How to enable SSH access on a new installed centos 6.3 server

Jason Yu
Jason Yu used Ask the Experts™
on
I installed a new centos server locates on DMZ zone. When I tried to putty it from my desktop on LAN zone, it gives me "Network Error: connection refused" . I am guessing that i need do some configurations for the putty protocol although I have already set up network card configurations. Please advise, thank you. I use IP address on the putty, so there is no dns problem involved here.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2013
Top Expert 2013
Commented:
Allow port 22 (ssh) traffic to pass through your firewall.

Also, make sure that the ssh server daemon sshd is running on CentOS:

/etc/init.d/sshd start
chkconfig sshd on

Author

Commented:
Great, it works now. Thank you very much, woolmilkporc.

But I can't go to internet, even after I disabled the inbuilt firewall.

Do I need check the policies on my cisco PIX 505E firewall?

I tried to ping google.com, it doesn't give me responds.
Most Valuable Expert 2013
Top Expert 2013
Commented:
Do you mean going to Internet (http) from CentOS?

If so, you must open port 80 on the firewall between the DMZ and the outside world for the CentOS host.

If you want to ping Internet hosts you must allow ICMP request/reply packets on that firewall.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
thank you for update, bad thing is my firewall is a Cisco PIX 515E, it doesn't have a GUI setup on my company. I used sonicwall for many years and get accustomed to GUI interface.

If i want to enable GUI on this device, how could I do it? I googled on line and says there is an application called asdm can manage cisco firewall. Do I need install this program or just use the IE to manage it.

please refer my another post at http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_27975801.html    for detail description of the issue, thank you.

Author

Commented:
Yes, I do want to access internet from this CentOS machine. It looks like the firewall blocked the outgoing traffics. Since I can log onto the intranet without any problem.




Do you mean going to Internet (http) from CentOS?

If so, you must open port 80 on the firewall between the DMZ and the outside world for the CentOS host.

If you want to ping Internet hosts you must allow ICMP request/reply packets on that firewall.
Most Valuable Expert 2013
Top Expert 2013
Commented:
Try to get Pix Firewall/Device Manager (PDM).

http://www.cisco.com/cgi-bin/tablebuild.pl/pix

You'll need a CCO Login, however.

Author

Commented:
I am sorry I don't have an account with Cisco, is there somewhere else I can download.

Or just use some commands on CLI to add some policies.

thank you.
Most Valuable Expert 2013
Top Expert 2013
Commented:
This is the CISCO CLI Configuration Guide:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/asacfg72.pdf

This guide applies to the Cisco PIX 500 series security appliances (PIX 515E, PIX 525, and PIX 535) and the Cisco ASA 5500 series security appliances (ASA 5505, ASA 5510, ASA 5520, ASA 5540, and ASA 5550).

And here is more about ASDM:

http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdm/index.htm

Author

Commented:
thank you very much, woolmikporc, I will update this afternoon. have a nice afternoon.

Author

Commented:
Great, I made it working, I can use ASDM to mange my PIX 515e now. wonderful job. Thank you very much woolmilkporc. I really appreciate your help.

if I want to permit the server on DMZ access Internet, is one access rule enough for doing this. Or do I need create other rules.

thank you.
Most Valuable Expert 2013
Top Expert 2013
Commented:
Since the PIX 515 is a stateful firewall opening http (and https if needed) should be sufficient.

Author

Commented:
Good answers and solution.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial