Firewall blocking SSH

Basically, I did a silly thing and didnt enable SSH access on an installation of opensuse 11.0, the box is remote, and I have no physical access to it.

I can boot the boox into a rescue mode, but it doesnt seem to have full root access. I have no access to YaST to disable the firewall from running at startup, and I dont see etc/sysconfig.

Can anyone help me with getting the firewall shutdown on boot? Is there a script I can write that will run at boottime to kill the firewall? If so, would it need a delay, so it runs after the system has enabled it.

Thanks for any help, as Im pulling my hair out right now.

I think you felt it coming: the firewall is doing what it’s supposed to do, block and allow things. In fact you closed the door that you have to use yourself.
AFAICS you need physical access to it, or someone that has and can stop the firewall for you.

TIP: always change the ssh port to something between 50000 and 60000, open that port in the firewall.

Well, whilst I was almost resigned to that fact, sir.

With the box rebooted to rescue mode I CAN access SSH. Just I cannot login with MY userdetails.

I get emailed a temp root login in, which doesnt have full root axx, that or the box is in state of part functioning that root axx doesnt work as we know it.

As I say, I cant access /etc/sysconfig with the account. Is there nothing else I can do?

Though I do see /etc/init.d and I do seem to be able to chmod root:root also chmod 775

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Once you are in rescue mode try using ‘su’ or ‘sudo’ to become full root.
What do you mean by you don’t have full root access? It may be that your
hard drive is not fully mounted or is not mounted read/write, both of
which are trivial to overcome. If you have access to the hard drive then
find the following line in /etc/sysconfig/SuSEfirewall2:

FW_CONFIGURATIONS_EXT=""

and change it to be the following:

FW_CONFIGURATIONS_EXT=“sshd”

Save the file, bring it up. Tada. Other things you could do is cp
/etc/init.d/skeleton to /etc/init.d/fixssh and add the following two lines
(make them only two lines in case they wrap around):

iptables -A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 22

• –tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP "
• –log-tcp-options --log-ip-options

iptables -A input_ext -p tcp -m tcp --dport 22 -j ACCEPT

This essentially opens the firewall. Now just make it start last with the
following single-line command:

ln -s /etc/init.d/fixssh /etc/init.d/rc3.d/S99fixsssh
/etc/init.d/rc5.d/S99fixssh

Once up remove the files you created (two symlinks and one file) and
hopefully that works out.

Good luck.

Eclectic wrote:
> Well, whilst I was almost resigned to that fact, sir.
>
> With the box rebooted to rescue mode I CAN access SSH. Just I cannot
> login with MY userdetails.
>
> I get emailed a temp root login in, which doesnt have full root axx,
> that or the box is in state of part functioning that root axx doesnt
> work as we know it.
>
> As I say, I cant access /etc/sysconfig with the account. Is there
> nothing else I can do?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJKMAp7AAoJEF+XTK08PnB5wOoP+wXJsZuJNlbWk51I5oYCf6we
onsWOaHJB7JPMVFuoqDnccbQpu6H4PLvcR685srisMupo+29mVRnjESBjku2A8+5
mcj2DlCZFkJN9ySox1BH0K0Yk3VYfavUtAZyKF8locWxuqE1dvzVr8/bhZ6oih3H
FkZHFhktscmOcXlecWMV0Fo1Ea3iCme0ZNoyWuzSgMV8LskP1qMEb6VDSZyJSeGE
aKjc69O0d4nt/KhuesRtsEYdhfbhSA/uiE8nl2+EALkHPcIBlazrammkCXaIaNeM
HO01Fr3FObFpLrcvNuCWHnqwWBBorsr9H530x1PoXoOsfX/z6I1peMt+qoalgWKn
TCV4ni1n6HkEN81eBE5E8NlhtfgPMEoG1pFcj85zNddDWRD48dchIWg+wCr65WGU
d1YOPyuA6oHjb6iaXsiydg/NnTiQXbktyZizm7zY8Yt/ZsoRqN8K0pauQCAmlqws
J/6F4XlB1FidwUtqTOsvLLcqqCloiW1T6Nnprw4NUVncvPipoH5N0Yb1+9ehPExy
NS9LAn/KzNMKDyp4guFSTCZe8Y1/iGHQLAiHzKG7iWjC3Q/WVrYVAXV2krv08Kok
r4TiPaHFm9pcty9BlExvB2Iz40Ugq4WBMHTeoQJmIFsHDFPZQJzX8cKeYrTz8gDs
FvaLsw2KOZVpkNuOH1Zg
=Nl0a
-----END PGP SIGNATURE-----