mystified Posted September 1, 2005 Report Share Posted September 1, 2005 I have a router with port 22 open. I can successfully ssh into another computer in my network. But if someone tries to ssh into my box or I try to ssh into their box I get connection refused. This happens in both Mandrake and Gentoo which is why I'm posting it here. Don't think it's a distro problem. Link to comment Share on other sites More sharing options...
jboy Posted September 1, 2005 Report Share Posted September 1, 2005 (edited) You probably just need a line in /etc/hosts.allow like this: sshd:<ip address of client machine>:ALLOW You can use wildcards, netmasks, etc. See: man hosts.allow If you want, you could also do: sshd:ALL:ALLOW (undoubtedly a poor idea security-wise, I'm just showing some examples of the syntax) Also, if there's a firewall running on those machines, check if it's configured to open tcp port 22. Edited September 1, 2005 by jboy Link to comment Share on other sites More sharing options...
mystified Posted September 1, 2005 Author Report Share Posted September 1, 2005 Same problem. The only firewall I have is the NAT firewall on my router. And I have been able to successfully ssh out of this box before with no changes to the configuration. Link to comment Share on other sites More sharing options...
jboy Posted September 1, 2005 Report Share Posted September 1, 2005 (edited) Hmmm, whenever I had that connection refused problem, it was because /etc/hosts.allow didn't allow sshd to accept the ip address of the client machine trying to ssh in. Just grasping at straws here (you've probably checked all this out): sshd running? sshd listening on port 22 (netstat -anpt) Can you have the admin of the machine you're trying to ssh into send you their /etc/hosts.allow to verify that it's configured correctly to allow your machine's access? Some other tcpwrapper that's running that needs to be configured? Does /var/log/messages on the machine you're trying to ssh into provide any clues? I dunno, I'm out of ideas. Edited September 1, 2005 by jboy Link to comment Share on other sites More sharing options...
mystified Posted September 1, 2005 Author Report Share Posted September 1, 2005 this is part of the response of netstat -anpt tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN No tcpwrapper. And no errors for clues other than what I posted. I'm out of ideas myself. Link to comment Share on other sites More sharing options...
jboy Posted September 1, 2005 Report Share Posted September 1, 2005 Yeah, that line from the netstat output looks fine. Could there be anything in these files causing the problem? /etc/ssh/denyusers /etc/ssh/ssh_config /etc/ssh/sshd_config Link to comment Share on other sites More sharing options...
mystified Posted September 1, 2005 Author Report Share Posted September 1, 2005 I don't have a denyusers file and the others look fine as far as I can tell. Link to comment Share on other sites More sharing options...
jboy Posted September 1, 2005 Report Share Posted September 1, 2005 (edited) If you go to a port scanning site like ShieldsUp!, does it show tcp port 22 as open? Maybe temporarily you could try this in the /etc/hosts.allow file for the machine you're trying to ssh into. ALL:<ip_of_ssh_client_machine>:ALLOW or, corresponding, for your machine that others are trying to ssh into: ALL:<their_ip>:ALLOW Edited September 1, 2005 by jboy Link to comment Share on other sites More sharing options...
jboy Posted September 1, 2005 Report Share Posted September 1, 2005 Could iptables be running and blocking access? Like I said, grasping at straws! Link to comment Share on other sites More sharing options...
mystified Posted September 1, 2005 Author Report Share Posted September 1, 2005 iptables isn't installed and Shields Up shows port 22 as being open Link to comment Share on other sites More sharing options...
paul Posted September 1, 2005 Report Share Posted September 1, 2005 I assume you have only 1 static IP address? Are you trying to open port 22 to 2 internal IP's? coz that won't work. if you have 22 open already, you will need to remove that rule and create a new rule to point to your internal IP Link to comment Share on other sites More sharing options...
mystified Posted September 1, 2005 Author Report Share Posted September 1, 2005 Just one ip and it's my internal ip. Link to comment Share on other sites More sharing options...
Qchem Posted September 2, 2005 Report Share Posted September 2, 2005 Silly suggestion, the user you're trying to connect as does exist on the server? Link to comment Share on other sites More sharing options...
phunni Posted September 2, 2005 Report Share Posted September 2, 2005 do an ssh -vvv and post the results... Link to comment Share on other sites More sharing options...
mystified Posted September 2, 2005 Author Report Share Posted September 2, 2005 do an ssh -vvv and post the results... <{POST_SNAPBACK}> mystified@gentoo ~ $ ssh -vvv mysti@xx.xxx.xxx.xx OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to xx.xxx.xxx.xx [xx.xxx.xxx.xx] port 22. debug1: connect to address xx.xxx.xxx.xx port 22: Connection refused ssh: connect to host xx.xxx.xxx.xx port 22: Connection refused I blocked out the user's ip at his request. Also Qchem the same thing happens if he tries to ssh into my box. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now