cancel
Showing results for 
Search instead for 
Did you mean: 
rnd8273812 Mission Specialist
Mission Specialist
  • 520 Views

Re: SSH time out. How to connect to a RHEL 8 instance?

I can connect using IP address. Can you please explain what is the practical difference between adding a service and opening ssh port (22) using firewall-cmd?

firewall-cmd --zone=public --add-service=ssh

vs 

firewall-cmd --zone=public --add-port=22/tcp

0 Kudos
Reply
Loading...
Moderator
Moderator
  • 518 Views

Re: SSH time out. How to connect to a RHEL 8 instance?

In this case, probably not much difference.  The service definitions are stored in /usr/lib/firewalld/services.  Here is /usr/lib/firewalld/services/ssh.xml:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SSH</short>
  <description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description>
  <port protocol="tcp" port="22"/>
</service>

You can see that the only thing that's firewall specific is a tcp port 22, which is what your port example is also adding to the firewall.   However, not every service has as basic firewall needs as sshd.  For example, here is dns.xml:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>DNS</short>
  <description>The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind).</description>
  <port protocol="tcp" port="53"/>
  <port protocol="udp" port="53"/>
</service>

Adding the DNS service will add openings for port 53 UDP [used for queries] and port 53 TCP [used for transfers and dnssec].  Doing this by hand, you'd need to add 2 port rules using the --add-port syntax.  Still more complex, samba.xml:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Samba</short>
  <description>This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful.</description>
  <port protocol="udp" port="137"/>
  <port protocol="udp" port="138"/>
  <port protocol="tcp" port="139"/>
  <port protocol="tcp" port="445"/>
  <module name="nf_conntrack_netbios_ns"/>
</service>

Samba requires a combination of ports, some UDP, some TCP as well as an additional module be loaded for connection tracking.  This would be several add-ports and the additional loading of this module if you were to do it by hand, but --add-service would do all the things defined in this file on your behalf in a single command.

-STM

 

--
Principle Technical Marketing Manager, Red Hat Enterprise Linux
Red Hat Certified Engineer (100-000-264)
Reply
Loading...
Highlighted
rnd8273812 Mission Specialist
Mission Specialist
  • 513 Views

Re: SSH time out. How to connect to a RHEL 8 instance?

Thanks for explanations. I think the connectivity problem is somehow related to VMware and not  RHEL.

0 Kudos
Reply
Loading...
Moderator
Moderator
  • 511 Views

Re: SSH time out. How to connect to a RHEL 8 instance?

Very possible.

-STM

--
Principle Technical Marketing Manager, Red Hat Enterprise Linux
Red Hat Certified Engineer (100-000-264)
0 Kudos
Reply
Loading...
Flight Engineer varelov Flight Engineer
Flight Engineer
  • 507 Views

Re: SSH time out. How to connect to a RHEL 8 instance?


@rnd8273812 wrote:

Hello

... I do ssh user@192.168.1.5 end it's timing out...

... I can ssh from inside of the machine to another account but never from another host. My question is how to fix it and why logging from outside is disabled by default?


Can you explain a bit further on these points I quoted from your post:

- What do you mean by "timing out", has the connection been established?

- And what do you mean by saying "ssh from inside to another account but never from another host"? Are you able to successfully log in from local machine as a different user but not from a remote host?

TCPKeepAlive and AllowUser settings in SSH's config file and networking mode in VMWare may be the things that are stopping you from logging in/having your session time out (if you succesully logged in). Firewall may be the stop gap if your default zone doesn't allow ssh and you haven't made any of your zones active.

0 Kudos
Reply
Loading...
rnd8273812 Mission Specialist
Mission Specialist
  • 498 Views

Re: SSH time out. How to connect to a RHEL 8 instance?


@varelov wrote:

Can you explain a bit further on these points I quoted from your post:

- What do you mean by "timing out", has the connection been established?

No

- And what do you mean by saying "ssh from inside to another account but never from another host"? Are you able to successfully log in from local machine as a different user but not from a remote host?

Host - Windows machine with VMware installed Guest - RHEL I start the Guest, log in and I am able to set up a ssh connection from any account to any other account but not from Host to Guest.

TCPKeepAlive and AllowUser settings in SSH's config file and networking mode in VMWare may be the things that are stopping you from logging in/having your session time out (if you succesully logged in). Firewall may be the stop gap if your default zone doesn't allow ssh and you haven't made any of your zones active.


Firewall rules allow ssh traffic on port 22. It has to be something wrong with VMware. I'll try to reinstall.
0 Kudos
Reply
Loading...
Flight Engineer varelov Flight Engineer
Flight Engineer
  • 490 Views

Re: SSH time out. How to connect to a RHEL 8 instance?

Have you tried poking a hole through Windows host's firewall?

0 Kudos
Reply
Loading...
rnd8273812 Mission Specialist
Mission Specialist
  • 474 Views

Re: SSH time out. How to connect to a RHEL 8 instance?

vmware-hostd.exe, vmnat.exe, vmware.exe and vmware-authd.exe are allowed.

0 Kudos
Reply
Loading...
rnd8273812 Mission Specialist
Mission Specialist
  • 473 Views

Re: SSH time out. How to connect to a RHEL 8 instance?

This morning I was trying to connect to the console (https://192.168.1.x:9090/) and I was able to log in however I've got disconnected after a few seconds. I run ifconfig and realized that the guest IP has changed. I restarted the router and the host machine and... it works... I can SSH both ways,  can't tell what was wrong but I do apologize for wasting your time.

Reply
Loading...
shubhbhat Mission Specialist
Mission Specialist
  • 454 Views

Re: SSH time out. How to connect to a RHEL 8 instance?

Actually, you cannot ssh your machine wtih any outside host, because the protocol says both machine should be in same network, then only we can ssh or if the machines are live on internet then also you can ssh.

Shubham Bhatnagar
Linux System Administrator
Paratriangle Technologies
0 Kudos
Reply
Loading...
Join the discussion
You must log in to join this conversation.