How to enable sshd on Fedora 11?

I was making a stupid mistake.

The problem was that I was trying to access the wrong IP address. The IP address was changed by DHCP once the machine had rebooted, and I kept trying to access the old IP address.

This is the reason why the local SSH connection was working but not remotely. I should have run ifconfig earlier to check the IP address.

There should be only 2 steps to this:

• Enable sshd as a trusted service using system-config-firewall
• Start sshd as a service using service sshd start

The second step makes sure that the keys have been generated. SELinux does not need to be touched at all.

1 Disable firewall to host (only long enough to verify it isn't the firewall

2 Open a terminal, su into the root user, and type /etc/init.d/sshd start This will atleast give you whatever errors you may be seeing. Hopefully it'll acknowledge the start

3 Enable firewall Verify that the firewall isn't the problem by connecting from remote host

Any errors from this, if you post, we might all be able to help.

You may notice in step 2 that the computer is generating your keys, which may have not been done sooner. This would explain why it wasn't working earlier. If it didn't create the keys, that means that they were previously generated and you're O.K.

SELinux is not the problem here. Do not disable SELinux or set it in permissive mode. There is absolutely no reason to do so. My laptop has been running F11 since the beginning of April with SELinux in enforcing mode without any problems.

SELinux only becomes a problem when you have manually created keys and placed them in /etc/ssh, for example, but since that is not the problem, leave SELinux alone.

Fedora does not have very bizarre hosts.deny rules, like for example Arch does, nor does it block ssh in iptables by default.

Please post the output of /var/log/secure and /var/log/messages around the time you are trying to start sshd and I'll see if I can help you out.

Ennable SSHD using this command systemctl enable sshd.service

su -
systemctl enable sshd.service
systemctl start sshd.service

You most likely have selinux running; recent Fedora installations enable this by default, with a pretty restrictive set of policies.

To make sure it was configured and running:

chkconfig --list sshd
service sshd status

Once I knew it was running, I checked to make sure that it would come up at boot time. Next, to get it working, I added the following rule to /etc/sysconfig/iptables:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

Then I restarted iptables, using:

service iptables restart

I had also disabled SELINUX by editing /etc/selinux/config and setting:

SELINUX=disabled

I may have rebooted to be sure. Those are the steps taken to get remote SSH logins.

NOTE: I have configured sshd.conf to NOT allow root logins. Double check your current sshd.conf file for that setting if you trying to login as root user. It's not really advisable to permit root to login remotely for security reasons.

You might also want to check your hosts.deny and hosts.allow files in /etc. In some distributions, these are set by default to block all connections from external sources but allow any connections from the local machine. This may be why you are able to connect locally but not from a remote system.

If hosts.deny has the "ALL: *" or maybe "ALL: PARANOID" line present and uncommented then this will be rejecting all connections from outside sources not explicitly allowed in the hosts.allow file. This is the default state in some distributions as it helps lock down the system from outside tampering right from start. If the file has nothing but comments this isn't the problem.

Assuming the "ALL: PARANOID" line is present in hosts.deny and you leave it alone, to enable ssh connections from a specific source you would need to add a "sshd: " line to your hosts.allow file. can be a specific IP, FQDN or a wildcarded version (i.e. sshd: 192.168.0.* or *.mydomain.net). This file typically has an "ALL: 127.0.0.1" line in it allowing any type of connection from the local machine which is why ssh may be working from the local machine but not from an external machine.

Some debugging approaches:

Have you verified that sshd is actually running. e.g. ps aux|grep sshd and netstat -nltp|grep 22 (as root)

Assuming sshd is running we want to see the network traffic and what is happening in the server's sshd process and the client ssh process:

1. Can you ssh to the host from loclhost?

2. Turn up the ssh logging in /etc/ssh/sshd_config and check the logs.

3. tcpdump -i any tcp dst port 22 and src host <ssh_client_ip/host> on server host

4. tcpdump -i any tcp dst port 22 and dst host <ssh_server_ip/host> on client host

5. Attach strace -F -p <listening sshd process pid> to the listening instance of sshd on the server and see what is happening.

6. ssh into the server, running the client from strace, i.e. strace ssh <user>@<host> and see what is happening

Also stop the sshd service on the server and run the sshd daemon from the command line in debug mode. e.g.:

service sshd stop;pkill sshd

sshd -d3

or

service sshd stop;pkill sshd

strace sshd -d3.

The -d3 runs sshd with a high debug level and stops it detaching/forking. I.e. it will be the only instance running and the output should go to your terminal

You might also want to use the -oLogLevel=DEBUG on the client command line to make it noisier.

If you are using keys for auth check the dir that your keys are in e,g, ~/.ssh hace sufficiently private perms. e.g chown -R ${USERID}. .sshd; chmod -R 700 .sshd.