Cannot ssh to another host from dreamhost


#1

I have a few dedicated servers as well as shared hosting account at DH. I’ve found that I cannot ssh from dreamhost to my dedicated servers. Is that DH policy?

Since I work over a dynamic IP (usually stays the same for long periods, however) I want a ‘backup’ location I can log into my dedicated servers from…so I dont get firewalled out if my ip changes. Its really a backup to the backup, but would be nice to have.


#2

No you can use SSH to ssh into your dedicated server.

I’ve just tried it and it was okay.

Maybe your dedicated has some restictions about where connections can come from or which user can ssh (ie ROOT is usually disallowed) in it’s ssh.conf file.

I’m using:-

ssh -p xxxxxxx -l yyyyyyyy server.example.com

Where p is the port number that sshd is running on and -l is the username to connect to the server. You can leave out -p if it is standard port 22.


Norm


#3

I have pretty strict iptables on the dedicated servers and it appears that packets from DH are dropped (I checked logs and no sign of ssh activity from DH). I have rules to allow ssh from a few IPs, like this, in iptables:

target prot opt source destination
ACCEPT tcp – my.dh.ip.addr 0.0.0.0/0 tcp dpt:22

So ssh packets from DH should get through ( I have a dedicated IP at DH ). That same rule is used for my work IP and I can login from there no problem.

I’ve quadruple checked the IP numbers. Still no luck.


#4

Perhaps TCP wrappers are being used around sshd.

Do you have a /etc/hosts.allow file (on your dedicated not DreamHost) to allow the IP access?
i.e.
sshd2 : IP or hostname

Or perhaps a /etc/hosts.deny file is specifically denying access to all with

sshd2 : ALL

or most likely

ALL : ALL :slight_smile:

If you have a restrictive /etc/hosts.deny just add in the /etc/hosts.allow as above.


Norm


#5

Are you allowing the machine’s IP address through, or an IP address assigned to one of your domains? You need to allow the main IP address of the machine you’re connecting from.

I assume it works fine if you flush the iptables rules entirely?


#6

I dropped the iptables rules (changed to default ACCEPT inbound packets) on a server we are shutting down. I was able to ssh in from DH to that machine.


http://phpfunk.com