Discover Centmin Mod today
Register Now

AlmaLinux cannot ssh login to the VPS.

Discussion in 'System Administration' started by jellday, Dec 18, 2024.

  1. jellday

    jellday Member

    73
    4
    8
    May 31, 2014
    Ratings:
    +9
    Local Time:
    7:18 AM
    1.4.6
    5.5
    I can use putty or other software to login to my VPS, but if I remotely login from one of my other VPSes, it goes wrong.


    Code:
    ssh -p 1023 root@1*.13*.7*.8*
    ssh: connect to host *.*.*.* port 1023: Connection refused
    Passwordauthentication is on. I use the same method via software and it is ok, but not from SSH command line. I am very confused. Please help and thank you in advance.
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,328
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    9:18 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Might be due to CSF Firewall CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS, AlmaLinux, Rocky Linux and reading Getting Started guide step 4 Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS, AlmaLinux, Rocky Linux. When you do the initial install of Centmin Mod, it records your ISP IP and auto whitelists it in CSF Firewall.

    If you're trying to connect to Centmin Mod server from another server, you will need to whitelist the server's IP address as well see CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS, AlmaLinux, Rocky Linux
     
  3. jellday

    jellday Member

    73
    4
    8
    May 31, 2014
    Ratings:
    +9
    Local Time:
    7:18 AM
    1.4.6
    5.5
    I whitelisted my VPS' ip via the command csf -a xxx.xxx.xxx.xxx.

    But I still get the same error while trying to login from that VPS:ssh: connect to host xx.xx.xx.xx port 1023: Connection refused.
     
    Last edited: Dec 20, 2024
  4. eva2000

    eva2000 Administrator Staff Member

    54,328
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    9:18 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You'd have to on VPS your SSH from, also Whitelist via csf -a, the remote server IP you want to connect to seeing as it is not using default port 22 for SSH but port 1023
     
  5. jellday

    jellday Member

    73
    4
    8
    May 31, 2014
    Ratings:
    +9
    Local Time:
    7:18 AM
    1.4.6
    5.5
    I am afraid I may not put it clearly.

    I have an VPS A, with an IP(say 1.1.1.1), newly installed using the 131.00stable. SSH port 1023.
    I have an VPS B, with an IP(say 2.2.2.2), installed six or seven years ago, and updated the centminmod to 131.00stable. SSH port 22.

    I login to VPS A, and can easily ssh to VPS B, without tweaking any settings. But I cannot ssh from VPS B to VPS A.
    On VPS A, I have whitelisted 2.2.2.2 using csf -a 2.2.2.2. And when I ssh from B to A, I did use: "ssh -p 1023 root@1.1.1.1".

    I have checked /etc/csf/csf.allow file and confirmed 2.2.2.2 is added in the end of the file.

    Now, I really don't know where the problem is. Thank you for your time.
     
  6. jellday

    jellday Member

    73
    4
    8
    May 31, 2014
    Ratings:
    +9
    Local Time:
    7:18 AM
    1.4.6
    5.5
    Please help!
     
  7. Max Chan

    Max Chan New Member

    12
    3
    3
    Feb 17, 2020
    internet
    Ratings:
    +9
    Local Time:
    7:18 AM
    1.25.4
    MariaDB 10.6
    have you tried restart or reload csf ? also check the ip maybe its blocklisted of ur vps B is blocklisted on vps A thats why you cant access vps A using vps B
     
  8. duderuud

    duderuud Premium Member Premium Member

    244
    78
    28
    Dec 5, 2020
    The Netherlands
    Ratings:
    +171
    Local Time:
    12:18 AM
    1.25 x
    10.6
    indeed, after a csf -a XXX you have to do a csf -r
     
  9. jellday

    jellday Member

    73
    4
    8
    May 31, 2014
    Ratings:
    +9
    Local Time:
    7:18 AM
    1.4.6
    5.5
    Thanks for the reply. I just did csf-r, and I checked /etc/csf/csf.deny and VPS B 's IP is not blacklisted.

    And I still cannot ssh from VPS B to A. It drives me crazy!!!:cry:
     
  10. eva2000

    eva2000 Administrator Staff Member

    54,328
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    9:18 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    on server 1.1.1.1 run
    Code (Text):
    csf -a 2.2.2.2

    on server 2.2.2.2 run
    Code (Text):
    csf -a 1.1.1.1

    each server needs to whitelist in CSF Firewall the remote server you are connecting to
     
  11. Max Chan

    Max Chan New Member

    12
    3
    3
    Feb 17, 2020
    internet
    Ratings:
    +9
    Local Time:
    7:18 AM
    1.25.4
    MariaDB 10.6
    try temp disable CSF
     
  12. jellday

    jellday Member

    73
    4
    8
    May 31, 2014
    Ratings:
    +9
    Local Time:
    7:18 AM
    1.4.6
    5.5
    Yes. After doing so, now the problem is solved. Thank you eva2000, your help is hightly appreciated.

    Thank you too. It is a good way to diagnose the problem.
     
  13. eva2000

    eva2000 Administrator Staff Member

    54,328
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    9:18 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    That might not work as CSF rules are loaded at server start up time to configure both what is allowed and what isn't. But still worth trying. When you temp disable CSF Firewall, you aren't just removing what isn't allowed, but also what is allowed rules so it defaults to whatever the base system is configured for.
    Glad to hear. CSF is setup this way so you have absolute control over who can connect in/out of your servers :) CSF whitelists common ports like 22, 443 for HTTPS and 80 for non-HTTPS. But if you change default SSHD port from 22 via centmin.sh menu method, it only updates incoming custom port for SSH. Whilelisting IP, will allow server to connect to and from all ports.