Anyone else with ssh problems after updating?

adelson.oliveira · June 23, 2017, 12:47am

I really would like to have a “reliable” solution to this topic. I don’t. After about a week having everything working fine, today ssh stopped. Tried the configuration above again and didn’t work. Finally, stopped firewalld in both computers and ssh got on again. Then, I started firewalld in both computers and, guess what, ssh keeps working fine.

clb · June 23, 2017, 4:30pm

I can not get the firewall to work as expected. I have tried editing the config by hand and using firewall-config. Neither seem to work. I get the following when checking the status. It may be a bug with the version of firewalld but I would need to investigate more.

systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2017-06-22 10:42:42 CST; 23h ago
Docs: man:firewalld(1)
Main PID: 3828 (firewalld)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/firewalld.service
└─3828 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid --debug=2

Jun 22 10:42:56 gizmo firewalld[3828]: WARNING: ‘/sbin/ebtables-restore --noflush’ failed:
Jun 22 10:42:56 gizmo firewalld[3828]: ERROR: ‘/sbin/iptables-restore -n’ failed:
Jun 22 10:42:56 gizmo firewalld[3828]: ERROR: COMMAND_FAILED
Jun 22 10:43:00 gizmo firewalld[3828]: WARNING: ‘/sbin/ip6tables-restore -n’ failed:
Jun 22 10:43:00 gizmo firewalld[3828]: WARNING: ‘/sbin/iptables-restore -n’ failed:
Jun 22 10:43:00 gizmo firewalld[3828]: ERROR: COMMAND_FAILED
Jun 22 10:43:05 gizmo firewalld[3828]: WARNING: ‘/sbin/ip6tables-restore -n’ failed:
Jun 22 10:43:05 gizmo firewalld[3828]: WARNING: ‘/sbin/iptables-restore -n’ failed:
Jun 22 10:43:05 gizmo firewalld[3828]: ERROR: COMMAND_FAILED

adelson.oliveira · June 24, 2017, 1:28am

If it can help, the status here seems fine. Today, by the way, ssh is working fine.

$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2017-06-23 21:47:10 -03; 40min ago
     Docs: man:firewalld(1)
 Main PID: 5369 (firewalld)
    Tasks: 2 (limit: 4915)
   CGroup: /system.slice/firewalld.service
           └─5369 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

raphael · June 24, 2017, 5:41am

Maybe @bero could help in this field Pinging…

adelson.oliveira · July 1, 2017, 12:09am

Yesterday, computer 1 could ssh computer 2 but the inverse was not possible
Today, computer 2 can ssh computer 1 but the inverse is not possible.

There seems to be more in computer 1 and computer 2 than are dreamt of in …

ben79 · July 1, 2017, 2:42am

File a bug report. Trying to get attention of developers in forum posts is unreliable/iffy. And I’m pretty sure ssh is something that should be working.

bero · July 1, 2017, 8:08am

I don’t use firewalld, I consider it broken by design… Maybe @TPG knows something about it.

ben79 · July 1, 2017, 4:48pm

For illumination what do you use for firewall?

bero · July 1, 2017, 4:49pm

iptables directly.

ben79 · July 1, 2017, 4:58pm

Thanks for information Bero. So that’s:

$ systemctl status ip6tables.service
● ip6tables.service - IPv6 firewall with ip6tables
   Loaded: loaded (/lib/systemd/system/ip6tables.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

$ systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/lib/systemd/system/iptables.service; enabled; vendor preset: enabled)
   Active: inactive (dead)

and we can learn how to use here, here, and here.

There are many other sites on iptables if one does internet search.

adelson.oliveira · July 2, 2017, 12:38am

Something else to learn! By now, I don’t even know what are the differences (firewalld X iptables).

ben79 · July 2, 2017, 12:49am

More homework here and here. So when you get this all figured out you can write or help write the OpenMandriva wiki pages and teach the rest or us!

ben79 · July 2, 2017, 1:07am

Adelson before you get to carried away reading stuff I recommend I should say that I know next to nothing about how firewall services work in OpenMandriva Lx 3. I do know that by default we have:

# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2017-07-01 20:03:51 CDT; 2min 40s ago
     Docs: man:firewalld(1)
 Main PID: 4257 (firewalld)
    Tasks: 2 (limit: 4915)
   CGroup: /system.slice/firewalld.service
           └─4257 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Jul 01 20:03:51 ben79-pc firewalld[4257]: WARNING: '/sbin/ebtables-restore --noflush' failed:
Jul 01 20:03:51 ben79-pc firewalld[4257]: ERROR: COMMAND_FAILED

we also have iptables.service and ip6tables services which are preset to ‘disabled’. Just don’t want to mislead you or anyone else in to thinking I know something when I don’t.

adelson.oliveira · July 2, 2017, 9:59pm

I know even less …

adelson.oliveira · August 25, 2017, 2:25am

Having had little time to deal with this problem, I kept the firewalld up to now.

The news are the fact that, for more than a week, firewalld configurations on ssh in the home zone are working seamlessly!

Maybe some recent update has changed something …

adelson.oliveira · September 8, 2017, 1:33am

It keeps working fine. Whatever the reason why it turn out to work seamlessly, maybe it is time to open a ticket now: