Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1180
  • Last Modified:

How to enable SSH access on a new installed centos 6.3 server

I installed a new centos server locates on DMZ zone. When I tried to putty it from my desktop on LAN zone, it gives me "Network Error: connection refused" . I am guessing that i need do some configurations for the putty protocol although I have already set up network card configurations. Please advise, thank you. I use IP address on the putty, so there is no dns problem involved here.
0
Jason Yu
Asked:
Jason Yu
  • 7
  • 5
5 Solutions
 
woolmilkporcCommented:
Allow port 22 (ssh) traffic to pass through your firewall.

Also, make sure that the ssh server daemon sshd is running on CentOS:

/etc/init.d/sshd start
chkconfig sshd on
0
 
Jason YuAuthor Commented:
Great, it works now. Thank you very much, woolmilkporc.

But I can't go to internet, even after I disabled the inbuilt firewall.

Do I need check the policies on my cisco PIX 505E firewall?

I tried to ping google.com, it doesn't give me responds.
0
 
woolmilkporcCommented:
Do you mean going to Internet (http) from CentOS?

If so, you must open port 80 on the firewall between the DMZ and the outside world for the CentOS host.

If you want to ping Internet hosts you must allow ICMP request/reply packets on that firewall.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Jason YuAuthor Commented:
thank you for update, bad thing is my firewall is a Cisco PIX 515E, it doesn't have a GUI setup on my company. I used sonicwall for many years and get accustomed to GUI interface.

If i want to enable GUI on this device, how could I do it? I googled on line and says there is an application called asdm can manage cisco firewall. Do I need install this program or just use the IE to manage it.

please refer my another post at http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_27975801.html    for detail description of the issue, thank you.
0
 
Jason YuAuthor Commented:
Yes, I do want to access internet from this CentOS machine. It looks like the firewall blocked the outgoing traffics. Since I can log onto the intranet without any problem.




Do you mean going to Internet (http) from CentOS?

If so, you must open port 80 on the firewall between the DMZ and the outside world for the CentOS host.

If you want to ping Internet hosts you must allow ICMP request/reply packets on that firewall.
0
 
woolmilkporcCommented:
Try to get Pix Firewall/Device Manager (PDM).

http://www.cisco.com/cgi-bin/tablebuild.pl/pix

You'll need a CCO Login, however.
0
 
Jason YuAuthor Commented:
I am sorry I don't have an account with Cisco, is there somewhere else I can download.

Or just use some commands on CLI to add some policies.

thank you.
0
 
woolmilkporcCommented:
This is the CISCO CLI Configuration Guide:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/asacfg72.pdf

This guide applies to the Cisco PIX 500 series security appliances (PIX 515E, PIX 525, and PIX 535) and the Cisco ASA 5500 series security appliances (ASA 5505, ASA 5510, ASA 5520, ASA 5540, and ASA 5550).

And here is more about ASDM:

http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdm/index.htm
0
 
Jason YuAuthor Commented:
thank you very much, woolmikporc, I will update this afternoon. have a nice afternoon.
0
 
Jason YuAuthor Commented:
Great, I made it working, I can use ASDM to mange my PIX 515e now. wonderful job. Thank you very much woolmilkporc. I really appreciate your help.

if I want to permit the server on DMZ access Internet, is one access rule enough for doing this. Or do I need create other rules.

thank you.
0
 
woolmilkporcCommented:
Since the PIX 515 is a stateful firewall opening http (and https if needed) should be sufficient.
0
 
Jason YuAuthor Commented:
Good answers and solution.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now