我原来ip可以登陆远程linux主机现在ip改了 登陆不了了 如何修改

double08

OK。   now in the server side:

1). kill sshd (make sure you can easily reach the server first?  don;t blame me if u can not logon using console.)
2). run it in debug mode:

sshd -d

3). connect again

4). post ur error message here

livelybear

要修改的是服务器那边的sshd_config.


你用计算机名字登录的吗？
比如：　ssh  host.com

如果是那样的话，在修改了IP后，最好修改域名并把名服务重启动一下
service named restart

topsec2008

[root@mailserver ssh]# sshd -d
debug1: sshd version OpenSSH_3.4p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
socket: Address family not supported by protocol
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Address already in use.
Cannot bind any address.
[root@mailserver ssh]#
怎么kill sshd? 我很菜

topsec2008

好像和这个文件有关/etc/sysconfig/iptables
但是在里面添加了ip地址还是不行

double08

原帖由 "topsec2008"]lserver ssh 发表：
#
怎么kill sshd? 我很菜

还是让你老板去干这活吧

llzqq

# service iptables stop

这样可以了吗？

topsec2008

[root@mailserver sysconfig]# more networking

*** networking: directory ***

[root@mailserver sysconfig]# more redhat-config-users
#Configuration file for redhat-config-users
#Copyright (c) 2002 Red Hat, Inc.  all rights reserved

#Filter out sytem users by default
FILTER=true
[root@mailserver sysconfig]#
[root@mailserver sysconfig]#
[root@mailserver sysconfig]# more iptables
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0]
:FORWARD ACCEPT [0]
:OUTPUT ACCEPT [0]
:RH-Lokkit-0-50-INPUT - [0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 110 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 80 --syn -j ACCE
PT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 192.168.9.103/32 --dport 22 --syn -j AC
CEPT

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 192.168.7.186/32 --dport 22 --syn -j AC
CEPT

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 192.168.9.27/32 --dport 22 --syn -j ACC
EPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 3306 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT

topsec2008

呵呵 可以了 不过防火墙关了不安全啊  
除了iptables 是否需要设置别的地方呢

topsec2008

北京的工作有没有兴趣？

现在正在找！可以到北京

topsec2008

好的 song_guozhe@topsec.com.cn
发一份简历给我  我转给人力
我刚招的那哥们 不行