Unsolved
3 Posts
0
471
S6010 GNS3 ssh not listening on management port.
Hi,
I'm trying to learn OS10. I've downloaded the OS10_Virtualization_10.5.4.3.6V.zip from support website, which is supposed to be for GNS3. My system is Ubuntu 20.04 running GNS3 2.2.34.
So my problem is, I'm not able to get ssh to work for the management network (telnet isn't a problem).
Here are the steps I use, logged in as admin after the initial installation.
conf
interface management
shutdown
no ip address dhcp
ip address 10.0.0.101/24
no shutdown
exit
ip ssh server enable
According to the docs I've read up till now, I should be able to ssh to the server. But I'm not able to do that. If I continue to test it from the OS10(config)# prompt, this is what I get:
do system "ssh linuxadmin@localhost" --- This works. I was testing to see if sshd is listening.
do system "ssh linuxadmin@10.0.0.101" --- This FAILS.
Any ideas? Or am I missing some steps?
DELL-Marco B
Moderator
Moderator
•
3.4K Posts
0
September 27th, 2022 07:00
Hello,
usually we can support real systems with service tag, so we cannot escalate this internally to the network team.
Anyway, did you perform the command "configure terminal" ? Just before the command ip ssh server enable?
Thanks
KelvinLnx
3 Posts
1
September 27th, 2022 19:00
Hi Marco
Thanks for the response.
I'm a technical trainer of 20+ yrs and just trying to expand one of my course offerings. What I was trying to do is to create a new course/workshop on Ansible automation for networking folks. As it's more of a workshop/hands-on format, I'd like to use a more practical approach such as implementing Spine-Leaf fabric using Ansible as well as patches. I'm already done with VyOS, and now looking to expand the examples to include other popular choices such as Dell EMC and Cisco (maybe Palo Alto too).
Now back to the problem, I'm not familiar with this Dell Networking OS and how things should be done. My only source is the loads of docs available from Dell. Since there's a GNS3 bundle from Dell, I'm just trying it out. I booted the VMs from the template, waited 20-30 min for it to finish install and rebooted, waited for a bit extra after the prompt appears (the admin account wouldn't be available immediately when the login prompt appears), login to admin and performed the commands listed above. And yes I did type "configure terminal" (I used the shortcut conf command, which dell autocompletes with configure terminal).
According to dell website articles and docs, that's all that is needed. But I wasn't able to ssh to the network device remotely. What struck me as odd, is that I'm able to connect using telnet but not able to do the same with ssh. So I thought that I might have missed something very important like acl or maybe some core security settings. That's why I'm posting to the community forum for help.
While troubleshooting, I noticed that the firewall in the S6010 vm only allows localhost(127.0.0.1) as listed below.
linuxadmin@OS10:~$ sudo iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 127.0.0.1 127.0.0.1
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:54320:54321 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:54320:54321 reject-with icmp-port-unreachable
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:!68 dpt:67
REJECT all -- 0.0.0.0/0 0.0.0.0/0 mark match 0xff reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4789
linuxadmin@OS10:~$
Not knowing how to do it properly, I hacked the firewall rule with
sudo iptables -t filter -I INPUT 2 -p tcp --dport 22 -j allow
And now I'm able to ssh to the device. I wonder if this is the correct method. BTW, I'm having this exact problem with S4128F GNS3 image from the same OS10_Virtualization_10.5.4.3.6V.zip. So maybe my method is wrong and I missed something. If anyone knows the right way, please let me know.
DELL-Joey C
Moderator
Moderator
•
3.1K Posts
0
September 28th, 2022 01:00
Hi @KelvinLnx,
Thanks for adopting the OS10 as one of your training. But unfortunately the social support here too refers to the guides that are available, and I would assume you have already done the same since you mentioned it. Hence, it's out of our capability to help you out, as much as we do. The issue that you're having might sound like it's the VM's issue than the OS10's. Have you tried on other virtualization?
ToroMac
4 Posts
0
December 13th, 2022 01:00
Hi @KelvinLnx
Thanks for this - now got it working on my own VMs, though I found the command needed to be:
sudo iptables -t filter -I INPUT 2 -p tcp --dport 22 -j ACCEPT
Note: ACCEPT instead of "allow" as the last argument
#IWorkForDell
KelvinLnx
3 Posts
1
December 16th, 2022 00:00
You're welcome @ToroMac ,
Actually, I've confirmed that it's a bug. Sometimes it works correctly and often times not. The problem is when we've enabled ssh using ip ssh enable, the server is supposed to add that firewall rule by itself. This does not always work (I've tried >20 times with different scenarios and machines). I'm able to get it to work on a freshly setup machine (host os) and then use the s6010. This same VM doesn't work (the firewall rule not added) on second boot. Whenever it doesn't work, I'll just have to manually add the rule.
And yes, thanks for correcting the iptables rule, it's ACCEPT. That's the problem when I type from memory. Lol.