Mailinglist Archive: opensuse (626 mails)

< Previous Next >
Re: [opensuse] trouble with ssh connecting
  • From: Knurpht-openSUSE <knurpht@xxxxxxxxxxxx>
  • Date: Mon, 12 Nov 2018 20:31:54 +0100
  • Message-id: <5980314.E6vXfWJccr@knurpht-hp>
Op maandag 12 november 2018 20:26:50 CET schreef Patrick Shanahan:
* Knurpht-openSUSE <knurpht@xxxxxxxxxxxx> [11-12-18 14:19]:
Op maandag 12 november 2018 20:15:44 CET schreef Patrick Shanahan:
* Patrick Shanahan <paka@xxxxxxxxxxxx> [11-12-18 13:00]:
* Carlos E. R. <robin.listas@xxxxxxxxxxxxxx> [11-12-18 11:16]:
On 12/11/2018 15.32, Peter Suetterlin wrote:
Carlos E. R. wrote:
On 12/11/2018 15.00, Peter Suetterlin wrote:
In my case, it does. Just realized I cannot ssh into my laptop
anymore, and the firewall was blocking.

The reson was that the sshd service configuration for the
firewall,
/etc/sysconfig/SuSEfirewall2.d/services/sshd, was/is part of the
openssh
package, but the latest one doesn't have it anymore (because
SuSEfirewall has been dropped).
Nice move :(

(This is Tumbleweed - don't know how it is on other systems)

Well, in TW you should not be using SuSEfirewll2.

I just continuously updated my installation. I cannot remember
anything
urging me to remove the package and replace it with something
else,
nor was
such a switch done by the updates.....

OK, for real - of course I know about the switch, as I read the
list
here.
But not everyone does.

(And I still think that switch to firewalld was one of the worst
stunts in
opensuse history - but that's another topic)

Oh, I agree. I have migrated two machines to 15.0, a third is
waiting,
and I haven't still done the firewall in any. I fear it.

really doesn't appear too difficult. I have it on three boxes now and
thing I have everything I had with SuSEfirewall2. it's just
different.
there are plenty of examples and instructions on the net. I
successfully
opened ports for kconnectd and vnc and moved ssh. but my server is
still
on 42.2 and SuSEfirewall2. I probably will not change it until I
upgrade
it.

there is an add-on for yast which will make changes for you but not
nearly
as comprehensive and leading as before.

fwiw: Just updated and rebooted a remote tw box w/SuSEfirewall2 and
could
no longer connect. and yast firewall does not work either. ran yast
sysconfig and enabled ssh and had to manually restart SuSEfirewall2 to
re-enable ssh pass thru. and difficult to accomplish giving blind
direction on the phone.

finally got remote access and installed firewalld and switched w/o
further
incidence.

BUT... not good these type of changes w/o any notice and no way to
recover w/o remote assistance. next time the remote aid may not be as
viable and then a loooong trip for very suspect reasons.

yes, this is a RANT, but a NECESSARY RANT.

PAY ATTENTION.

tw is a long term investment.

This would mean you did/do not have the TW Update repo active. That's
where a fixed set of openssl packages were pushed, AFAIK they should be
in later snapshots as well.

I fail to understand your comment, or you failed to read the post ...

I definitely have Tw Updates active and others. I did not fail to connect
for having an incorrect/broken ssh configuration or openssh version. the
update dropped ssh from SuSEfirewall2 config just as Peter noted and
having to reboot the machine for dbus changes, lost connect and could not
regain. THAT IS A PROBLEM and more so for a remote.remote.remote box.
In that case you missed that SuSEfirewall2 is deprecated and not even
available in TW anymore.

--
Gertjan Lettink a.k.a. Knurpht
openSUSE Board Member
openSUSE Forums Team



--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups