Anyone else with ssh problems after updating?

jclvanier · June 14, 2017, 9:04am

Can you give the output of:
route -n
or
ip route
as root from the client?

adelson.oliveira · June 15, 2017, 12:50am

JCLVanier,

I’ve included LC_ALL=C in both commands as not to have to translate the messages. Today the client is 192.168.0.103 and the server is 192.168.0.100.

# LC_ALL=C route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    600    0        0 wlp0s29u1u3
192.168.0.0     0.0.0.0         255.255.255.0   U     600    0        0 wlp0s29u1u3

# LC_ALL=C ip route
default via 192.168.0.1 dev wlp0s29u1u3 proto static metric 600 
192.168.0.0/24 dev wlp0s29u1u3 proto kernel scope link src 192.168.0.103 metric 600

jclvanier · June 15, 2017, 4:46am

I see nothing wrong here.
Can you access the router’s settings as suggested before?
This might be done via a web interface from your browser. The url might be simply:
http://192.168.0.1

adelson.oliveira · June 15, 2017, 1:33pm

Yes. And I couldn’t find anything about client to client or client to
server configuration on router’s 192.168.0.1 page.

clb · June 15, 2017, 3:37pm

I don’t mean to keep saying the same thing over and over, but you have not confirmed that you have turned off the firewall on both machines and tried to connect. Have you done this? If so and it did not work, check iptables -L and see if it looks like this:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

adelson.oliveira · June 15, 2017, 3:39pm

Isn’t there anything to do with firewall as suggested by CLB? I opened om-control-center=>Network=>Add-network-hosts and found that only 127.0.1.1 was there as localhost. I add the address 192.168.0.101 (today’s address of the other computer) but it did not help. Again at om-cc=>Network-sharing some options are not available for configuration (file or directory not found).

clb · June 15, 2017, 3:41pm

From the command prompt, what does the command iptables -L give you?

adelson.oliveira · June 15, 2017, 3:49pm

iptable -L is attached.iptables-L.txt (2,4 KB)

adelson.oliveira · June 15, 2017, 3:54pm

I checked /var/log/firewalld file. This are two messages that repeats “n” times in this file:

WARNING: INVALID_HELPER: ‘nf_conntrack_netbios_ns’ not available in kernel
ERROR: UNKNOWN_INTERFACE: ‘wlp0s29u1u2’ is not in any zone

the first one appears at another forum (see 1394573 – firewall-config missing kernel feature nf_conntrack_netbios_ns) also related with samba’s configuration and I saw error’s during boot about samba. The second message seems to say that some configuration of zone is necessary in firewalld at om-control-center …

clb · June 15, 2017, 4:19pm

So the output of iptables tells me that a firewall is running. So just for testing purposes, run “systemctl stop firewalld” on both machines and try sshing to see if it works.

adelson.oliveira · June 15, 2017, 5:36pm

CLB,

Yes, after stopping firewalld ssh works again. So what can I change in firewall so that ssh works without disabling firewalld? I guess some network or network sharing configuration at om-cc could help but which one?

Many thanks

adelson.oliveira · June 15, 2017, 6:58pm

Sorry, for not answering in the first place, this happened because I was my cell phone to see the messages and this limits the amount of messages shown…

clb · June 15, 2017, 8:02pm

I currently get these errors when I look at the firewall status.

Jun 15 14:00:03 gizmo firewalld[6812]: WARNING: ‘/sbin/ebtables-restore --noflush’ failed:
Jun 15 14:00:03 gizmo firewalld[6812]: ERROR: COMMAND_FAILED
Jun 15 14:00:03 gizmo firewalld[6812]: WARNING: ‘/sbin/ip6tables-restore -n’ failed:
Jun 15 14:00:03 gizmo firewalld[6812]: WARNING: ‘/sbin/iptables-restore -n’ failed:
Jun 15 14:00:03 gizmo firewalld[6812]: ERROR: COMMAND_FAILED

I have not had time to try and figure out what is wrong to my just have things open right now.

adelson.oliveira · June 15, 2017, 9:35pm

Is it mine a different problem of yours? I’m planning to try some definitions on firewall. First I would choose the firewall area between the following options:
block, dmz, drop, external, home, internal, public, trusted, work
then I would set at om-control-center=>network the ssh for the connection and area.

The point is which option should I use? I guess home or internal, but I’m not sure and what are the consequences.

Anyway, it seems that if this is a recent feature of Openmandriva this distro is getting far from the initial goal of being a beginner friendly distro.

adelson.oliveira · June 15, 2017, 10:00pm

Unsuccessful trials:

configure zone as home for both computers <no help
then, in om-control-center=>network=>add networks I added each other IP address (192.168.0.xxx) <no help as well.

adelson.oliveira · June 15, 2017, 10:15pm

Looking a little deeper, at,

How To Set Up a Firewall Using FirewallD on CentOS 7 | DigitalOcean

I see an example of a “survey” command that in CENTOS 7, for zone home, returns

$ firewall-cmd --zone=home --list-all
output
home
  interfaces: 
  sources: 
  services: dhcpv6-client ipp-client mdns samba-client ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules:

However, here with OMV LX 3.0X, the same command returns two other parameters (target and icmp-block-inversion) and no settings for services at all

$ firewall-cmd --zone=home --list-all
home
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: 
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

As for a beginner friendly distro, wouldn’t it be that some default configurations are left?

adelson.oliveira · June 15, 2017, 11:54pm

Ok! Now ssh is working. I did in both computers,

$ om-control-center=>security=>configure firewall

Then I set the connections to zone = home and allow for the following services:

dhcpv6-client ipp-client mdns samba-client ssh

I won’t mark this as “solving the issue” until I’m sure this is the best solution.

I insist, some update have changed settings here because I did not have this problem a few days ago.
Also, as a beginner friendly distro, this type of configuration (or a better/recomended one) should be the default.

Thanks

raphael · June 16, 2017, 8:21am

Thanks for investigation, if you consider this should be default option, is it possible to open a ticket in bugzilla?

adelson.oliveira · June 16, 2017, 9:40pm

I’m afraid I will not be able to say “this is the default” since I don’t have much experience with this. I really know very few about it. What I did was to look for configurations in the internet but I will try to figure out if this is adequate at least to my needs/opinion.

adelson.oliveira · June 17, 2017, 1:28am

I really know very little about everything in this field. Yesterday, I’ve reset everything with the option “permanent” as to guarantee that the working configuration for zone home would hold for every boot. It did not, the command,

$ firewall-cmd --zone=home --list-all

doesn’t reflect the configuration I want.

But what is weird about this is that the ssh is still working.