CentOS 5 Incoming SFTP

Home » CentOS » CentOS 5 Incoming SFTP
CentOS 11 Comments

Hello,

I have a CentOS 5 box that can reach the internet and can ping to/from all windows system on my home network. The catch is that I can not connect to the box using SSH from any windows machine, though they can easily ping the linux box and vice-versa.

Suggestion of a possible solution would be most appreciated.

Many thanks!

John

11 thoughts on - CentOS 5 Incoming SFTP

  • Is there a firewall running on the Linux machine, and if so, is it allowing tcp port 22 through? Are you able to SSH from other Linux systems on your home network (if there are any) or have you only tried sshing from Windows systems? Is sshd running?

    Barry

  • Barry,

    I will check on firewall, though I have not deliberately activated one. This machine has run for several years without this occurance. I will check on port 22. All other machnes on the LAN are Windows.

    Many thanks for getting back to me.

    John

  • John McKelvey wrote on Mon, 30 Sep 2013 23:27:55 -0400:

    That’s obviously not true or just half of the story. Did you actually try
    *sshing* in? Your title mentions sftp, not ssh. So, what software are you using to connect? I would normally recommend using SCP (and not sftp) with WinSCP. If you do that you can have the sftp subsystem of OpenSSH shut off.

    Kai

  • others have mentioned it as well, it sounds to me like there’s a local firewall (probably iptables) running on the linux box. Although I thought the default in the 5 series of redhat/CentOS was to leave port 22 open. it could also be that you don’t have the SSH daemon turned on/possibly even installed (?)

    I’d make sure you have SSH turned on (from the linux machine, SSH to localhost, telnet localhost 22, ps -ef | grep sshd, service sshd status, chkconfig –list | grep SSH )
    if all that works and looks OK, then try turning off firewall (service iptables stop)
    then try to SSH in from your other machines if that’s ok, then back to the linux machine’s console and do service iptables start iptables -I INPUT -s ${cdir of your lan[1]} -p tcp –dport 22 -j ACCEPT
    service iptables save and I’d think you should be set.

    [1] if your LAN is 192.168.0.0 with a netmask of 255.255.255.0 the CDIR
    would be 192.168.0.0/24, not sure how much you’ve dealt with that. googl will be your friend if you have an odd netmask.

    some of these options may be off, I don’t use CentOS 5 much these days and all I’m putting in here is from memory, so I might be missing some stuff, but I think it’s reasonably close.

  • Surprisingly (to me, anyway), the SSH daemon is off by default in CentOS; you need to ‘chkconfig sshd on’ and ‘service sshd start’ as root in order to be able to SSH in.

    Tony.

    —–Original Message—

  • 2013/10/1 Tony Sweeney

    On default install SSH daemon is turned on, maybe you are using custom spin or customized install cd or kickstart?

  • Hello…

    OK, I have been checking… NSLOOKUP … sees the linux box… Linux box can ping all other boxes on the LAN (they are all windows) as well as internet.

    With firewalls off on both any windows box as well as firewall off on linux box it can not be pinged, much less move files or log on from any of the lAN’s windows boxes. SSHD is running on linux box. Port 22 is open for TCP in IPTABLES.

    John


  • I was thinking that it can be a DNS issue, however you are able to see the Linux box from the Windows machines using NSLOOKUP on the same LAN. What changed before you started to experience this issue, I recall in one of your previous post, you mentioned that “it have been working like this for years”. Did the IP or MAC address of the Linux server changed?

    If the firewall is off on the Linux server and you are still not able to ping it you can check the sysctl.conf or /proc/sys/net/ipv4/icmp_echo_ignore_all. Are there any ACLs on the port that they Linux box is connected to that could be preventing inbound traffic to this server?

  • Is everything on the same subnet or is there some router/firewall device between the linux and windows boxes? It doesn’t make much sense to be able to ping one direction but not the other without some firewall in the way. It also doesn’t make sense to say your
    ‘firewall is off’ in linux and then talk about ports being open in iptables. If your firewall is off, you should just see a policy of ACCEPT in iptables and nothing about ports.

    In any case, if you run tcpdump you should be able to see if the ping packets are reaching the linux box (or tcp port 22 for ssh). If you see packets arriving at the interface but nothing responds, it is probably iptables blocking them. If the packets you send don’t arrive at all, something external is blocking them.

LEAVE A COMMENT