I am trying to SSH from my virtual image to the host system and get connection refused.
I have tried connecting to the systems' IP addr and the gateway IP addr for the virtual host. Still connection refused.
I can SSH to my host from another with no trouble.
What am I missing?
thanks
Robert Moskowitz writes:
I am trying to SSH from my virtual image to the host system and get connection refused.
I have tried connecting to the systems' IP addr and the gateway IP addr for the virtual host. Still connection refused.
I can SSH to my host from another with no trouble.
What am I missing?
1) Ping your host's IP address from the VM.
2) Assuming it's pingable, look into what firewalld says, about the ssh port, and what IP addresses it's accessible from.
On 8/16/20 10:50 PM, Sam Varshavchik wrote:
Robert Moskowitz writes:
I am trying to SSH from my virtual image to the host system and get connection refused.
I have tried connecting to the systems' IP addr and the gateway IP addr for the virtual host. Still connection refused.
I can SSH to my host from another with no trouble.
What am I missing?
- Ping your host's IP address from the VM.
Pinging works fine.
- Assuming it's pingable, look into what firewalld says, about the
ssh port, and what IP addresses it's accessible from.
# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: wlp1s0 sources: services: dhcpv6-client ipp ipp-client mdns ports: 745/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
SSH is on port 745 (well not 745, but off 22). I did the selinux command to allow ssh on this port and I can access from another system no trouble.
Just not from the virtual machine.
On 2020-08-17 11:18, Robert Moskowitz wrote:
On 8/16/20 10:50 PM, Sam Varshavchik wrote:
Robert Moskowitz writes:
I am trying to SSH from my virtual image to the host system and get connection refused.
I have tried connecting to the systems' IP addr and the gateway IP addr for the virtual host. Still connection refused.
I can SSH to my host from another with no trouble.
What am I missing?
- Ping your host's IP address from the VM.
Pinging works fine.
- Assuming it's pingable, look into what firewalld says, about the ssh port, and what IP addresses it's accessible from.
# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: wlp1s0 sources: services: dhcpv6-client ipp ipp-client mdns ports: 745/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
SSH is on port 745 (well not 745, but off 22). I did the selinux command to allow ssh on this port and I can access from another system no trouble.
What is the output of "firewall-cmd --get-active-zones"
On 8/16/20 11:25 PM, Ed Greshko wrote:
On 2020-08-17 11:18, Robert Moskowitz wrote:
On 8/16/20 10:50 PM, Sam Varshavchik wrote:
Robert Moskowitz writes:
I am trying to SSH from my virtual image to the host system and get connection refused.
I have tried connecting to the systems' IP addr and the gateway IP addr for the virtual host. Still connection refused.
I can SSH to my host from another with no trouble.
What am I missing?
- Ping your host's IP address from the VM.
Pinging works fine.
- Assuming it's pingable, look into what firewalld says, about the ssh port, and what IP addresses it's accessible from.
# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: wlp1s0 sources: services: dhcpv6-client ipp ipp-client mdns ports: 745/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
SSH is on port 745 (well not 745, but off 22). I did the selinux command to allow ssh on this port and I can access from another system no trouble.
What is the output of "firewall-cmd --get-active-zones"
# firewall-cmd --get-active-zones libvirt interfaces: virbr0 public interfaces: wlp1s0
And virbr0 is the one used for the QEMU.
On 2020-08-17 11:30, Robert Moskowitz wrote:
On 8/16/20 11:25 PM, Ed Greshko wrote:
On 2020-08-17 11:18, Robert Moskowitz wrote:
On 8/16/20 10:50 PM, Sam Varshavchik wrote:
Robert Moskowitz writes:
I am trying to SSH from my virtual image to the host system and get connection refused.
I have tried connecting to the systems' IP addr and the gateway IP addr for the virtual host. Still connection refused.
I can SSH to my host from another with no trouble.
What am I missing?
- Ping your host's IP address from the VM.
Pinging works fine.
- Assuming it's pingable, look into what firewalld says, about the ssh port, and what IP addresses it's accessible from.
# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: wlp1s0 sources: services: dhcpv6-client ipp ipp-client mdns ports: 745/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
SSH is on port 745 (well not 745, but off 22). I did the selinux command to allow ssh on this port and I can access from another system no trouble.
What is the output of "firewall-cmd --get-active-zones"
# firewall-cmd --get-active-zones libvirt interfaces: virbr0 public interfaces: wlp1s0
And virbr0 is the one used for the QEMU.
So, if you do "firewall-cmd --info-zone=libvirt" do you have port 745 enabled?
On 8/16/20 11:32 PM, Ed Greshko wrote:
On 2020-08-17 11:30, Robert Moskowitz wrote:
On 8/16/20 11:25 PM, Ed Greshko wrote:
On 2020-08-17 11:18, Robert Moskowitz wrote:
On 8/16/20 10:50 PM, Sam Varshavchik wrote:
Robert Moskowitz writes:
I am trying to SSH from my virtual image to the host system and get connection refused.
I have tried connecting to the systems' IP addr and the gateway IP addr for the virtual host. Still connection refused.
I can SSH to my host from another with no trouble.
What am I missing?
- Ping your host's IP address from the VM.
Pinging works fine.
- Assuming it's pingable, look into what firewalld says, about
the ssh port, and what IP addresses it's accessible from.
# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: wlp1s0 sources: services: dhcpv6-client ipp ipp-client mdns ports: 745/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
SSH is on port 745 (well not 745, but off 22). I did the selinux command to allow ssh on this port and I can access from another system no trouble.
What is the output of "firewall-cmd --get-active-zones"
# firewall-cmd --get-active-zones libvirt interfaces: virbr0 public interfaces: wlp1s0
And virbr0 is the one used for the QEMU.
So, if you do "firewall-cmd --info-zone=libvirt" do you have port 745 enabled?
No I don't
# firewall-cmd --info-zone=libvirt libvirt (active) target: ACCEPT icmp-block-inversion: no interfaces: virbr0 sources: services: dhcp dhcpv6 dns ssh tftp ports: protocols: icmp ipv6-icmp masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority="32767" reject
On 2020-08-17 11:40, Robert Moskowitz wrote:
No I don't
# firewall-cmd --info-zone=libvirt libvirt (active) target: ACCEPT icmp-block-inversion: no interfaces: virbr0 sources: services: dhcp dhcpv6 dns ssh tftp ports: protocols: icmp ipv6-icmp masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority="32767" reject
Well, connections from a QEMU guest come via the virbr0 interface which is in the libvirt zone.
So, you'll need to add that port for ssh to work.
On 8/16/20 11:42 PM, Ed Greshko wrote:
On 2020-08-17 11:40, Robert Moskowitz wrote:
No I don't
# firewall-cmd --info-zone=libvirt libvirt (active) target: ACCEPT icmp-block-inversion: no interfaces: virbr0 sources: services: dhcp dhcpv6 dns ssh tftp ports: protocols: icmp ipv6-icmp masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority="32767" reject
Well, connections from a QEMU guest come via the virbr0 interface which is in the libvirt zone.
So, you'll need to add that port for ssh to work.
Thanks for leading me to the problem. I will read up on this in the morning and get it working (I know you are half-way around the world from me!).
I have dealt with firewall zones on 'real' firewalls. Just never really spent the time on a host config. But until know, the host was always an endpoint.
On 2020-08-17 11:45, Robert Moskowitz wrote:
On 8/16/20 11:42 PM, Ed Greshko wrote:
On 2020-08-17 11:40, Robert Moskowitz wrote:
No I don't
# firewall-cmd --info-zone=libvirt libvirt (active) target: ACCEPT icmp-block-inversion: no interfaces: virbr0 sources: services: dhcp dhcpv6 dns ssh tftp ports: protocols: icmp ipv6-icmp masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority="32767" reject
Well, connections from a QEMU guest come via the virbr0 interface which is in the libvirt zone.
So, you'll need to add that port for ssh to work.
Thanks for leading me to the problem. I will read up on this in the morning and get it working (I know you are half-way around the world from me!).
firewall-cmd --permanent --zone=libvirt --add-port=745/tcp
should be sufficient.
I have dealt with firewall zones on 'real' firewalls. Just never really spent the time on a host config. But until know, the host was always an endpoint.
On 8/17/20 4:34 AM, Ed Greshko wrote:
On 2020-08-17 11:53, Ed Greshko wrote:
firewall-cmd --permanent --zone=libvirt --add-port=745/tcp
This is what I needed. And I have added it to my system setup notes.
Oh, you would need to do...
firewall-cmd --reload
afterward.
This little tidbit I already have down in my notes.
thanks
-
Ed Greshko -
Robert Moskowitz -
Sam Varshavchik