I've got CRC running on Windows 11 and I would like to connect there from a RHEL9 VM.
CRC listening on 127.0.0.1:6443
Port forwarding rule created on Win machine to fwd connections on 192.168.1.156 (local intf) to 127.0.0.1:
$ netsh interface portproxy show v4tov4
Listen on ipv4: Connect to ipv4:
Address Port Address Port
192.168.1.156 9000 127.0.0.1 6443
Added rule in firewall to allow connections to port 9000
From the VM:
[test#workstation ~]$ telnet 192.168.1.156 9000
Trying 192.168.1.156...
Connected to 192.168.1.156.
Escape character is '^]'.
Connection closed by foreign host.
[test#workstation ~]$ oc login -u developer -p developer https://192.168.1.156:9000
The server is using a certificate that does not match its hostname: x509: certificate is valid for 10.217.4.1, not 192.168.1.156
You can bypass the certificate check, but any data you send to the server could be intercepted by others.
Use insecure connections? (y/n): y
Error from server (InternalError): Internal error occurred: unexpected response: 412
Any idea on how I can fix this and be able to connect from my VM towards CRC?
thanks
Related
I have a droplet on DigitalOcean with IPv4 and IPv6 enabled. The droplet is behind a digital ocean network firewall with the following rules:
Inbound:
SSH TCP 22 All IPv4, All IPv6
HTTP TCP 80 All IPv4, All IPv6
HTTP TCP 443 All IPv4, All IPv6
Outbound:
ICMP ICMP All IPv4 All IPv6
All TCP TCP All ports All IPv4 All IPv6
All UDP UDP All ports All IPv4
My understanding and expectation is that will block all ssh attempts on ports other than port 22. However when checking the sshd unit in systemd journal. I see the following entries:
2022-12-29 03:00:32 Disconnected from invalid user antonio 43.153.179.44 port 45614 [preauth]
2022-12-29 03:00:32 Received disconnect from 43.153.179.44 port 45614:11: Bye Bye [preauth]
2022-12-29 03:00:31 Invalid user antonio from 43.153.179.44 port 45614
2022-12-29 02:58:37 Disconnected from invalid user desliga 190.129.122.3 port 1199 [preauth]
2022-12-29 02:58:37 Received disconnect from 190.129.122.3 port 1199:11: Bye Bye [preauth]
2022-12-29 02:58:37 Invalid user desliga from 190.129.122.3 port 1199
and many more of these lines, which means the firewall is not blocking ssh connections on ports other than 22.
The following graph shows the number of ssh connections to ports other than 22 in the last hour. The connections are reduced with enabling the Network Filter, but they not diminished.
Could it be that the Network Firewall of DigitalOcean is broken?
What am I missing?
Anyone is seeing the same situation on their infrastructure?
The ports being shown in the log are the remote ports that the connections are coming from on the remote IPs, and not indicating that those ports are listening on your server or through the firewall. The firewall is configured from your description to allow for any remote IP and port to connect to your droplet on local ports 22, 80, and 443.
I have two machine, local host ubuntu, and client centOS 7.
I have added those lines into: /etc/ansible/hosts
[linux]
192.168.122.1
[linux:vars]
ansible_user=user
ansible_password=123456
and changed uncommented 1 line in ansible.cfg:
# uncomment this to disable SSH key host checking
host_key_checking = False
Still when I do:
ansible all -m ping
192.168.122.1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.122.1 port 22: Connection timed out",
unreachable": true
}
what should I do ?
the password and user in hosts file is what i use to log into the other machine
Check your firewalls and selinux. Port 22 is not accepting the connection. It's not a password issue, it's a networking issue.
I am unable to access Linux EC2 instance through SSH or browser-based SSH.
Instance id: i-01a3cdf3b36ff6d4f
Inbound rules:
HTTP TCP 80 0.0.0.0/0
SSH TCP 22 0.0.0.0/0
Outbound rules:
All traffic All All 0.0.0.0/0
Pls check below logs after running command from windows :
ssh -vvv -i "keypair.ppk" ec2-user#ec2-<IP>.ap-south-1.compute.amazonaws.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)>ssh -vvv -i "aws-lfd.pem" ec2-user#ec2-13-234-238-12.ap-south-1.compute.amazonaws.com
OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4
debug3: Failed to open file:C:\\Users\\b.tembhurne/.ssh/config error:2
debug3: Failed to open file:C:\\ProgramData\\ssh/ssh_config error:2
debug2: resolving "ec2-13-234-238-12.ap-south-1.compute.amazonaws.com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to ec2-13-234-238-12.ap-south-1.compute.amazonaws.com [13.234.238.12] port 22.
I checked for config file it does not exist in above location. Do I need to create one manually? If so, What should it look like?
Pls help to resolve this issue.
A Connection timed out indicates that no response was received, which is typically caused by an incorrect network configuration (eg Security Group).
I would recommend that you start by launching a new Amazon EC2 instance in the same subnet, then check whether you can connect. This way, you'll know whether it is a network setting or a problem with the instance.
If that doesn't work, things to check are:
Instance is running Linux (so it can receive SSH requests)
Security Group is permitting inbound access on port 22 (SSH) from your IP address or 0.0.0.0/0
Instance is in a public subnet, which is defined as having a Route Table that points to an Internet Gateway
Your network needs to permit an outbound SSH connection (so try another network, such as home vs work, or tethered via your phone)
We have a proftpd server on an AzureVM configured to use implicit ftps.
Error:
Status: Connecting to myPublicIP:990...
Status: Connection attempt failed with "ECONNREFUSED - Connection refused by > server".
Error: Could not connect to server
Relevant configuration
# /etc/proftpd/proftpd.conf
Port 21
PassivePorts 49152 49190
MasqueradeAddress myPublicIP
# /etc/proftpd/tls.conf
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1 TLSv1.2
TLSCipherSuite AES128+EECDH:AES128+EDH
#TLSOptions NoCertRequest AllowClientRenegotiations UseImplicitSSL EnableDiags
TLSRSACertificateFile /etc/proftpd/ssl/certificate.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/certificate.key
TLSVerifyClient off
TLSRequired on
I have open the following ports in the security group and interface of the virtual machine:
20,21,49152-49190,990,989.
If I do not force the connection through the implicit port, the rest of the connections works perfectly
According to your configuration, you did not enable implicit. If you execute netstat -ant|grep 990, it should return null.
So, if you use port to connect ftp server, you will get the error log.
You could check this link to enable implicit.
<IfModule mod_tls.c>
<VirtualHost 0.0.0.0>
Port 990
TLSEngine on
TLSOptions UseImplicitSSL
</VirtualHost>
</IfModule>
Then you need restart ftp server, service xinetd restart
When you execute netstat -ant|grep 990, you will get like below:
root#shui:~# netstat -ant|grep 990
tcp6 0 0 :::990 :::* LISTEN
I can able to connect postgres from terminal as well as python manage.py dbshell command
But when i'm trying to connect from apache i'm Getting error as follows.
Error : OperationalError: could not connect to server: Permission denied
Is the server running on host "192.168.1.10" and accepting
TCP/IP connections on port 5432?
My listen Address on postgress conf file is 192.168.1.10 Address
pg_hg_cong allowed host all all 192.168.0.0/24 trust
And also selinux turned httpd_can_network_connect_db on
Port is listening on 192.168.1.10:5432 on netstat output.
And database's are storing in /tmp directory
wxrwxrwx. 1 postgres postgres 0 Dec 18 07:40 .s.PGSQL.5432
-rw-------. 1 postgres postgres 50 Dec 18 07:40 .s.PGSQL.5432.lock
Actually I have enabled selinux httpd_can_network_connect_db parameters on db server instead of web server
So issue got solved after enabling httpd_can_network_connect_db on web server