direct (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDI_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDO_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
66 10104 IN_public all -- enp0s3 * 0.0.0.0/0 0.0.0.0/0 [goto]
9 1799 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public (2 references)
pkts bytes target prot opt in out source destination
75 11903 IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
75 11903 IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
75 11903 IN_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_public_allow (1 references)
pkts bytes target prot opt in out source destination
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW
Chain IN_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
[root@agent2 ~]#
[root@puppet ~]# ss -lntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 5 :::5666 :::* users:(("nrpe",3398,5))
LISTEN 0 5 *:5666 *:* users:(("nrpe",3398,4))
LISTEN 0 128 :::111 :::* users:(("rpcbind",1454,11))
LISTEN 0 128 *:111 *:* users:(("rpcbind",1454,8))
LISTEN 0 128 :::80 :::* users:(("httpd",2095,4),("httpd",2122,4),("httpd",2123,4),("httpd",2124,4),("httpd",2125,4),("httpd",2126,4),("httpd",2127,4),("httpd",2128,4),("httpd",2129,4),("httpd",2130,4),("httpd",3148,4),("httpd",4383,4),("httpd",4716,4))
LISTEN 0 128 :::47316 :::* users:(("rpc.statd",1525,11))
LISTEN 0 128 *:51796 *:* users:(("rpc.statd",1525,9))
LISTEN 0 128 :::22 :::* users:(("sshd",1957,4))
LISTEN 0 128 *:22 *:* users:(("sshd",1957,3))
LISTEN 0 128 127.0.0.1:631 *:* users:(("cupsd",1580,7))
LISTEN 0 128 ::1:631 :::* users:(("cupsd",1580,6))
LISTEN 0 100 ::1:25 :::* users:(("master",2054,13))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",2054,12))
LISTEN 0 128 :::443 :::* users:(("httpd",2095,6),("httpd",2122,6),("httpd",2123,6),("httpd",2124,6),("httpd",2125,6),("httpd",2126,6),("httpd",2127,6),("httpd",2128,6),("httpd",2129,6),("httpd",2130,6),("httpd",3148,6),("httpd",4383,6),("httpd",4716,6))
[root@puppet ~]#
Devo farlo, sono in carica e una volta che mi dirigo, devo fare e incollare la risposta. Quello che ho fatto l'osservatore la scorsa notte è una volta che ho ucciso il demone sshd e riavviato, quindi posso fare ssh a box non funzionante. Questo è solo strano ...
—
studente
Non ho potuto rispondere così modificato il mio post originale con l'output che hai richiesto.
—
studente
Hai dimenticato l'output di
—
MariusMatutiae,
ss -lntp cui è la versione moderna di netstat -lntp.
Aggiunto. Ci deve essere qualcosa che mi sta causando per non fare ssh. Questo sta anche mostrando CRITICAL in nagios come connection_refused. È necessario indagare su ciò che sta accadendo. Credo che qualcosa abbia a che fare con il networking. Ma non so nel dettaglio qual è la causa principale.
—
studente
netstat -lptneiptables -nvLsulla macchina virtuale Linux con SSH non funzionante.