LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   can ping but not ssh (http://www.linuxquestions.org/questions/linux-networking-3/can-ping-but-not-ssh-503906/)

yumener 11-22-2006 08:24 AM

can ping but not ssh
 
HI, I have two computers in the same internal network,
say A and B. I can ssh from A to B, but B can not
ssh to A. Ping command works very well. openssh was
installed on both computers. what are the other possible
reasons? another hint is A can ssh to itself which
means its ssh server is open as i think.

thanks

camorri 11-22-2006 08:33 AM

Have you got a firewall running? Are you using port 22 for sshd on the failing machine?
Could you post the error messages you get?

yumener 11-22-2006 09:14 AM

there is a firewall, but both of these two computers
are on the same side of the firewall. It is a good
proof that A can SSH to B because A and B are two
computers in the totally equal status. There should
not be any reasons why A to B can and B to A cannot.

I use the default port but there is no error message
for example, I execute command: ssh computer-A, there
is no response at all, it did not say the port is
not open or the IP is not reachable.


Quote:

Originally Posted by camorri
Have you got a firewall running? Are you using port 22 for sshd on the failing machine?
Could you post the error messages you get?


immortaltechnique 11-22-2006 09:36 AM

Probably the port 22 on A is not open and if it is then there should be an error message or there is an internal problem with your addresses. what distro are you running?

yumener 11-22-2006 11:51 AM

ok, I will check the port.
A is Suse10, B is FC5.

Quote:

Originally Posted by immortaltechnique
Probably the port 22 on A is not open and if it is then there should be an error message or there is an internal problem with your addresses. what distro are you running?


spectra 11-22-2006 02:01 PM

If you type telnet <ip addr> 22 on both the machines, you should clearly see the header of the running SSHd, example:

shawr:/home/dave# telnet localhost 22
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3p2 Debian-5.1

Sounds like the SSH daemon is not running on machine A. You can also check this by typing ps aux | grep sshd. You should get something like:

root 2174 0.0 0.9 4928 1112 ? Ss Nov17 0:03 /usr/sbin/sshd

If you don't see a line similiar to this then I suggest you reinstall SSHd. Remember that your system can quite happily have ssh on it allowing you to open SSH connections and not have SSHd running.

Also if by some crazyness you have configured the sshd_config to run SSHd on a different port, you can use the lovely nmap tool to find out what port it is on.

nmap -T5 -sV localhost should do if you have nmap installed.

OR you can even type cat /etc/ssh/sshd_config | grep Port to find out what port your sshd is running on! Hope that helps lol :)

yumener 11-23-2006 06:06 AM

I run the command
a-pc$ telnet localhost 22

it shows something like to SSH-2.0-OpenSSH_4.3p2 Debian-5.1, but if I run the command on B
b-pc$ telnet a-pc-IP 22, the response is
Trying 138.37.90.53...

and wait...

On computer, A can ssh to itself. Does this mean
the port is not a problem?


Quote:

Originally Posted by dave_kv
If you type telnet <ip addr> 22 on both the machines, you should clearly see the header of the running SSHd, example:

shawr:/home/dave# telnet localhost 22
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3p2 Debian-5.1

Sounds like the SSH daemon is not running on machine A. You can also check this by typing ps aux | grep sshd. You should get something like:

root 2174 0.0 0.9 4928 1112 ? Ss Nov17 0:03 /usr/sbin/sshd

If you don't see a line similiar to this then I suggest you reinstall SSHd. Remember that your system can quite happily have ssh on it allowing you to open SSH connections and not have SSHd running.

Also if by some crazyness you have configured the sshd_config to run SSHd on a different port, you can use the lovely nmap tool to find out what port it is on.

nmap -T5 -sV localhost should do if you have nmap installed.

OR you can even type cat /etc/ssh/sshd_config | grep Port to find out what port your sshd is running on! Hope that helps lol :)


yumener 11-23-2006 06:35 AM

is it possible that pc-a has a local firewall setting?
pc-a is installed all by default (because we are newbie).
as I said in the last post, pc-b can ping to pc-a. and
pc-a can ssh to pc-a itself. we have another computer
pc-c in the same local network. pc-c and pc-b can communicate
to each other by ssh, but pc-a is not accessible by ssh to
both pc-b and pc-c. so I guess the problem is still the
setting of pc-a, not the department firewall.



Quote:

Originally Posted by yumener
I run the command
a-pc$ telnet localhost 22

it shows something like to SSH-2.0-OpenSSH_4.3p2 Debian-5.1, but if I run the command on B
b-pc$ telnet a-pc-IP 22, the response is
Trying 138.37.90.53...

and wait...

On computer, A can ssh to itself. Does this mean
the port is not a problem?


camorri 11-23-2006 09:41 AM

To clear up the questions about firewalls, or port 22 not open, run nmap from either the B machine or the C machine. I have used this technique to verify open ports. Here is a sample on my network. i use SSH on port 22.

Code:

nmap -T5 -sV presto

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-11-23 10:34 EST
Interesting ports on Presto (192.168.1.22):
(The 1659 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE          VERSION
22/tcp    open  ssh              OpenSSH 4.2p1 Debian-7ubuntu3.1 (protocol 2.0)
111/tcp  open  rpcbind          2 (rpc #100000)
773/tcp  open  rpc
10000/tcp open  snet-sensor-mgmt?

Note the line for port 22, if you get something similar, this is not a firewall or port issue. If it doesn't respond, then it probably is.

spectra 11-23-2006 10:28 AM

Spot on, thank you Cliff, couldn't have put it better myself! ;)

Does that answer your question yumener?

yumener 11-23-2006 01:08 PM

I run these command on B and the resuts are shown here.

$nmap -T5 -sV pc-a

Starting Nmap 4.20RC1 ( http://insecure.org ) at 2006-11-23 19:04 GMT
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0Nmap finished: 1 IP address (0 hosts up) scanned in 0.760 seconds

$nmap -T5 -sV -P0 pc-a
Starting Nmap 4.20RC1 ( http://insecure.org ) at 2006-11-23 19:06 GMT
Interesting ports on a-pc :
Not shown: 1689 filtered ports
PORT STATE SERVICE VERSION
113/tcp closed auth

Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 23.719 seconds


so seems that ssh port is not open? but how can I solve it?


Quote:

Originally Posted by camorri
To clear up the questions about firewalls, or port 22 not open, run nmap from either the B machine or the C machine. I have used this technique to verify open ports. Here is a sample on my network. i use SSH on port 22.

Code:

nmap -T5 -sV presto

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-11-23 10:34 EST
Interesting ports on Presto (192.168.1.22):
(The 1659 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE          VERSION
22/tcp    open  ssh              OpenSSH 4.2p1 Debian-7ubuntu3.1 (protocol 2.0)
111/tcp  open  rpcbind          2 (rpc #100000)
773/tcp  open  rpc
10000/tcp open  snet-sensor-mgmt?

Note the line for port 22, if you get something similar, this is not a firewall or port issue. If it doesn't respond, then it probably is.



All times are GMT -5. The time now is 10:55 AM.