-   Debian (
-   -   Sarge to Etch on ssh fails (

Dutch Master 11-09-2006 06:33 PM

Sarge to Etch on ssh fails
Okay, I'm trying for a while, but nothing works...

I have a desktop and laptop and until recently both had Sarge installed. I could ssh from one to the other without any problem. Two weeks ago I decided to upgrade the laptop to Etch but that left me with some problems (like non-working menu entries) so I'd had to bite the bullet and re-install from scratch with an Etch net-install CD. All works well, except logging in remotely via ssh. I can ssh into the desktop from the laptop, but the other way round it fails with a 'Permission Denied' error. I've created a 1024 bit RSA key-pair and copied it from the laptop to the desktop (with scp, also works in only 1 direction), but to no avail. I'm doing something wrong, but I'm out of ideas...

Brian1 11-09-2006 06:46 PM

Check out this link and check everything out step by step to see if all is configured. One thing to check is if there is a firewall active to make sure tcp port 22 is open.


fordeck 11-09-2006 06:51 PM

Just trying to find out more information.
Is this as a normal user?
Does your firewall allow port 22?
What do you see in your logs?

Dutch Master 11-09-2006 08:04 PM

Brian, thanks for the link, I'll investigate.

Fordeck: this is indeed as a normal user, but that worked before as well. As root it also fails with the same error. Firewall? Not that I'm aware of. Port 22 should be open, as it's on my local LAN. However, I installed Guarddog as it appears iptables is present (and apparently active) on the laptop. It doesn't make a difference though....

fordeck 11-09-2006 08:19 PM

The user root by default should not be able to ssh. However iptables could be blocking port 22. Some distro's ask during instalation what services you want to allow, and if you did not explicitly allow port 22, then it will be blocked. One way to test would be to disable iptables on the laptop and try again.

Dutch Master 11-09-2006 08:23 PM

I tried, even removed iptables all together, later disabled the firewall with Guarddog, but still that d*mned "Permission denied" error...

Brian1 11-09-2006 08:41 PM

To clear iptables use the command as root ' iptables -F ' to flush the rules. See if you can connect as a regular user account. Only last thought to make sure port is open and there is to use a portscanning app from other local lan machine to scan that machine.


Dutch Master 11-09-2006 08:57 PM

Thanks for the hint Brian, I scanned from the desktop and only ports 80, 111, 113, 538 and 5900 are reported open. (don't worry, I have a hardware firewall in my router ;)) I'll be looking back tomorrow to see if I overlooked something with that tutorial in hand. Thanks and good night! (it's 3 a.m. local time... zzzzzzzzzzzzzz ;))

farslayer 11-10-2006 12:19 AM

If the firewall is down and the port is not open ssh is either not installed or it's not running.. try to restart the daemon and see what happens..


debian:~# /etc/init.d/ssh stop
Stopping OpenBSD Secure Shell server: sshd.

debian:~# netstat -l | grep :ssh

debian:~# /etc/init.d/ssh restart
Restarting OpenBSD Secure Shell server: sshd.

debian:~# netstat -l | grep :ssh
tcp      0      0 *:ssh                  *:*                    LISTEN

Above I stopped ssh, then used netstat to check for the running daemon.. no response returned indicating ssh is not running.

I then restarted the ssh daemon used netstat to check for it and the response indicates ssh is indeed running on my machine now..

Dutch Master 11-10-2006 07:00 AM

I tried the netstat command Farslayer gave and it turned out... Nothing! For some reason SSH wasn't installed, so I did a

apt-get install ssh
let it run for a few moments and then tried logging in from the desktop. Bingo!
Stupid, stupid, stupid banging head against wall

Okay, now I can proceed configuring my laptop :) Thanks guys!

farslayer 11-10-2006 03:05 PM

Ah yes the 'BASE' install of Debian leaves out everything that isn't necessary.. including ssh :)

it does make for a clean system though ehh ?

Dutch Master 11-10-2006 08:20 PM

A little too clean if you ask me ;)

Brian1 11-11-2006 09:13 AM

Glad to see you have it going. I guess you get what you ask for during and install. SSH should be a default all the way to Base install.


jlinkels 11-11-2006 09:44 AM

Dutch Master,

Dist-upgrade doesn't work great in the stage of development Etch is in now, so I think it was justified to do a clean install. I have faced the same problems doing dist-upgrade. And a clean install of Etch is working just fine.

Indeed, Debian doesn't install SSH by default, and some more very basic packages it doesn't install.

Next time, do

dpkg --get-selections > my-installation.txt
on your old machine. You'll end up with a list of all your installed packages.

Edit the list if you like, but to get all packages back do:

dpkg --set-selections < my-installation.txt
This will install all packages again, but obviously the new versions. It works reasonably well since you are on a fresh installation. SSH is included for sure :)


PS. This is one of the reasons to get basic skills in vi. Even Debian doesn't leave out that one.

All times are GMT -5. The time now is 12:24 AM.