SSH AND FTP ACCESS 2

[rankar]

I just installed a server at our colo, it came up fine but when I went back to the office I was unable to ssh or ftp in to the server. I know that on Solaris you can enable these utlities in /etc/inetd.conf, but I don't know were to make these changes using linux. Can anyone point me in the right direction.

Thanks,
RG

 

[fluid11]

How are you trying to access this server? Is it through the internet, or are you on the same LAN? Check your firewall rules if its across the internet, whether it be iptables/ipchains on the server itself, or a hardware firewall somewhere.

If its not a firewall issue, are the services running right now? Run a "netstat -nat" and look to see if anything is listening on ports 22 and 21, assuming you are using default ports for SSH and FTP.


ChrisP

 

[rankar]

I am on the same LAN, I can't run the netstat -nat remotely obviously because I can't ssh in but I will try this in the morning. What should I expect to see from this command? Also if the server is not using these ports, how and where do I create access to these ports? Another note, I am able to ssh out to another server on our LAN, but I can't ssh in.

Thanks,
RG

 

[fluid11]

It sounds like a firewall issue. If you don't have a hardware firewall blocking your access, then your probably running iptables or ipchains on your server, which is a software firewall. Run "iptables -L" to see if your running iptables. I'm not that familiar with iptables/ipchains since I always use hardware FW's.

Run "netstat -a" on your Windows machine to see what it looks like. The output is very similar to -nat on Linux.


ChrisP

 

[timsr]

Did you copy the identity.pub or allowed password authorization on the server? Ssh will not allow access unless one of the two conditions are met. Also, is sshd running on the remote system? Ssh out does not require the daemon, but ssh in does. For ftp, can you ftp out? It may be that the ftp service is not running.

 

[rankar]

I am going out to our colo now to try these commands, if in fact we do have iptables or ipchains running how do I disable it or reconfigure it to allow ssh and ftp?

Thanks,
RG

 

[rankar]

I ran netstat -nat and the ports for ssh ftp and telnet all are at a LISTEN mode. I also ran the the command iptables -L and the output showed that I am not running iptables. I edited some files in /etc/xinetd/, these files include telnet, ssh, and wu-ftp. Now if I do a ps -ef all the the processes appear to be running. But I still can't get in remotely. I also edited the hosts.allow files to allow ftp, ssh and telnet. Any other suggestion would be much appreciated.
Thanks,

RG

 

[fluid11]

Where can you access the server from via FTP and SSH? Can you access it from another computer on the LAN? If you can, then there is a firewall somewhere that is blocking those ports.

ChrisP

 

[BeejCyr]

Shiva,
Check your xinetd config files. On Redhat Linux they are in the /etc/xinetd.d directory.

Find the appropriate file for your ftp server (wsftpd on some machines) Edit the file and find the line that says disabled = yes change it to no and restart the xinetd daemon.

 

[rankar]

No I can't access it from anywhere, I have to be on a console. I can ssh out to another server on our LAN but I can't get in from anywhere.

Thanks,
RG

 

[rankar]

The daemons are running, and I have edited those files as suggested by BeejCyr. Still no success.

RG

 

[BeejCyr]

rankar
Can you, from the console ftp localhost?

 

[rankar]

I didn't try that, unfortunately this server is at a colo.
I will be out there later today and I will try to ftp localhost. My guess is that I will be able to only because I can ssh out to other servers on our LAN.

RG

 

[BeejCyr]

If you cannot ftp localhost then the ftp deamon is not running or xinetd (inetd) is blocking it. You will need to figure out if your ftp daemon is running as a stand alone service or on an "at need" basis (xinetd controlled).

From here on I refer to the ftp daemon as wsftpd. The filename of your ftp daemon may be different. You can look in your /etc/init.d for a clue as to what its called.

In my expirience the ftp service is usually run "at need". In Redhat, starting several versions ago, they disabled the FTP by default. You have to go into the xinetd.d directory and enable it in the wsftpd config file. (See previous post to Shiva).

If your ftp service is running stand alone (which is a waste if ftp is not one of the primary functions of the server) then you need to be sure its loading on startup. You can check the status with /sbin/chkconfig --list wsftpd

If its not set to load at the runlevel you are currently running at, you can adjust it with the chkconfig utility.

Remember, if you try to run your ftp daemon in a stand alone mode and it has not been configured to do so then it will run until a timeout occurs then shut back down again. You have to also edit the configu file for the daemon and make sure its told to run in the right mode.

 

[rankar]

I have ssh running now thanks for all your help, but I still can't ftp. I did try to ftp localhost and the output is service not available. I edited /etc/hosts.allow and I inserted wuftpd: ALL, then I did a kill -USR2 xinetdpid#.
This process did not work, I am obviously doing something wrong or I have the ftp name wrong. I got the wuftpd from /etc/xinetd.d. there is a file named wu-ftpd. I also checked /etc/init.d but I did not see anything resembling ftp in this directory. All help is appreciated.

Thanks
RG

 

[BeejCyr]

rankar,
Try this:
go to your /etc/xinetd.d directory
edit the wu-ftpd file. IN there is a line that starts with the word "disabled = "
make sure it says "no" after it. Without the quotes.
Then restart the xinetd service and try to connect via localhost.

 

[rankar]

I did do that but I still get connection refused. The error I get in the logs is libwrap refused connection.

Thanks,
RG

 

[BeejCyr]

WHat about your hosts.deny?

I am just curious if you clear it, if that will work.

You might also try (just for testing) putting ALL:ALL in your hosts.allow file.

you might also try specifying the service name as in.wu-ftpd:ALL

 

[rankar]

I have tried wuftpd: ALL wu-ftpd: ALL ftpd: ALL wsftpd: ALL. I just tried in.wu-ftpd: ALL and it still does not work. I'm using kill -USR2 to stop and restart the daemon. Is that the correct syntax? I do have All: ALL specified in the hosts.deny, but if I can get the name correct in the hosts.allow file it should work.

RG

 

[BeejCyr]

You are right about the host.allow, but just to double check that it is the host.allow that is causing the problem, try taking out the all:all in the deny file just to see. If you do that and still can't get in then you know you can stop pulling your hair out and look somwhere else.