Solved

How to enable SSH access on a new installed centos 6.3 server

Posted on 2012-12-27
12
1,079 Views
Last Modified: 2012-12-28
I installed a new centos server locates on DMZ zone. When I tried to putty it from my desktop on LAN zone, it gives me "Network Error: connection refused" . I am guessing that i need do some configurations for the putty protocol although I have already set up network card configurations. Please advise, thank you. I use IP address on the putty, so there is no dns problem involved here.
0
Comment
Question by:Jason Yu
  • 7
  • 5
12 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 38724320
Allow port 22 (ssh) traffic to pass through your firewall.

Also, make sure that the ssh server daemon sshd is running on CentOS:

/etc/init.d/sshd start
chkconfig sshd on
0
 

Author Comment

by:Jason Yu
ID: 38724442
Great, it works now. Thank you very much, woolmilkporc.

But I can't go to internet, even after I disabled the inbuilt firewall.

Do I need check the policies on my cisco PIX 505E firewall?

I tried to ping google.com, it doesn't give me responds.
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 38724595
Do you mean going to Internet (http) from CentOS?

If so, you must open port 80 on the firewall between the DMZ and the outside world for the CentOS host.

If you want to ping Internet hosts you must allow ICMP request/reply packets on that firewall.
0
 

Author Comment

by:Jason Yu
ID: 38724618
thank you for update, bad thing is my firewall is a Cisco PIX 515E, it doesn't have a GUI setup on my company. I used sonicwall for many years and get accustomed to GUI interface.

If i want to enable GUI on this device, how could I do it? I googled on line and says there is an application called asdm can manage cisco firewall. Do I need install this program or just use the IE to manage it.

please refer my another post at http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_27975801.html    for detail description of the issue, thank you.
0
 

Author Comment

by:Jason Yu
ID: 38724660
Yes, I do want to access internet from this CentOS machine. It looks like the firewall blocked the outgoing traffics. Since I can log onto the intranet without any problem.




Do you mean going to Internet (http) from CentOS?

If so, you must open port 80 on the firewall between the DMZ and the outside world for the CentOS host.

If you want to ping Internet hosts you must allow ICMP request/reply packets on that firewall.
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 38724670
Try to get Pix Firewall/Device Manager (PDM).

http://www.cisco.com/cgi-bin/tablebuild.pl/pix

You'll need a CCO Login, however.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:Jason Yu
ID: 38724743
I am sorry I don't have an account with Cisco, is there somewhere else I can download.

Or just use some commands on CLI to add some policies.

thank you.
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 38724770
This is the CISCO CLI Configuration Guide:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/asacfg72.pdf

This guide applies to the Cisco PIX 500 series security appliances (PIX 515E, PIX 525, and PIX 535) and the Cisco ASA 5500 series security appliances (ASA 5505, ASA 5510, ASA 5520, ASA 5540, and ASA 5550).

And here is more about ASDM:

http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdm/index.htm
0
 

Author Comment

by:Jason Yu
ID: 38724826
thank you very much, woolmikporc, I will update this afternoon. have a nice afternoon.
0
 

Author Comment

by:Jason Yu
ID: 38725179
Great, I made it working, I can use ASDM to mange my PIX 515e now. wonderful job. Thank you very much woolmilkporc. I really appreciate your help.

if I want to permit the server on DMZ access Internet, is one access rule enough for doing this. Or do I need create other rules.

thank you.
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 38725271
Since the PIX 515 is a stateful firewall opening http (and https if needed) should be sufficient.
0
 

Author Closing Comment

by:Jason Yu
ID: 38727872
Good answers and solution.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Suggested Solutions

1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now