If I were using a Linux ssh client, I would turn on the debug option. Does Putty have a debug window one could look at which might give clues? Does anything appear in the FC6 Linux log files? In FC6 and FC7, /etc/syslog.conf sends authpriv.* to /var/log/secure Is sshd running on FC6? What does "service sshd status" indicate? Please examine /etc/ssh/sshd_config to see how sshd is configured. The paranoid, in me, thinks one might not want to share sshd_config with anyone without proper sanitization. Please look for the following: # Specify names of users who can connect to this sshd. AllowUsers name1 name2 name3 # Is your name on the list? # Specify which port to listen on? Port xyz # Is this the port you are trying to connect to? # Specify the ssh protocols accepted, default was Protocol 2,1 # Maybe someone limited it to ssh protocol 2 Protocol 2 # Maybe Putty is not trying to use the correct protocol? # Specify which interface IP address to listen on, default all ListenAddress 10.0.0.1 # Only allow clients to connect to 10.0.0.1 if above is in.... # Following will prevent password authentication. # One would have to use some other form of authentication. PasswordAuthentication no UsePAM no # -or- UsePAM yes ChallengeResponseAuthentication no # Perhaps one is only allowing pubkeyauthentication If push comes to shove and one couldn't get debug information from Putty and/or log information from FC6, I might resort to wireshark to see if a connection was established or an icmp error was returned when I tried to connect. If a connection is established, ssh will encrypt communication making any further use of Wireshark pointless. Debug information from Putty and/or any log information from FC6 might give us a clue. I am paranoid. Look at the information before sending it to the list to make sure there is nothing, security-wise, the public should not see. On Tue, 2007-06-26 at 21:02 -0700, David Katz wrote: > I'm using Putty under XP to try to login to FC6 but it times out. > > I can ping the external ip from my laptop. > > Here's my iptables --list: > > Chain INPUT (policy ACCEPT) > target prot opt source destination > RH-Firewall-1-INPUT all -- anywhere anywhere > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > RH-Firewall-1-INPUT all -- anywhere anywhere > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain RH-Firewall-1-INPUT (2 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > ACCEPT icmp -- anywhere anywhere icmp any > ACCEPT tcp -- anywhere anywhere tcp > dpt:http flags:SYN,RST,ACK/SYN > ACCEPT tcp -- anywhere anywhere tcp dpt:ssh > flags:SYN,RST,ACK/SYN > ACCEPT esp -- anywhere anywhere > ACCEPT ah -- anywhere anywhere > ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns > ACCEPT udp -- anywhere anywhere udp dpt:ipp > ACCEPT tcp -- anywhere anywhere tcp dpt:ipp > ACCEPT all -- anywhere anywhere state > RELATED,ESTABLISHED > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:xdmcp > ACCEPT udp -- anywhere anywhere state NEW > udp dpt:xdmcp > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:x11 > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:x11-ssh-offset > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:ssh > REJECT all -- anywhere anywhere reject-with > icmp-host-prohibited > > I've tried without the windows firewall. The router is open to port 22 > and nats over to what I think is my workstation (how can I check this?) > > Thanks for any help. > > Note - ultimately I'd like to use X but right now I'm just trying to get > a login prompt. > > > >
Attachment:
signature.asc
Description: This is a digitally signed message part
