I have a server running Ubuntu 20.04 LTS. The firewall (ufw) is disabled and it is accepting incoming ssh connections on port 22. I have a server running RHEL7 set up ages ago and it works fine with outgoing ssh towards the Ubuntu server.
I am now replacing it with RHEL8. Outgoing ssh from the RHEL8 to the legacy RHEL7 server works fine. However, if I try to connect to the Ubuntu server, it hangs after trying to connect. Sample output:
$ ssh -v user@example.com OpenSSH_8.0p1, OpenSSL 1.1.1g FIPS 21 Apr 2020 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: configuration requests final Match pass debug1: re-parsing configuration debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: Connecting to example.com [123.456.712.34] port 22.When I use the same command from the legacy RHEL7 server, the “Connecting to” line is immediately followed by:
debug1: Connection established.This indicates that the problem is at the Ubuntu end, and that Ubuntu is not accepting the call from the newly configured RHEL8 server, but is willing to accept connections from the old RHEL7 server. If we did something special when setting up the RHEL7 server some years ago, it has been lost in the mist of time.
It looks like a firewall issue, but I’ve made sure that ufw is disabled. AFAIK, SELinux (which is installed on both RHEL servers) should not block outgoing connections. Just to make sure, I’ve disabled SELinux, but it makes no difference.
When I examine
/var/log/auth.logon the Ubuntu server, I see “Accepted publickey for user from …” with the IP-address of the RHEL7 server, but no log entry associated with the IP-address the RHEL8 server (which is set up with an identical publickey).However, examining the firewall settings on the RHEL servers reveal a difference. The RHEL7 server produces something when I examine the settings for port 22, while the RHEL8 do not. Outputs:
RHEL7:
$ sudo iptables-save | grep 22 :INPUT ACCEPT [102275:8483105] :PREROUTING ACCEPT [11210340:9163905227] :INPUT ACCEPT [11210340:9163905227] :PREROUTING ACCEPT [11210340:9163905227] -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT $RHEL8
$ sudo iptables-save | grep 22 $So the settings are different.
However, stopping firewalld on the RHEL8 server has no effect …:
$ sudo systemctl stop firewalld $ sudo systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: inactive (dead) since Sat 2020-12-19 14:48:34 CET; 2min 41s ago …After stopping the firewalld, I am still unable do ssh to the Ubuntu server.
Any suggestion for how this can be fixed?
Answer
Attribution
Source : Link , Question Author : Free Radical , Answer Author : Community
