Jump to content

ssh problem [solved]


mystified
 Share

Recommended Posts

I have a router with port 22 open. I can successfully ssh into another computer in my network. But if someone tries to ssh into my box or I try to ssh into their box I get connection refused. This happens in both Mandrake and Gentoo which is why I'm posting it here. Don't think it's a distro problem.

Link to comment
Share on other sites

  • Replies 35
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

You probably just need a line in /etc/hosts.allow like this:

 

sshd:<ip address of client machine>:ALLOW

 

You can use wildcards, netmasks, etc. See: man hosts.allow

 

If you want, you could also do:

 

sshd:ALL:ALLOW (undoubtedly a poor idea security-wise, I'm just showing some examples of the syntax)

 

Also, if there's a firewall running on those machines, check if it's configured to open tcp port 22.

Edited by jboy
Link to comment
Share on other sites

Hmmm, whenever I had that connection refused problem, it was because /etc/hosts.allow didn't allow sshd to accept the ip address of the client machine trying to ssh in.

 

Just grasping at straws here (you've probably checked all this out):

 

sshd running?

 

sshd listening on port 22 (netstat -anpt)

 

Can you have the admin of the machine you're trying to ssh into send you their /etc/hosts.allow to verify that it's configured correctly to allow your machine's access?

 

Some other tcpwrapper that's running that needs to be configured?

 

Does /var/log/messages on the machine you're trying to ssh into provide any clues?

 

I dunno, I'm out of ideas.

Edited by jboy
Link to comment
Share on other sites

this is part of the response of netstat -anpt

 

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN

 

No tcpwrapper. And no errors for clues other than what I posted.

 

I'm out of ideas myself.

Link to comment
Share on other sites

If you go to a port scanning site like ShieldsUp!, does it show tcp port 22 as open?

 

Maybe temporarily you could try this in the /etc/hosts.allow file for the machine you're trying to ssh into.

 

ALL:<ip_of_ssh_client_machine>:ALLOW

 

or, corresponding, for your machine that others are trying to ssh into:

 

ALL:<their_ip>:ALLOW

Edited by jboy
Link to comment
Share on other sites

I assume you have only 1 static IP address?

Are you trying to open port 22 to 2 internal IP's? coz that won't work.

if you have 22 open already, you will need to remove that rule and create a new rule to point to your internal IP

Link to comment
Share on other sites

do an ssh -vvv and post the results...

 

mystified@gentoo ~ $ ssh -vvv mysti@xx.xxx.xxx.xx
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to xx.xxx.xxx.xx [xx.xxx.xxx.xx] port 22.
debug1: connect to address xx.xxx.xxx.xx port 22: Connection refused
ssh: connect to host xx.xxx.xxx.xx port 22: Connection refused

 

I blocked out the user's ip at his request.

 

Also Qchem the same thing happens if he tries to ssh into my box.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...