PDA

View Full Version : cannot login via ssh after installation


sone
16th August 2005, 00:43
hello!

i'm in trouble! i have no idea anymore how to solve the problem - but i can login to the server with a repair-system... i would be really happy if someone could give me a hint why the server is not booting correctly, or which files i could/should edit to solve the problem!

i've installed ISPConfig after I had installed debian sarge. i used this perfect installation instructions. everything was working fine...
but after i did a restart of my vps i'm not able to log in via ssh anymore :eek:

the server is starting and the last thing i'm able to do is to write the password.
the last thing the server is telling me:
"System bootup in progress - please wait"

afterwards nothing happens anymore... it's not possible to ping the server...

i thought that maybe it's a quota related problem... because the only step i did not managed to do was to end the instructions related to quoata:

quotacheck -avugm
quotaon -avug

i was thinking (have to stop this...) that i could do it after finishing the installation, because i'm on a VPS where i'm not able to use "mount" while running the server - if i have to do everything again :( i know now i have to reboot instead...

besides of that, i installed the Courier-IMAP/Courier-POP3 first, and then i removed "courier-imap courier-imap-ssl courier-pop courier-pop-ssl" again, and i repeated the instructions "Postfix/POP3/IMAP" .... after doing "ehlo localhost" everything seems to be fine...

looking foreward...

sone

falko
16th August 2005, 10:20
:confused: Maybe it has to do with your network settings? Go into the repair system and have a look at these.

Tribal-Dolphin
16th August 2005, 12:21
Hello,
You have to modifiy the sshd configuration by editing /etc/ssh/sshd_config.
Replace this line PasswordAuthentication no by this one PasswordAuthentication yes then restart ssh (/etc/init.d/ssh restart).
For me it works, I hope for you too !

sone
16th August 2005, 19:31
hello!

i have changed the sshd_config as mentioned but without success...

the sshd_config of the repairsystem is the same as of the "normal"-system.

of course it eventually has to do with the network settings. but i do not know which exactly could be responsible for the failure. any hints??
i tried to change the hosts file. the format seems to be simple, but i'm confused because in the net there are really different explanations and formats... at least it looks like...

here is my host file:

---

127.0.0.1 qualia localhost localhost.localdomain
85.119.152.64 qualia quale.de qualia.quale.de

---

and here are the last few words my server is telling me at login - then nothing happens...:

---

RSA key fingerprint is .....
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '85.119.152.64' (RSA) to the list of known hosts.

---

maybe the configuration of the setup of the ISPConfig and/or the openssl key genaration has something to do with it?

i think i will reinstall and redo everthing, following the perfect setup instructions again. einmal ist keinmal ;) while repeating may i will learn something...

fastcooler
20th October 2005, 23:45
Hi All,

I have the same problem as Sone, but I haven't find any solution....Anyone may help me please?

Same configuration as Sone:

Debian Sarge 3.1
VPS based on Virtuozzo

I have also installed using Perfect Install Tutorial, but I can't install Quotas too.

Thanks,
Best Regards
Mark

falko
21st October 2005, 01:12
Hi All,

I have the same problem as Sone, but I haven't find any solution....Anyone may help me please?

Same configuration as Sone:

Debian Sarge 3.1
VPS based on Virtuozzo

I have also installed using Perfect Install Tutorial, but I can't install Quotas too.

Thanks,
Best Regards
Mark

Do you get any error messages?

fastcooler
21st October 2005, 01:18
Hi Falko,

no, I didn't receive any error message during installation....

Installation ends and I get a message where i read that ISP Config server is starting.

After some seconds PUTTY lost SSH connection and I can't SSH access anymore: I have to restore backup...

Thanks
Mark

falko
21st October 2005, 01:35
Hi Falko,

no, I didn't receive any error message during installation....

Installation ends and I get a message where i read that ISP Config server is starting.

After some seconds PUTTY lost SSH connection and I can't SSH access anymore: I have to restore backup...

Thanks
Mark
Hm, maybe because of $go_info["server"]["network_config"] in /home/admispconfig/ispconfig/lib/config.inc.php.
You could use a rescue CD and set that variable to 0. Or you do it (before you install ISPConfig) in the file install_ispconfig/config.inc.php.tmp.

fastcooler
21st October 2005, 01:40
Dear Falko,

I'm trying your trick now...I'm installing again...I'll let you know in minutes...I hope that this can solve!

Thanks!
Mark

fastcooler
21st October 2005, 01:53
Dear Falko,

It solved!!!!!

MANY THANKS !!!!!

Now I can play with ISPConfig and use it !

Best Regards
Mark

jopa123
19th February 2007, 05:10
Hello,

I seem to be having this same issue as well as a few others.

I setup per the FC4 perfect setup tute. The only difference is I had to add the Madwifi drivers for my Atheros chipset wireless card. I know wireless is not the way to go for a server, but this is more of a learning box than a working server.

I could then ssh into the box, surf the net, etc. and everything was fine.

Then I installed Ispconfig, The setup seemed to go fine including quota and RSA license.
The only "issue" I had was when it asked for the domain. I have a domain pointed to this server but without Ispconfig up and running, it wouldn't searched and couldn't find it. I entered the external IP address.

After the setup, I had to reset some Madwifi (ifcfg_ath0) settings but now I can surf the net and ping the other boxes on the network from the Linux box. I can also get to the Ispconfig admin panel through https://192.168.2.26:81.

However, I cannot ssh, telnet or even ping the Linux box either from the network or externally. Port 22 is open on the router for that ip, I've triple checked and even rebooted the router.

Per this thread, I checked the password authentication settings in the /etc/ssh/sshd_config and home/admispconfig/ispconfig/lib/config.inc.php files and they are already set to "yes" and "0" respectively.

I do not know how to check my "hosts"

Any ideas? I am a definite rookie with Linux and would greatly appreciate any help.

Oh yea, as for the other issue(s). I cannot boot to a rescue disc. The system seems to hang on the first blue screen (the check media screen?). It did this during install but I worked around it by changing to the default VESA video driver during "text" install. Can't do that with the rescue disc.

Thanks for any input.

till
19th February 2007, 12:18
Please post the ouput of:

netstat -tap

and:

iptables -L

jopa123
19th February 2007, 17:09
Till,

Thanks for the response. I'm at work right now but will check as soon as I get home. Approximately 6:00PM. US central time. (-6 GMT)

jopa123
20th February 2007, 02:37
Hey Till,
Here ya go.

tcp 0 0 *:imaps *:* LIST EN 2188/xinetd
tcp 0 0 *:pop3s *:* LIST EN 2188/xinetd
tcp 0 0 *:mysql *:* LIST EN 2282/mysqld
tcp 0 0 *:pop3 *:* LIST EN 2188/xinetd
tcp 0 0 *:imap *:* LIST EN 2188/xinetd
tcp 0 0 *:sunrpc *:* LIST EN 1873/portmap
tcp 0 0 *:x11 *:* LIST EN 3221/X
tcp 0 0 *:51216 *:* LIST EN 1891/rpc.statd
tcp 0 0 *:81 *:* LIST EN 2606/ispconfig_http
tcp 0 0 192.168.2.26:domain *:* LIST EN 2895/named
tcp 0 0 localhost.localdomai:domain *:* LIST EN 2895/named
tcp 0 0 localhost.localdomain:ipp *:* LIST EN 2133/cupsd
tcp 0 0 localhost.localdomain:5335 *:* LIST EN 2118/mDNSResponder
tcp 0 0 *:smtp *:* LIST EN 7546/master
tcp 0 0 localhost.localdomain:rndc *:* LIST EN 2895/named
tcp 1 1 192.168.2.26:34624 mirror.hiwaay.net:http LAST _ACK -
tcp 0 0 *:x11 *:* LIST EN 3221/X
tcp 0 0 *:http *:* LIST EN 2798/httpd
tcp 0 0 *:ftp *:* LIST EN 2912/proftpd: (acce
tcp 0 0 *:ssh *:* LIST EN 2179/sshd
tcp 0 0 *:https *:* LIST EN 2798/httpd

and

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere

Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere 127.0.0.0/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere

Chain PAROLE (9 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain PUB_IN (4 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:http
PAROLE tcp -- anywhere anywhere tcp dpt:81
PAROLE tcp -- anywhere anywhere tcp dpt:pop3
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:10000
ACCEPT udp -- anywhere anywhere udp dpt:domain
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain PUB_OUT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere


I hope this helps. And I hope it's posted correctly. I don't know how to do screenshots.

thanks again

falko
20th February 2007, 17:39
Is SELinux disabled on the system?

jopa123
20th February 2007, 18:43
Falko,

Not sure. I will check it when I get home.

Just FYI, I never get to a "login" or "username" screen with ssh. I get a "Network error. Connection timed out" message. I don't know if that helps.

thanks again

martinfst
20th February 2007, 20:36
Sounds like a network error. Bad cable? Mixing Full-Duplex and Half-Duplex? Mixing 10Mb and 100Mb? ISP blocking ports (though unlikely in this case)?

jopa123
21st February 2007, 05:17
Hey Falko,

As far as I can tell SEKinux is turned off. I checked through the gui by hitting Desktop > System Settings > Security Level. On the firewall tab, it shows that the firewall is disabled. On the SELinux tab, there is no check mark in the "enable" box. There is a check mark in the "relabel on next reboot" box, tho.

I also VI'd into the /etc/sysconfig/system-config-securitylevel file. There is nothing in there but the word 'disabled'. Other than notations, of course.


martinfst,

It can't be a bad cable since this is wireless. And it's highly unlikely that the ISP is blocking ports since ssh worked before the ISPconfig install.

But you never know. I'm stumped.

Thanks again for the help.

falko
21st February 2007, 23:26
What's in /etc/sysconfig/selinux?
Have you tried to reboot the system?

jopa123
22nd February 2007, 06:27
Other than notations:

SELINUX=disabled

and

SELINUXTYPE=targeted

jopa123
22nd February 2007, 21:30
And I have rebooted.

falko
23rd February 2007, 16:00
Hm...
Did you use the local IP address to connect to SSH?

jopa123
23rd February 2007, 16:41
If by local address you mean 192.168.2.26, then yes. I tried it from the Windows machine. No luck. If by local address you mean 127.0.0.1. I don't think I've tried that. I will this evening.

falko
23rd February 2007, 17:44
If by local address you mean 192.168.2.26, then yes.
Yes, I meant that address.
Everything you posted indicates it should work.
Did you switch off the firewall on your Windows system? Maybe that's the problem?

jopa123
23rd February 2007, 23:49
The firewall is on on both my home Windows machine (same network where the Linux box is) and here at work.

I'm thinking it has to be something in the encryption, ISPConfig firewall, or host files since it was working fine before the install.

The only other option I can think of in my limited knowledge is that somehow my atheros/madwifi/wireless config is setup incorrectly and will not allow pings, etc, to pass through.

Thoughts?

jopa123
24th February 2007, 03:23
This may be another clue. I tried turning off the Windows firewall, I still cannot ping or ssh into the Linux box.

Just for grins. I ssh'd from the Linux box to itself, both through the router (192.168.2.26) and through the localhost (127.0.0.1) both pinged just fine. So I downloaded and installed putty. I can ssh into the box from itself with both IP's. Does that help at all?

thanks again for all of your help.

till
24th February 2007, 10:52
Please post the output of:

iptables -L

If its still the same then your prior post in this thread, its definately not a problem of your linux server. And you used putty as SSH client on windows?

jopa123
24th February 2007, 18:15
I rebooted and here's the iptables -L readout. They seem the same to me. Yes, I am using putty for ssh on all machines involved.

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere

Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere 127.0.0.0/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere

Chain PAROLE (9 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain PUB_IN (4 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:http
PAROLE tcp -- anywhere anywhere tcp dpt:81
PAROLE tcp -- anywhere anywhere tcp dpt:pop3
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:10000
ACCEPT udp -- anywhere anywhere udp dpt:domain
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain PUB_OUT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

If it looks the same to you and it is not the Linux server, I would have to guess that I have 2 other places to look, the Atheros/Madwifi/network configuration or the router.

Does the fact that I can ping and ssh the machine from itself, through the router (192.168.2.26), prove that the router is configured properly?

falko
25th February 2007, 18:47
Can you switch off the firewall and try again? If it still doesn't work, at least we know it's not the firewall.

jopa123
26th February 2007, 00:07
Falko,

Good call! I turned off the firewall and I can ssh from my windows box on the network. Don't know why I didn't think of that. Now what? Do I have to see how the firwewall is configured for ssh?

Thanks again.

till
26th February 2007, 10:16
Do you use the ISPConfig firewall or the firewall of your linux distribution?

jopa123
26th February 2007, 17:31
Till,

It's the ISPConfig firewall. FC4's forewall is turned off. Actuall was never started.

falko
27th February 2007, 17:18
FC4's forewall is turned off.
Can you double-check that there's no other firewall interfering with ISPConfig's firewall?
Is SELinux disabled on your system?

jopa123
27th February 2007, 23:51
falko,

Sorry for the previous mispellings. I really need to learn how to type.

Not sure how to check if selinux is enabled. Here's is my /etc/selinux/config file

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
~
~
~
~
~
"config" 10L, 447C

--------------------------
and here is my /etc/sysconfig/system-config-securitylevel file:


# Configuration file for system-config-securitylevel

--disabled
~
~
~
"/etc/sysconfig/system-config-securitylevel" 3L, 65C

----------

I will try to check via the gui when I get home.

I don't know of any other firewall that could be running outside of FC4 and ISPconfig. Not really sure how to check, tho. I followed the perfect setup to the letter.

falko
28th February 2007, 20:19
Looks ok. :confused: :confused:

jopa123
28th February 2007, 20:37
Falko,

Yea, very confusing. Hey, I'd be glad to PM you access info if you want to look around inside the box. Like I said it's a learning machine.

I know this is not your job, but I'm extremely curious as to what I did wrong.

jopa123
28th February 2007, 20:45
Just a thought. Is it possible that there is some sort of possible conflict with the way the madwifi drivers were written? After the ISPConfig install I had to reinstall the drivers for the wireless card. Just spitballing.

till
28th February 2007, 21:48
Just a thought. Is it possible that there is some sort of possible conflict with the way the madwifi drivers were written? After the ISPConfig install I had to reinstall the drivers for the wireless card. Just spitballing.

I dont think that ISPConfig and madwifi may conflict as ISPConfig does not install any drivers at all and even network configuartion is disbled by default.

jopa123
28th February 2007, 23:17
Till

Yea, I didn't think so. It was a shot in the dark.

One more thing I may not have mentioned. This issue effects the http services as well. I cannot login to the ISPConfig control panel (https://xxx.xx.xxxxx.xxx:81) if the firewall is turned on. So it is not isolated to ssh.

I'm stumped.

falko
1st March 2007, 21:52
I think it could be a conflict with your WLAN card.

jopa123
2nd March 2007, 18:29
Ok guys,

I think I've got it fixed although I'm not sure what was done. But I will try to give some hints here so at least the next person with this problem may have some idea where to look.

I had someone who knows way more than me take a look at this issue. He fixed it by changing some firewall settings.

If I understand it correctly, and I probably do not, the madwifi drivers mask or change the WLAN card designation from eth0 to ath0. The firewall rules were being applied to allow access from certain ports and only from eth0. Nothing else was allowed in including anything coming from ath0. He somehow changed the designation to apply the firewall rules to ath0 and viola.

At least that's my understanding of the workaround.

Now it 's working. Is it correct? I don't know. But at least now I get to play. Thanks again for all of your help. I hope this helps someone else in the future.