rnd8273812
Mission Specialist
Mission Specialist
  • 5,562 Views

SSH time out. How to connect to a RHEL 8 instance?

Hello

I have a fresh RHEL 8 installed on VMWare Workstation 15. Network works fine, I can ping both ways but I can't SSH into RHEL. I do ssh user@192.168.1.5 end it's timing out. The SSHD is up and listening on port 22. I can ssh from inside of the machine to another account but never from another host. My question is how to fix it and why logging from outside is disabled by default?

0 Kudos
19 Replies
rnd8273812
Mission Specialist
Mission Specialist
  • 2,589 Views

I can connect using IP address. Can you please explain what is the practical difference between adding a service and opening ssh port (22) using firewall-cmd?

firewall-cmd --zone=public --add-service=ssh

vs 

firewall-cmd --zone=public --add-port=22/tcp

0 Kudos
Scott
Starfighter Starfighter
Starfighter
  • 2,587 Views

In this case, probably not much difference.  The service definitions are stored in /usr/lib/firewalld/services.  Here is /usr/lib/firewalld/services/ssh.xml:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SSH</short>
  <description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description>
  <port protocol="tcp" port="22"/>
</service>

You can see that the only thing that's firewall specific is a tcp port 22, which is what your port example is also adding to the firewall.   However, not every service has as basic firewall needs as sshd.  For example, here is dns.xml:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>DNS</short>
  <description>The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind).</description>
  <port protocol="tcp" port="53"/>
  <port protocol="udp" port="53"/>
</service>

Adding the DNS service will add openings for port 53 UDP [used for queries] and port 53 TCP [used for transfers and dnssec].  Doing this by hand, you'd need to add 2 port rules using the --add-port syntax.  Still more complex, samba.xml:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Samba</short>
  <description>This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful.</description>
  <port protocol="udp" port="137"/>
  <port protocol="udp" port="138"/>
  <port protocol="tcp" port="139"/>
  <port protocol="tcp" port="445"/>
  <module name="nf_conntrack_netbios_ns"/>
</service>

Samba requires a combination of ports, some UDP, some TCP as well as an additional module be loaded for connection tracking.  This would be several add-ports and the additional loading of this module if you were to do it by hand, but --add-service would do all the things defined in this file on your behalf in a single command.

-STM

 

--
Principle Technical Marketing Manager, Red Hat Enterprise Linux
Red Hat Certified Engineer (100-000-264)
rnd8273812
Mission Specialist
Mission Specialist
  • 2,582 Views

Thanks for explanations. I think the connectivity problem is somehow related to VMware and not  RHEL.

0 Kudos
Scott
Starfighter Starfighter
Starfighter
  • 2,580 Views

Very possible.

-STM

--
Principle Technical Marketing Manager, Red Hat Enterprise Linux
Red Hat Certified Engineer (100-000-264)
0 Kudos
varelov
Flight Engineer Flight Engineer
Flight Engineer
  • 2,576 Views


@rnd8273812 wrote:

Hello

... I do ssh user@192.168.1.5 end it's timing out...

... I can ssh from inside of the machine to another account but never from another host. My question is how to fix it and why logging from outside is disabled by default?


Can you explain a bit further on these points I quoted from your post:

- What do you mean by "timing out", has the connection been established?

- And what do you mean by saying "ssh from inside to another account but never from another host"? Are you able to successfully log in from local machine as a different user but not from a remote host?

TCPKeepAlive and AllowUser settings in SSH's config file and networking mode in VMWare may be the things that are stopping you from logging in/having your session time out (if you succesully logged in). Firewall may be the stop gap if your default zone doesn't allow ssh and you haven't made any of your zones active.

0 Kudos
rnd8273812
Mission Specialist
Mission Specialist
  • 2,567 Views


@varelov wrote:

Can you explain a bit further on these points I quoted from your post:

- What do you mean by "timing out", has the connection been established?

No

- And what do you mean by saying "ssh from inside to another account but never from another host"? Are you able to successfully log in from local machine as a different user but not from a remote host?

Host - Windows machine with VMware installed Guest - RHEL I start the Guest, log in and I am able to set up a ssh connection from any account to any other account but not from Host to Guest.

TCPKeepAlive and AllowUser settings in SSH's config file and networking mode in VMWare may be the things that are stopping you from logging in/having your session time out (if you succesully logged in). Firewall may be the stop gap if your default zone doesn't allow ssh and you haven't made any of your zones active.


Firewall rules allow ssh traffic on port 22. It has to be something wrong with VMware. I'll try to reinstall.
0 Kudos
varelov
Flight Engineer Flight Engineer
Flight Engineer
  • 2,559 Views

Have you tried poking a hole through Windows host's firewall?

0 Kudos
rnd8273812
Mission Specialist
Mission Specialist
  • 2,543 Views

vmware-hostd.exe, vmnat.exe, vmware.exe and vmware-authd.exe are allowed.

0 Kudos
rnd8273812
Mission Specialist
Mission Specialist
  • 2,542 Views

This morning I was trying to connect to the console (https://192.168.1.x:9090/) and I was able to log in however I've got disconnected after a few seconds. I run ifconfig and realized that the guest IP has changed. I restarted the router and the host machine and... it works... I can SSH both ways,  can't tell what was wrong but I do apologize for wasting your time.

shubhbhat
Mission Specialist
Mission Specialist
  • 2,523 Views

Actually, you cannot ssh your machine wtih any outside host, because the protocol says both machine should be in same network, then only we can ssh or if the machines are live on internet then also you can ssh.

Shubham Bhatnagar
Linux System Administrator
Paratriangle Technologies
0 Kudos
Join the discussion
You must log in to join this conversation.