TIPS Locked out SSH & Website

Twilight Sparkle

https://voip.ms/en/invite/MjM2MjQ4
Joined
Jul 21, 2013
Messages
448
Reaction score
57
my computer is a GOOGLE CLOUD Compute Engine.

i got it to work last week no issues.

but email was not working so i erased it ever since then i cant seem to access the server from anyway.

the moment the script is done installing PIAF it works but the moment i reboot or issue iptables-restart and also adding my ip using add-ip home ip then select 0 and reboot...

no more access to SSH and no more access to the website or anything...

once in a while if i do a hard reset and quicly click ssh i get in but not past 3 days.... its a nite mare....

i used http://nerdvittles.com/?p=14208 as well as ubuntu and other ones nothing works after reboot..

i starting to think its GOOGLE and i need to switch back to Digital Ocean
 

krzykat

Telecom Strategist
Joined
Aug 2, 2008
Messages
3,145
Reaction score
1,235
Good plan.

I'm starting to play with Vultr and doing comparison with Digital Ocean, and I'm liking my results. Vultr has servers in Miami (good for me) - and also they give you more RAM. I'm starting to install nagios plugins and wireshark on instances, so the extra RAM is nice to have.
 

Twilight Sparkle

https://voip.ms/en/invite/MjM2MjQ4
Joined
Jul 21, 2013
Messages
448
Reaction score
57
I'm starting to play with Vultr and doing comparison with Digital Ocean, and I'm liking my results. Vultr has servers in Miami (good for me) - and also they give you more RAM. I'm starting to install nagios plugins and wireshark on instances, so the extra RAM is nice to have.

good idea.

i saw a post on here somewhere for a free $20 credit... so ill try Vultr. looks good.

yeah google cloud seems more for advance people... who know their way around serial and commands and networking.

Digital ocean made it simple and made you feel like a god, google... made me feel stupid
 

krzykat

Telecom Strategist
Joined
Aug 2, 2008
Messages
3,145
Reaction score
1,235
good idea.

i saw a post on here somewhere for a free $20 credit... so ill try Vultr. looks good.

Follow THIS and you'll be smart, happy, and fiscally responsible. Use Ward's referral link and if that doesn't work, let me know and I'll give you mine.
 

Twilight Sparkle

https://voip.ms/en/invite/MjM2MjQ4
Joined
Jul 21, 2013
Messages
448
Reaction score
57
good idea.

i saw a post on here somewhere for a free $20 credit... so ill try Vultr. looks good.

yeah google cloud seems more for advance people... who know their way around serial and commands and networking.

Digital ocean made it simple and made you feel like a god, google... made me feel stupid
they gave me a $50 credit but it expires in 60 days... + they gave me a $5 credit & $2 for twitter share but i had to send them a Open Ticket cuz it was not taking my debit card to get the $20 credit... and after i said something they gave me the $50 on Vultr
 

chris_c_

Active Member
Joined
Aug 19, 2010
Messages
509
Reaction score
67
If you want to pinpoint this bug of why the google compute server didn't let you ssh in after reboot,.this bug is probably due to the zealous iptables firewall and the fact it's clueless about ipv6. You're probably unaware when you're coming in on ipv6, and, reminder, the iptables firewall is able to unblock ipv4 only, ip6tables is non operational, and therefore, knock doesn't necessarily unblock your ipv6.

At the end of the pbx installer, make note of your 3 knock ports. Then, come in on ipv4, run your knock client from your IPv4, see if that lets you in on ssh, it really should.
 
Last edited:

Twilight Sparkle

https://voip.ms/en/invite/MjM2MjQ4
Joined
Jul 21, 2013
Messages
448
Reaction score
57
If you want to pinpoint this bug of why the google compute server didn't let you ssh in after reboot,.this bug is probably due to the zealous iptables firewall and the fact it's clueless about ipv6. You're probably unaware when you're coming in on ipv6, and, reminder, the iptables firewall is able to unblock ipv4 only, ip6tables is non operational, and therefore, knock doesn't necessarily unblock your ipv6.

At the end of the pbx installer, make note of your 3 knock ports. Then, come in on ipv4, run your knock client from your IPv4, see if that lets you in on ssh, it really should.

OMG-os that never came a cross my mind i for GOT they have IPV6.... snaps... dude... that... that... is ugh..........
i need to turn off ipv6... before i install.... UGH... what was i thinking...
 

chris_c_

Active Member
Joined
Aug 19, 2010
Messages
509
Reaction score
67
OMG-os that never came a cross my mind i for GOT they have IPV6.... snaps... dude... that... that... is ugh..........
i need to turn off ipv6... before i install.... UGH... what was i thinking...
After the install, make note of knock ports, let pbx server reboot, turn off ipv6 on your pc, run the knock client with the ports you noted in the order you noted, then ssh from the pc, it should work fine, in this scenario you're entering thru the "traveling man secret knock" method which remains valid for approx 24 hrs.
 

Members online

No members online now.

Forum statistics

Threads
25,778
Messages
167,504
Members
19,198
Latest member
serhii
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top