From: unruh@invalid.ca   
      
   On 2013-11-21, Bit Twister  wrote:   
   > On Thu, 21 Nov 2013 11:02:04 -0800 (PST), Karl Dalen wrote:   
   >> I haven't been able to get sshd to work on the Mageia 3.0 set-up   
   >> I can connect locally on the same machine with ssh but from another   
   >> machine on the same LAN it looks like sshd on Mageia does not respond.   
   >   
   > If it works locally, but not external, it is a good bet it is a   
   > firewall problem.   
   >   
   >> This exact same set-up and config files worked to connect to MD 2010   
   >> earlier.   
   >   
   > OH, NO. I hope you are not installing other distribution/release   
   > configuration files. DO NOT do that unless the application release is   
   > the same on both installations.   
      
   If he means the /etc/ssh/* files, it should be fine. AFAIK those files   
   have not changed in quite a while and files from Mandriva 2010 should   
   work fine. If you mean the firewall files, then all bets are off.   
      
   >   
   >> It seems that it does not even respond to "ping" so   
   >> I suspect it could be some firewall related blocking.   
      
   Many systems disable ping response. Sounds like a firewall issue. Look   
   in /var/log/messages for messages from shorewall. Also check   
   /etc/hosts.allow and deny in case you are disabling sshd there.   
      
      
   >   
   > No need to be guessing. Click up a terminal,   
   > su - root   
   > journalctl -fa   
   >   
   > Now start trying your test shots and whatnot.   
   >   
   >> Is there a way to completely disable all firewall related blocking?   
   >   
   > Temporally, yes, you want the clear command, run "man shorewall" to   
   > see it and other arguments.   
      
   service shorewall stop.   
      
   >   
   >> I tried from mcc Security disabling msec and Checking "Allow everything   
   >> to connect" under firewalls but after I exit mcc and restart it   
   >> looks like it does not retain that setting and it shows this option   
   >> unchecked.   
   >   
   > Yup, I have not decided if that is a feature or a bug, but regardless   
   > of current state of the firewall, what you see is normal. You need to   
   > use systemctl to discern the status of a service. A service can be   
   > disabled and be running.   
   >   
   > systemctl status shorewall should show Active even though mcc   
   > shorwall configuration does not show your last setting.   
   >   
   >> How do you truly get rid of any port blocking ?   
   >   
   > Well, the firewall configuration tool you have been using has a   
   > checkbox to Allow All. Set it and see.   
   >   
   >> Are there some config files to edit ?   
   >   
   > You can, I created a shorewall_changes script to munge a clean install   
   > shorewall rules into what I want passed through.   
   >   
   > I poked holes for my house web cams, specific external ssh ip   
   > addresses, and ekiga VOIP/video ports.   
   >   
   >> I'm already running behind a firewall, running on a LAN.   
   >   
   > Yes, but in my stupid opinion, you should be protecting each system   
   > from the rest of whatever is on the LAN.   
      
   Depends on what the threats are. Are there threats from behind the that   
   router running that expernal firewall?   
      
   >   
   >> Another thing, is there any equivalence in Mageia to Madriva:   
   >> "service {process} start|stop|restart"   
   >   
   > Yup,  systemctl start|stop|restart|enable|disable service   
      
   Nice of them to alter the syntax.   
      
   >   
   >> for example: "service network restart" ?   
   >   
   > Yes, systemctl restart network.   
   >   
   >   
   >> That used to be really convenient in Md when you edit various config files.   
   >   
   > Yep, still is.   
   >   
   >> I'm a bit handicapped without sshd working since I need to physically   
   >> be at the machine to do any configuration. Any help would be   
   >> greatly appreciated.   
   >   
   > Go back into the firewall configuration screen in mcc,   
   > hit the check box for ssh.   
   >   
   > From another terminal on mga3, in your user account, NOT root,   
   > test ssh access with the command   
   >  ssh $USER@$(hostname --ip-address)   
   >   
   > That should work, then exit and run   
   >  ssh $USER@$(hostname --fqdn)   
   >   
   > If that works, you should be able to ssh into mga3 with your user   
   > login from any of your other LAN systems.   
   >   
   > When you get into mga3 from the other node, run these commands   
   > su - root   
   > echo $DISPLAY   
   > echo $XAUTHORITY   
   >   
   > Those environment variables should not be null/empty.   
   > your root  $DISPLAY should be something like   
   > DISPLAY=localhost:10.0   
   >   
   > If both variable have values, run   
   >  mcc   
   >   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)