I have setup SSH on many Linux boxes. CentOS 7 seems to be quirky. Putty gets disconnected constantly. I have to wait to reconnect. I have setup many of the time out features expand the time to stay connected. Heartbeat times. What are the recommended setting for SSH. I am behind a Fortinet firewall and don't allow SSH from outisde in. I VPN in to use it.
-
Solved CentOS 7 SSH timeout question
-
Is the SSH port on firewalld open?
systemctl | grep firewallCordially,
Ronnie Wong
Edutainer Manager, ACI Learning [ITPRO]
*if the post has answered the question, mark as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied service, support, or guarantee by ITProTV. -
I am behind a Fortigate 60E firewall. No ports open for WinSCP or SSH. So I disable firewall and selinux. Software caused network abort is what I get.
[michael@CENTOS7WEB ~]$ systemctl | grep firewall
[michael@CENTOS7WEB ~]$ -
I set up the puttygen private and public keys along with change connection keepalives to 5.
-
[root@CENTOS7WEB ~]# who
root pts/0 2018-08-13 10:28 (1
root pts/1 2018-08-13 11:34 (1
root pts/2 2018-08-13 12:00 (1
root pts/3 2018-08-13 11:39 (1
michael pts/4 2018-08-13 12:02 (1
root pts/5 2018-08-13 12:04 (1
root pts/6 2018-08-13 13:16 (1
[root@CENTOS7WEB ~]#How do I get CentOS 7 to remove all accounts no longer active? How can I see why they are still connected. These were all from my VPN connection.
-
I editted the /etc/sysconfig/network-scripts/ifcfg-ensxx file to make the address static instead of DHCP. My Fortinet 60E does DHCP. On my other Linux boxes I did static IP. So I changed it and rebooted.
-
@michael-mckenney said in CentOS 7 SSH timeout question:
I am behind a Fortigate 60E firewall. No ports open for WinSCP or SSH. So I disable firewall and selinux. Software caused network abort is what I get.
Check connectivity. From outside of your fortigate to any other device on the inside network. Does your firewall allow you to make connection through from the outside to the inside.
next. Check if there are more details logged.
ssh -vv username@localhostfrom the SSH server.- If you can get in, this is a firewall issue
- If you're still blocked, then its permissions or a configuration issue.
Cordially,
Ronnie Wong
Edutainer Manager, ACI Learning [ITPRO]
*if the post has answered the question, mark as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied service, support, or guarantee by ITProTV. -
I called Fortinet. I am on 5.6.4. They recommended going to 5.6.5. It could help with the SSh putty issue. We removed a port 22 virtual ip that was not connected to any server. Virtual IPs can cause issues even when not connected to a policy. The web server virtual IPs they recommended using the actual WAN interface instead of any. In 5.6.3 and above, they said if you use any on the VIP interface if can toggle between the two connections. They turned on some routing features that were disabled in a previous version. So tonight, I am going to 5.6.5. 6.02 is out but most of the features are for enterprise networks. I also upgraded the forticlient to the latest version. Ticket still open for testing tomorrow.
I figured the VPN policy would have prevented it. The underlying firmware has bugs that will cause these issues from other areas of the configuration.
-
I upgraded to 5.6.5. Putty and Samba are working fine.
-
@michael-mckenney,
great to hear! Good job tracking down the issue!Cordially,
Ronnie Wong
Edutainer Manager, ACI Learning [ITPRO]
*if the post has answered the question, mark as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied service, support, or guarantee by ITProTV. -
3rd time that a major change to the firmware has done something like this. I wish they had a validation tool that could check our configuration for these issues. In the former release they said to X and this release is Y. The release notes are not enough to go through and check for all the changes that need to be made.
