can ping but not ssh
 

HI, I have two computers in the same internal network,
say A and B. I can ssh from A to B, but B can not
ssh to A. Ping command works very well. openssh was
installed on both computers. what are the other possible
reasons? another hint is A can ssh to itself which
means its ssh server is open as i think.

thanks

Have you got a firewall running? Are you using port 22 for sshd on the failing machine?
Could you post the error messages you get?

there is a firewall, but both of these two computers
are on the same side of the firewall. It is a good
proof that A can SSH to B because A and B are two
computers in the totally equal status. There should
not be any reasons why A to B can and B to A cannot.

I use the default port but there is no error message
for example, I execute command: ssh computer-A, there
is no response at all, it did not say the port is
not open or the IP is not reachable.

Probably the port 22 on A is not open and if it is then there should be an error message or there is an internal problem with your addresses. what distro are you running?

ok, I will check the port.
A is Suse10, B is FC5.

If you type telnet <ip addr> 22 on both the machines, you should clearly see the header of the running SSHd, example:

shawr:/home/dave# telnet localhost 22
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3p2 Debian-5.1

Sounds like the SSH daemon is not running on machine A. You can also check this by typing ps aux | grep sshd. You should get something like:

root 2174 0.0 0.9 4928 1112 ? Ss Nov17 0:03 /usr/sbin/sshd

If you don't see a line similiar to this then I suggest you reinstall SSHd. Remember that your system can quite happily have ssh on it allowing you to open SSH connections and not have SSHd running.

Also if by some crazyness you have configured the sshd_config to run SSHd on a different port, you can use the lovely nmap tool to find out what port it is on.

nmap -T5 -sV localhost should do if you have nmap installed.

OR you can even type cat /etc/ssh/sshd_config | grep Port to find out what port your sshd is running on! Hope that helps lol :)

I run the command
a-pc$ telnet localhost 22

it shows something like to SSH-2.0-OpenSSH_4.3p2 Debian-5.1, but if I run the command on B
b-pc$ telnet a-pc-IP 22, the response is
Trying 138.37.90.53...

and wait...

On computer, A can ssh to itself. Does this mean
the port is not a problem?

is it possible that pc-a has a local firewall setting?
pc-a is installed all by default (because we are newbie).
as I said in the last post, pc-b can ping to pc-a. and
pc-a can ssh to pc-a itself. we have another computer
pc-c in the same local network. pc-c and pc-b can communicate
to each other by ssh, but pc-a is not accessible by ssh to
both pc-b and pc-c. so I guess the problem is still the
setting of pc-a, not the department firewall.

To clear up the questions about firewalls, or port 22 not open, run nmap from either the B machine or the C machine. I have used this technique to verify open ports. Here is a sample on my network. i use SSH on port 22.

Note the line for port 22, if you get something similar, this is not a firewall or port issue. If it doesn't respond, then it probably is.

Spot on, thank you Cliff, couldn't have put it better myself! ;)

Does that answer your question yumener?

I run these command on B and the resuts are shown here.

$nmap -T5 -sV pc-a

Starting Nmap 4.20RC1 ( http://insecure.org ) at 2006-11-23 19:04 GMT
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0Nmap finished: 1 IP address (0 hosts up) scanned in 0.760 seconds

$nmap -T5 -sV -P0 pc-a
Starting Nmap 4.20RC1 ( http://insecure.org ) at 2006-11-23 19:06 GMT
Interesting ports on a-pc :
Not shown: 1689 filtered ports
PORT STATE SERVICE VERSION
113/tcp closed auth

Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 23.719 seconds


so seems that ssh port is not open? but how can I solve it?