Again ssh connection problem

Hello,
here is the output of the “iptables” -L -n command:

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
INPUT_direct all – 0.0.0.0/0 0.0.0.0/0
INPUT_ZONES all – 0.0.0.0/0 0.0.0.0/0
DROP all – 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
REJECT all – 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
FORWARD_direct all – 0.0.0.0/0 0.0.0.0/0
FORWARD_IN_ZONES all – 0.0.0.0/0 0.0.0.0/0
FORWARD_OUT_ZONES all – 0.0.0.0/0 0.0.0.0/0
DROP all – 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
REJECT all – 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
OUTPUT_direct all – 0.0.0.0/0 0.0.0.0/0

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_FedoraWorkstation all – 0.0.0.0/0 0.0.0.0/0 [goto]
FWDI_FedoraWorkstation all – 0.0.0.0/0 0.0.0.0/0 [goto]

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_FedoraWorkstation all – 0.0.0.0/0 0.0.0.0/0 [goto]
FWDO_FedoraWorkstation all – 0.0.0.0/0 0.0.0.0/0 [goto]

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FWDI_FedoraWorkstation (2 references)
target prot opt source destination
FWDI_FedoraWorkstation_pre all – 0.0.0.0/0 0.0.0.0/0
FWDI_FedoraWorkstation_log all – 0.0.0.0/0 0.0.0.0/0
FWDI_FedoraWorkstation_deny all – 0.0.0.0/0 0.0.0.0/0
FWDI_FedoraWorkstation_allow all – 0.0.0.0/0 0.0.0.0/0
FWDI_FedoraWorkstation_post all – 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp – 0.0.0.0/0 0.0.0.0/0

Chain FWDI_FedoraWorkstation_allow (1 references)
target prot opt source destination

Chain FWDI_FedoraWorkstation_deny (1 references)
target prot opt source destination

Chain FWDI_FedoraWorkstation_log (1 references)
target prot opt source destination

Chain FWDI_FedoraWorkstation_post (1 references)
target prot opt source destination

Chain FWDI_FedoraWorkstation_pre (1 references)
target prot opt source destination

Chain FWDO_FedoraWorkstation (2 references)
target prot opt source destination
FWDO_FedoraWorkstation_pre all – 0.0.0.0/0 0.0.0.0/0
FWDO_FedoraWorkstation_log all – 0.0.0.0/0 0.0.0.0/0
FWDO_FedoraWorkstation_deny all – 0.0.0.0/0 0.0.0.0/0
FWDO_FedoraWorkstation_allow all – 0.0.0.0/0 0.0.0.0/0
FWDO_FedoraWorkstation_post all – 0.0.0.0/0 0.0.0.0/0

Chain FWDO_FedoraWorkstation_allow (1 references)
target prot opt source destination

Chain FWDO_FedoraWorkstation_deny (1 references)
target prot opt source destination

Chain FWDO_FedoraWorkstation_log (1 references)
target prot opt source destination

Chain FWDO_FedoraWorkstation_post (1 references)
target prot opt source destination

Chain FWDO_FedoraWorkstation_pre (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_FedoraWorkstation all – 0.0.0.0/0 0.0.0.0/0 [goto]
IN_FedoraWorkstation all – 0.0.0.0/0 0.0.0.0/0 [goto]

Chain INPUT_direct (1 references)
target prot opt source destination

Chain IN_FedoraWorkstation (2 references)
target prot opt source destination
IN_FedoraWorkstation_pre all – 0.0.0.0/0 0.0.0.0/0
IN_FedoraWorkstation_log all – 0.0.0.0/0 0.0.0.0/0
IN_FedoraWorkstation_deny all – 0.0.0.0/0 0.0.0.0/0
IN_FedoraWorkstation_allow all – 0.0.0.0/0 0.0.0.0/0
IN_FedoraWorkstation_post all – 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp – 0.0.0.0/0 0.0.0.0/0

Chain IN_FedoraWorkstation_allow (1 references)
target prot opt source destination
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
ACCEPT udp – 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED
ACCEPT udp – 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED
ACCEPT udp – 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:65535 ctstate NEW,UNTRACKED
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpts:1025:65535 ctstate NEW,UNTRACKED

Chain IN_FedoraWorkstation_deny (1 references)
target prot opt source destination

Chain IN_FedoraWorkstation_log (1 references)
target prot opt source destination

Chain IN_FedoraWorkstation_post (1 references)
target prot opt source destination

Chain IN_FedoraWorkstation_pre (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination

Best Regards.

myagfedora

I’ve no knowledges, but looks like your machine allows SSH…

Your may also use firewall-cmd --list-all. For me it’s shows:

FedoraWorkstation (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s29u1u2 tun0
  sources: 
  services: dhcpv6-client mdns samba-client ssh
  ports: 1025-65535/udp 1025-65535/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

PS: use this for the long posts:

[details="Summary"]
long posts
[/details]

Hello,
here is the output of " firewall-cmd --list-all":
FedoraWorkstation (active)
target: default
icmp-block-inversion: no
interfaces: enp0s25
sources:
services: dhcpv6-client samba-client ssh
ports: 1025-65535/udp 1025-65535/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
I hope it helps.

Best Regards.

myagfedora

Did your tried this:
Arch Wiki: OpenSSH Troubleshooting

Hello,
I have followed the 7 steps in the checklist of "Arch: Openssh Troubleshooting"till “Connection refused or timeout problem” and still have the same problem.
Now I join the output of " journalctl -xe ":

[details="Summary"]
-- Logs begin at Wed 2019-10-30 18:25:01 CET, end at Mon 2020-01-13 16:09:02 CET. --
Jan 13 15:54:01 piwigoserver.vki.private.eu systemd[3738]: Reached target Sockets.
-- Subject: A start job for unit UNIT has finished successfully
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- A start job for unit UNIT has finished successfully.
-- 
-- The job identifier is 5.
Jan 13 15:54:01 piwigoserver.vki.private.eu systemd[3738]: Reached target Basic System.
-- Subject: A start job for unit UNIT has finished successfully
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- A start job for unit UNIT has finished successfully.
-- 
-- The job identifier is 2.
Jan 13 15:54:01 piwigoserver.vki.private.eu systemd[1]: Started User Manager for UID 0.
-- Subject: A start job for unit user@0.service has finished successfully
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- A start job for unit user@0.service has finished successfully.
-- 
-- The job identifier is 38415.
Jan 13 15:54:01 piwigoserver.vki.private.eu systemd[3738]: Condition check resulted in Sound Service being skipped.
-- Subject: A start job for unit UNIT has finished successfully
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- A start job for unit UNIT has finished successfully.
-- 
-- The job identifier is 12.
Jan 13 15:54:01 piwigoserver.vki.private.eu systemd[3738]: Reached target Main User Target.
-- Subject: A start job for unit UNIT has finished successfully
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- A start job for unit UNIT has finished successfully.
-- 
-- The job identifier is 1.
Jan 13 15:54:01 piwigoserver.vki.private.eu systemd[3738]: Startup finished in 191ms.
-- Subject: User manager start-up is now complete
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- The user manager instance for user 0 has been started. All services queued
-- for starting have been started. Note that other services might still be starting
-- up or be started at any later time.
-- 
-- Startup of the manager took 191657 microseconds.
Jan 13 15:54:01 piwigoserver.vki.private.eu audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jan 13 15:54:01 piwigoserver.vki.private.eu systemd[1]: Started Session 359 of user root.
-- Subject: A start job for unit session-359.scope has finished successfully
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- A start job for unit session-359.scope has finished successfully.
-- 
-- The job identifier is 38516.
Jan 13 15:54:01 piwigoserver.vki.private.eu audit[3735]: USER_START pid=3735 uid=0 auid=0 ses=359 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Jan 13 15:54:01 piwigoserver.vki.private.eu audit[3735]: CRED_REFR pid=3735 uid=0 auid=0 ses=359 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Jan 13 15:54:01 piwigoserver.vki.private.eu CROND[3748]: (root) CMD (/usr/sbin/iptables -I INPUT 1  -p tcp --dport 80 -j ACCEPT )
Jan 13 15:54:01 piwigoserver.vki.private.eu audit: NETFILTER_CFG table=filter family=2 entries=405
Jan 13 15:54:01 piwigoserver.vki.private.eu audit[3735]: CRED_DISP pid=3735 uid=0 auid=0 ses=359 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Jan 13 15:54:01 piwigoserver.vki.private.eu audit[3735]: USER_END pid=3735 uid=0 auid=0 ses=359 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Jan 13 15:54:01 piwigoserver.vki.private.eu systemd[1]: session-359.scope: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- The unit session-359.scope has successfully entered the 'dead' state.
Jan 13 15:54:11 piwigoserver.vki.private.eu systemd[1]: Stopping User Manager for UID 0...
-- Subject: A stop job for unit user@0.service has begun execution
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- A stop job for unit user@0.service has begun execution.
-- 
-- The job identifier is 38618.
Jan 13 15:54:11 piwigoserver.vki.private.eu systemd[3738]: Stopped target Main User Target.
-- Subject: A stop job for unit UNIT has finished
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- A stop job for unit UNIT has finished.
-- 
-- The job identifier is 26 and the job result is done.
Jan 13 15:54:11 piwigoserver.vki.private.eu systemd[3738]: Stopped target Basic System.
-- Subject: A stop job for unit UNIT has finished
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- A stop job for unit UNIT has finished.
-- 
-- The job identifier is 25 and the job result is done.
Jan 13 15:54:11 piwigoserver.vki.private.eu systemd[3738]: Stopped target Paths.
-- Subject: A stop job for unit UNIT has finished
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- A stop job for unit UNIT has finished.
[/details]
Best Regards.

myagfedora

Please, try this ONLY temporary

If this will help, see the post below of this inside a linked topic, for proper repair methods.

PS: Things like [details] (when needed) need to be placed before triple `, not inside:

[details="Summary"]
\```
Some text
\```
[/details]

Hello,
Thanks for your answer.
“setenforce Permissive” did not solved the problem.

Best Regards.

Giuseppe

Please, don’t forget to revert it! setenforce enforcing

Hello,
do I have to understand that my problem will not be solved ?
Best Regards.
myagfedora

Who knows! I’m personally never even used ssh.

In solution of your previous topic (hhlp):

  1. OpenSSH client configuration file ssh_config
  2. OpenSSH daemon configuration file /etc/ssh/sshd_config

Can your recheck this, then?

Or read the all sections, starting from the configuration in Arch Wiki (OpenSSH)?
Just no other ideas left. If only i were able to poke this issue myself…

Please don’t get angry: very stupid questions.
Is the password the right one?
Are you able to login locally on piwigoserver as user giuseppe?
The ip 10.1.4.10 is the IP of the right host you are trying to connect to?

Hello,
yes, I am able to login locally on piwigoserver as user giuseppe.
Yes, the ip 10.1.4.10 is the IP of the right host I am trying to connect to.
I have got this idea:
in order to make a reset of ssh, I would like to make a fresh install.
Can you advice me how to uninstall the current ssh version and of course how to install with dnf ssh.
Best Regards.
myagfedora

Step 1: backup configs in /home (edit: try recreate them from scratch, i meant).

Your may try to reinstall stuff with:

dnf reinstall `dnf list --installed | grep ssh | awk '{print $1}'`

PS: this command above aren’t reinstalls the dependencies of the programs. Your may try to omit the | grep ssh for a full system reinstall. But today for my system it is “Total download size: 1.2 G

Usually I don’t think that reinstalling a package will help. This is not windows, with stuffs in the registry that (hopefully) will be removed uninstalling a program.
Usually the problems are in the user home directory, or in some configuration file. Uninstalling a package doesn’t clean anything in the user home directory, and sometimes the configuration files are preserved also in the case of a reinstallation.

BTW, could you try to issue the ssh command locally?
I mean, on piwigoserver, could you try to to issue ssh giuseppe@localhost ?

In addition, as said by @vits95, if there is nothing private, could you show us the /etc/ssh/sshd_config file?

This shouldn’t have effect… :thinking: Since tcp wrappers was deprecated in F28

Hello,
thanks for your precious help.
Now ssh works fine.
Maybe there was something corrupted in the ssh install.
the fresh install solved the problem. I just used this magic command you mentioned:
dnf reinstall dnf list --installed | grep ssh | awk ‘{print $1}’``

Best Regards.
myagfedora

:face_with_monocle: Be careful with copy and paste there: Command your’d posted shouldn’t work, as it’s misses a ` (Grave accent) after dnf reinstall (before dnf list), and have two unneeded ` (Grave accents) at the end.

"Sources"

:flying_saucer: *Loud laughts form a saucer…*

+1 for this

reinstalling restore ssh directories and file permision:

The OpenSSH server and client require strict permissions:

Both the host and the client should have the following permissions and owners:

  • ~./ssh permissions should be 700
  • ~./ssh should be owned by your account
  • ~/.ssh/authorized_keys permissions should be 600
  • ~/.ssh/authorized_keys should be owned by your account

Client environments should additionally have the following permissions and owners:

  • ~/.ssh/config permissions should be 600
  • ~/.ssh/id_* permissions should be 600

Regards.,

1 Like

Yes @vits95, I’m glad you are happy :slight_smile: The important thing is that @myagfedora resolved his problem.

However, if you have an issue with a configuration file under your home, reinstalling the package doesn’t help, this is guaranteed.

And also system configuration files, sometimes, aren’t removed when you uninstall a package. It depends in what manner the software was packaged (sometimes if you made a change to the original file, it will be renamed configfile.rpmsave when you uninstall the package) and it depends if the configuration uses included files, and probably other things. Or if some files are created during the first run of the software and then unhandled by the package manager, so the old files persist to live around even if you reinstall the package (i.e. mysql/mariadb).

Indeed I wrote: Usually I don’t think that reinstalling a package will help.
Also because, if reinstalling the package solves the issue, you didn’t understand what happened and…

and this issue was closed and resolved but for some strange reason after recovering my machine from a backup […] now I am still not able to ssh to my fedora 31 server

again.

1 Like