I've just purchased (or rented) a Linux VPS. It's running Ubuntu Server 12, and I'm having a big problem with it: I can't SSH into it at all. All my attempts time out.

There is an emergency console provided, through which I can create short-term terminal sessions and connect to those. From there, I can see that (A) the machine is up and running, and connected to the internet and (B) SSHD is listening, first on port 22 and after I changed it, on port 5315.

So I'm kind of stumped. Maybe it's a firewall issue? I don't really know enough to troubleshoot or comprehend this problem. I Googled it, and found information about 'ufw', but that isn't installed on my system. I ran 'iptables-save' and the rules, from what I can tell, seem to be accepting of anything from ports 51 to 4765.

I would really love some help on this. I've talked to support but haven't found much help and it's really driving me a bit mad.

Verify $HOME for the source user on source system and the target user on target system are only writable by the respective user (i.e. chmod 755 $HOME is OK but 775 or 777 are not)

Verify $HOME/.ssh those users only has permissions for the respective users (i.e. chmod 700 $HOME/.ssh is OK and nothing else should be.)

Verify the directory structure above $HOME is not wide open to the point it would allow others to override the subdirectories. (e.g. if / had mode 777 on it that would bad and not just for ssh).

what is the output of "ssh -vv user@IP"

The target's $HOME is rwxr-xr-x (I don't remember the octal translation, sorry). The source user's $HOME is drwxr-xr-x on my Linux box, an admin user on my Windows box, and a regular user on my Android device (I've tried connecting from each with the same result).

I ran 'chmod 700' on it just now, no change, unfortunately.

I have to admit, I'm not sure how to actually check permissions for /, since 'ls -la /' obviously shows a list of its subdirectories. I'm a bit of a novice, as you can tell. What command should I run?

It might be worth pointing out that I am also running Apache on this machine, and that HTTP requests to localhost work just fine while outside HTTP requests time out (and show no entries in the access or error logs for Apache). That's why I'm thinking it must be a network thing rather than an ssh config thing, but I'm not the expert.

OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug2: ssh_connect: needpriv 0
debug1: Connecting to <IP> [<IP>] port <port>.
debug1: conncet to address <IP> port <port>: Attempt to connect timed out without establishing a connection

Where the <port>/<IP> bits are me replacing the actual IP and port.

If you've nothing on that server then why not reinstall the OS from your VPS account or have their support do this for you. That way you're starting from a "clean" build.

Oh I have, a half-dozen times. It's always a problem, even if I switch from Ubuntu to Debian to CentOS. That's why I'm thinking it's a firewall config.

Ok, I'm assuming you've checked your local configuration to ensure you're allowing SSH outbound?

I have not. How would I go about doing that? I've read about iptables, if that's what you're talking about, but it's a bit daunting. Here's the output of iptables-save, if it helps.

http://i.imgur.com/Ly5RDql.png

To see the permissions on a directory rather than the contents use the "-d" flag. So "ls -ld /" would show you the permissions on "/". Note that my earlier suggestion was to check the entire directory path to $HOME so if the user's $HOME is /thisdir/thatdir/developers/home/user you would want to verify "/", "/thisdir", "/thisdir/thatdir", "/thisdir/thatdir/developers" and "/thisdir/thatdir/deveopers/home".

r = 4
w = 2
x = 1
So 4+2+1 = 7 or read/write/execute (rwx)
4+1 - read/execute (r-x) with no write.

You might want to use the "man" pages to get more detail. "man chmod", "man ls", "man ssh", etc... Also you can usually do "man -k <word>" to see if there is a man page related to a concept you want (e.g. "man -k mode"

Have you tried disabling iptables and testing?

The message you got on verbose output says it timed out on connecting which sounds like it couldn't even reach the target port.
On the target server console what happens if you run "lsof -i :<ssh port>" specifying the port it has defined for ssh? You should see a LISTENING item at a minimum.

What happens if you try running "telnet <target server> <ssh port> where you substitute the name of the server and the port ssh is listening on?

When you changed port on the target server did you remember to specify the port on the source server (e.g. ssh -p <target port> <target server>)?

iptables -L

you still have yet to post your ssh -vv user@IP_address results. also the permissions you mentioned above are WRONG for the ssh directory. read the links in my signature, they will help.

The OP posted these within 10 minutes of you asking for them, try reading post #4 of this thread.

1 members found this post helpful.

If your sshd is listening on port 22 and port 5315, but you firewall only accepts incoming on 51 through 4765, that seems clear enough. If you run iptables -L then you can post exactly what your iptables setup is, and we can tell you what needs tweaked.

Also, can you ping your server fine?

yup sorry, he did such a great job at using code flags that i didnt see the ssh -vv out of the code flags.