Managing server via SSH

[jlehtone]

[quote]
Mark4785 wrote:
Yes, by "view" i mean to log in to either root or a standard user account on CentOS via an SSH client on my iMac WHEN CentOS is at the splash screen (log in/welcome screen).[/quote]
It does not sound like that that is what you want.

SSH creates its own independent command line session regardless of whether the host has X-server or not. There is no GUI.

To see the GUI desktop a vnc or similar is required. Ssh is not required for those.

[TrevorH]

I've seen a similar but not identical message if you try to set up a tunnel using a port < 1024. E.g.

[code]
$ ssh -L:999:eee:80 eee
Privileged ports can only be forwarded by root.
[/code]

[alexm]

[quote]
Mark4785 wrote:

I am still having difficulties doing the above. I tried to connect to CentOS (using the SSH port of 22) using the MacOSX terminal over on my iMac, rather than using the 'Chicken of the VNC' client and I got this error message:

"Port forwarding only permitted by root account".

At the time of this connection attempt, the CentOS machine was logged into a standard user account. So my next question is how would I allow port forwarding on a CentOS machine whilst it is at the log-in menu?[/quote]

Mark,

I think there is some confusion being generated here.

When you state "connect to CentOS", we (or, at least, I) are thinking you are trying to connect to the CLI of your server, which is what SSH is *typically* and *generally* used for. However, I believe that you are trying to tunnel the CentOS Desktop GUI to your Mac using SSH tunneling (which can be done using Xwindows, and what you may have found during your searches of the interwebs). That is the only scenario that I can think of that would explain why you are concerned about the desktop being at the log-in menu, and why you would mention Chicken of the VNC.

If this is the case, please confirm, as it will help clear up the confusion, and will generate better answers that will fit your situation.

If I am wrong, well, then I'm an idiot and you can feel free to say so. :-D

Good luck!

Alex

[Mark4785]

Hi Alex,

Yes, you are exactly right. I initially learned about VNC and how it is used to view the GUI of a remote computer from a computer running client software (i.e. my iMac with Chicken of the VNC) but quickly stopped using this method of communication due to the apparent fact that uses an insecure telnet service. Given this, I'm wanting to remotely access the GUI of the server using Chicken of the VNC because it allows for the ability to remotely view CentOS through a more secure SSH tunnel. I wasn't aware that SSH was used for any other purpose as I'm very new to networking and still slowly trying to expand my knowledge of it.

So just to clear up, I am trying to remotely view the GUI of my CentOS 5 server using the SSH VNC tunnelling method as allowed by the Chicken of the VNC client installed on my iMac.

Thank you for adding some clarity to the discussion! :lol:

[quote]
pschaff wrote:

Aside from that, all I can think to suggest is to provide the information requested about the network and NetworkManager services, and to read:

[url=http://wiki.centos.org/FAQ/CentOS6#head-b67e85d98f0e9f1b599358105c551632c6ff7c90]CentOS-6 FAQ #2 Why does my Ethernet not work unless I log in and explicitly enable it?[/url][/quote]


The CentOS server, according to an application called 'IP Scanner' on my iMac, is acquiring its internal IP address while it is at the splash/log-in screen so I doubt the ethernet cable isn't working. Nevertheless, I will follow the instructions provided in the URL you have provided. Thanks.

Edit: I have followed that guide and can confirm that the 'ONBOOT=Yes' text was already in place and 'BOOTPROTO=DHCP' text was already there. The part of the guide that asks me to visit 'System; Preferences; More Preferences Network Connections' and check the 'connect automatically' box cannot be completed as all the options are shaded out.

[quote]
Also, how do I know whether I am using the 'NetworkManager' or 'Network' service?
[b]chkconfig --list | grep -i network[/b][/quote]

I have issued that command and get the following result:

[code]
NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6: off
Network 0: off 1:off 2:on 3:on 4:on 5:on 6:off
[/code]

[Mark4785]

I have issued the chkconfig --list | grep -i network' command and listed the results in the above post.

Do the results indicate in anyway what might be stopping the SSH connection to the server at the splash screen?

[jlehtone]

First, what is the actual problem now? You have booted the CentOS server and you cannot ssh to it [from Mac]? What is the command you do use [to connect] and what is the error message?

On the server, make the NM banishment complete with:
[code]yum remove NetworkManager\*[/code]
Then, please use the [url=https://www.centos.org/modules/newbb/viewtopic.php?topic_id=25128&forum=47]getinfo.sh network[/url] and show us the result.

[markkuk]

[quote]
Mark4785 wrote:

So just to clear up, I am trying to remotely view the GUI of my CentOS 5 server using the SSH VNC tunnelling method as allowed by the Chicken of the VNC client installed on my iMac.
[/quote]
Have you set up VNC server on the CentOS machine to allow SSH tunneling? http://wiki.centos.org/HowTos/VNC-Server#head-f4875017c8bdcb37fce770575ae8decf0e9f185d

[Mark4785]

[quote]
markkuk wrote:

Have you set up VNC server on the CentOS machine to allow SSH tunneling? http://wiki.centos.org/HowTos/VNC-Server#head-f4875017c8bdcb37fce770575ae8decf0e9f185d[/quote]

Yes, i've followed that guide and set-up SSH tunnelling for the root account in addition to a standard user account named accessroot.

VNCSERVERS="1:root 2:accessroot"
VNCSERVERARGS[1]="-geometry 640x480 -localhost"
VNCSERVERARGS[2]="-geometry 640x480 -localhost"


As discussed before, I can access the CentOS machine over an SSH tunnel WHEN i am logged in has root but I want to be able to connect to the CentOS server at the log-in screen BEFORE i am logged in has root. I am not able to connect to the CentOS server while logged in has the standard user named 'accessroot' despite configuring access in the /etc/sysconfig/vncservers file.

[quote]
jlehstone wrote:
FIrs,t, what is the actual problem now? You have booted the CentOS server and you cannot ssh to it [From Mac]? What is the command you do use [to connect] and what is the error message?

On the server, make the NM banishment complete with:
[code] yum remove NetworkManager\*[/code]
Then, please use the [url=https://www.centos.org/modules/newbb/viewtopic.php?topic_id=25128&forum=47]getinfo.sh network[/url] and show us the result.[/quote]

I can connect to the CentOS server over a SSH tunnel but ONLY AFTER logging in has the root user. I want to be able to access CentOS over a SSH tunnel while it is sat at the log-in menu.

I am using a VNC client with SSH tunneling capability. I fill in the following fields:

'Host: localhost
SSH host: 192.168.0.7

[b] OR [/b]

Host: localhost
SSH host: root@192.168.0.7

I get the following error message [b] when not logged in has root and CentOS is situated at the log-in screen[/b]: 'Could not establish an SSH connection to server 192.178.0.7 - permission denied by SSH server'.

I have removed 'NetworkManager' has requested and have installed 'Getinfo.sh' package. I have issued the 'getinfo.sh network' command and I get the following output:

'Information for network problems.
[code]
== BEGIN uname -rmi ==
2.6.18-308.11.1.el5 x86_64 x86_64
== END uname -rmi ==

== BEGIN rpm -qa \*-release\* ==
rpmforge-release-0.5.2-2.el5.rf
centos-release-notes-5.8-0
elrepo-release-5-3.el5.elrepo
centos-release-5-8.el5.centos
== END rpm -qa \*-release\* ==

== BEGIN cat /etc/redhat-release ==
CentOS release 5.8 (Final)
== END cat /etc/redhat-release ==

== BEGIN getenforce ==
Enforcing
== END getenforce ==

== BEGIN free -m ==
total used free shared buffers cached
Mem: 3959 967 2991 0 53 551
-/+ buffers/cache: 361 3597
Swap: 5951 0 5951
== END free -m ==

== BEGIN lspci -nn ==
00:00.0 Host bridge [0600]: Intel Corporation E7230/3000/3010 Memory Controller Hub [8086:2778]
00:01.0 PCI bridge [0604]: Intel Corporation E7230/3000/3010 PCI Express Root Port [8086:2779]
00:1c.0 PCI bridge [0604]: Intel Corporation N10/ICH 7 Family PCI Express Port 1 [8086:27d0] (rev 01)
00:1c.4 PCI bridge [0604]: Intel Corporation 82801GR/GH/GHM (ICH7 Family) PCI Express Port 5 [8086:27e0] (rev 01)
00:1c.5 PCI bridge [0604]: Intel Corporation 82801GR/GH/GHM (ICH7 Family) PCI Express Port 6 [8086:27e2] (rev 01)
00:1d.0 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #1 [8086:27c8] (rev 01)
00:1d.1 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #2 [8086:27c9] (rev 01)
00:1d.2 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #3 [8086:27ca] (rev 01)
00:1d.7 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB2 EHCI Controller [8086:27cc] (rev 01)
00:1e.0 PCI bridge [0604]: Intel Corporation 82801 PCI Bridge [8086:244e] (rev e1)
00:1f.0 ISA bridge [0601]: Intel Corporation 82801GB/GR (ICH7 Family) LPC Interface Bridge [8086:27b8] (rev 01)
00:1f.1 IDE interface [0101]: Intel Corporation 82801G (ICH7 Family) IDE Controller [8086:27df] (rev 01)
00:1f.2 IDE interface [0101]: Intel Corporation N10/ICH7 Family SATA Controller [IDE mode] [8086:27c0] (rev 01)
00:1f.3 SMBus [0c05]: Intel Corporation N10/ICH 7 Family SMBus Controller [8086:27da] (rev 01)
02:00.0 PCI bridge [0604]: Intel Corporation 6702PXH PCI Express-to-PCI Bridge A [8086:032c] (rev 09)
03:02.0 SCSI storage controller [0100]: Adaptec AHA-3960D / AIC-7899A U160/m [9005:00c0] (rev 01)
03:02.1 SCSI storage controller [0100]: Adaptec AHA-3960D / AIC-7899A U160/m [9005:00c0] (rev 01)
04:00.0 Ethernet controller [0200]: Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet PCI Express [14e4:1659] (rev 11)
06:05.0 VGA compatible controller [0300]: XGI Technology Inc. (eXtreme Graphics Innovation) Z7/Z9 (XG20 core) [18ca:0020]
== END lspci -nn ==

== BEGIN lsusb ==
Protocol spec without prior Class and Subclass spec at line 4297
Bus 001 Device 001: ID 0000:0000
Bus 003 Device 001: ID 0000:0000
Bus 002 Device 001: ID 0000:0000
Bus 004 Device 001: ID 0000:0000
Bus 004 Device 002: ID 413c:3200 Dell Computer Corp. Mouse
Bus 004 Device 003: ID 413c:2003 Dell Computer Corp. Keyboard
== END lsusb ==

== BEGIN rpm -qa kmod\* kmdl\* ==
== END rpm -qa kmod\* kmdl\* ==

== BEGIN ifconfig -a ==
eth0 Link encap:Ethernet HWaddr 00:15:C5:5E:F7:12
inet addr:192.168.0.7 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::215:c5ff:fe5e:f712/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21268 errors:0 dropped:0 overruns:0 frame:0
TX packets:20847 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5560368 (5.3 MiB) TX bytes:11783760 (11.2 MiB)
Interrupt:169 Memory:fe6f0000-fe700000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:24434 errors:0 dropped:0 overruns:0 frame:0
TX packets:24434 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13510778 (12.8 MiB) TX bytes:13510778 (12.8 MiB)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

== END ifconfig -a ==

== BEGIN brctl show ==
/usr/local/bin/getinfo.sh: line 89: brctl: command not found
== END brctl show ==

== BEGIN route -n ==
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
== END route -n ==

== BEGIN cat /etc/resolv.conf ==
; generated by /sbin/dhclient-script
nameserver 193.36.79.101
nameserver 193.36.79.100
search localdomain
== END cat /etc/resolv.conf ==

== BEGIN grep net /etc/nsswitch.conf ==
#networks: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
netmasks: files
networks: files
netgroup: nisplus
== END grep net /etc/nsswitch.conf ==

== BEGIN chkconfig --list | grep -Ei 'network|wpa' ==
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
wpa_supplicant 0:off 1:off 2:off 3:off 4:off 5:off 6:off
== END chkconfig --list | grep -Ei 'network|wpa' ==

[/code]'

[Mark4785]

Bump.

[pschaff]

[quote]
Mark4785 wrote:
...
Yes, i've followed that guide and set-up SSH tunnelling for the root account in addition to a standard user account named accessroot.

[color=ff0000][b]VNCSERVERS="1:root 2:accessroot"[/b][/color]
VNCSERVERARGS[1]="-geometry 640x480 -localhost"
VNCSERVERARGS[2]="-geometry 640x480 -localhost"
[/quote]
Don't try to access the GUI as root. Start the session as a normal user and [url=http://wiki.centos.org/TipsAndTricks/BecomingRoot]become root[/url] as required.