cancel
Showing results for 
Search instead for 
Did you mean: 
rnd8273812
Mission Specialist
Mission Specialist
  • 14.7K Views

SSH time out. How to connect to a RHEL 8 instance?

Hello

I have a fresh RHEL 8 installed on VMWare Workstation 15. Network works fine, I can ping both ways but I can't SSH into RHEL. I do ssh user@192.168.1.5 end it's timing out. The SSHD is up and listening on port 22. I can ssh from inside of the machine to another account but never from another host. My question is how to fix it and why logging from outside is disabled by default?

0 Kudos
20 Replies
rnd8273812
Mission Specialist
Mission Specialist
  • 5,612 Views

I can connect using IP address. Can you please explain what is the practical difference between adding a service and opening ssh port (22) using firewall-cmd?

firewall-cmd --zone=public --add-service=ssh

vs 

firewall-cmd --zone=public --add-port=22/tcp

0 Kudos
Scott
Starfighter Starfighter
Starfighter
  • 5,610 Views

In this case, probably not much difference.  The service definitions are stored in /usr/lib/firewalld/services.  Here is /usr/lib/firewalld/services/ssh.xml:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SSH</short>
  <description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description>
  <port protocol="tcp" port="22"/>
</service>

You can see that the only thing that's firewall specific is a tcp port 22, which is what your port example is also adding to the firewall.   However, not every service has as basic firewall needs as sshd.  For example, here is dns.xml:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>DNS</short>
  <description>The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind).</description>
  <port protocol="tcp" port="53"/>
  <port protocol="udp" port="53"/>
</service>

Adding the DNS service will add openings for port 53 UDP [used for queries] and port 53 TCP [used for transfers and dnssec].  Doing this by hand, you'd need to add 2 port rules using the --add-port syntax.  Still more complex, samba.xml:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Samba</short>
  <description>This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful.</description>
  <port protocol="udp" port="137"/>
  <port protocol="udp" port="138"/>
  <port protocol="tcp" port="139"/>
  <port protocol="tcp" port="445"/>
  <module name="nf_conntrack_netbios_ns"/>
</service>

Samba requires a combination of ports, some UDP, some TCP as well as an additional module be loaded for connection tracking.  This would be several add-ports and the additional loading of this module if you were to do it by hand, but --add-service would do all the things defined in this file on your behalf in a single command.

-STM

 

rnd8273812
Mission Specialist
Mission Specialist
  • 5,605 Views

Thanks for explanations. I think the connectivity problem is somehow related to VMware and not  RHEL.

0 Kudos
Scott
Starfighter Starfighter
Starfighter
  • 5,603 Views

Very possible.

-STM

0 Kudos
varelov
Flight Engineer Flight Engineer
Flight Engineer
  • 5,599 Views


@rnd8273812 wrote:

Hello

... I do ssh user@192.168.1.5 end it's timing out...

... I can ssh from inside of the machine to another account but never from another host. My question is how to fix it and why logging from outside is disabled by default?


Can you explain a bit further on these points I quoted from your post:

- What do you mean by "timing out", has the connection been established?

- And what do you mean by saying "ssh from inside to another account but never from another host"? Are you able to successfully log in from local machine as a different user but not from a remote host?

TCPKeepAlive and AllowUser settings in SSH's config file and networking mode in VMWare may be the things that are stopping you from logging in/having your session time out (if you succesully logged in). Firewall may be the stop gap if your default zone doesn't allow ssh and you haven't made any of your zones active.

0 Kudos
rnd8273812
Mission Specialist
Mission Specialist
  • 5,590 Views


@varelov wrote:

Can you explain a bit further on these points I quoted from your post:

- What do you mean by "timing out", has the connection been established?

No

- And what do you mean by saying "ssh from inside to another account but never from another host"? Are you able to successfully log in from local machine as a different user but not from a remote host?

Host - Windows machine with VMware installed Guest - RHEL I start the Guest, log in and I am able to set up a ssh connection from any account to any other account but not from Host to Guest.

TCPKeepAlive and AllowUser settings in SSH's config file and networking mode in VMWare may be the things that are stopping you from logging in/having your session time out (if you succesully logged in). Firewall may be the stop gap if your default zone doesn't allow ssh and you haven't made any of your zones active.


Firewall rules allow ssh traffic on port 22. It has to be something wrong with VMware. I'll try to reinstall.
0 Kudos
varelov
Flight Engineer Flight Engineer
Flight Engineer
  • 5,582 Views

Have you tried poking a hole through Windows host's firewall?

0 Kudos
rnd8273812
Mission Specialist
Mission Specialist
  • 5,566 Views

vmware-hostd.exe, vmnat.exe, vmware.exe and vmware-authd.exe are allowed.

0 Kudos
rnd8273812
Mission Specialist
Mission Specialist
  • 5,565 Views

This morning I was trying to connect to the console (https://192.168.1.x:9090/) and I was able to log in however I've got disconnected after a few seconds. I run ifconfig and realized that the guest IP has changed. I restarted the router and the host machine and... it works... I can SSH both ways,  can't tell what was wrong but I do apologize for wasting your time.

KV
Cadet
Cadet
  • 2,590 Views

i know this is an old post, but hope this would help -- if your host is running a VMware Workstation and SSH into your VM using VMnet8 (NAT) from the host > make sure you VMnet1 adapter is disabled > restart (disable/enable) VMnet8.

0 Kudos
Join the discussion
You must log in to join this conversation.