Im trying to use ssh
Ive set up my ssh server

I can login locally (chris@localhost)

But if i use putty from any machine the connection times out and if i do chris@192.168.62.54 in cygwin i get timed out too

All the other machines i tested it from are in the same LAN but if thats the problem i need to find a way around that because im going to use startx from cygwin to get a interface.

Could anyone suggest a solution please?

Using tcpdump could help you understand if there is a problem on your system, or a problem on your network. Just write down "tcpdump src (machine address)" to see if you`re getting any packets. Now if you do, there's probably a firewall problem. Just pulish iptables -L and we'll probably be able to help you. If it's not, then it seems more like a network problem. G'luck!

Welcome to LQ!

This sounds a bit like a firewall problem. Post the output of iptables -L -n or your firewall script and we can have a look. Also have a look in /etc/hosts.allow and /etc/hosts.deny as they could also be causing something like this.

Finally, make sure that sshd is listening on port 22. You should see it if you run netstat -pantu | grep sshd as root in a console.

I am a bit of a noob so i have no idea what a firewall script is
I did the iptables and my output is:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Thanks for the help

OK, one down, two to go. That iptables output means that you don't have a firewall in place. You'll want to learn how to address that in the near future, but for now it means that it isn't part of the problem.

Now if you could check on the hosts.allow/deny files and the netstat output.

Thank you very much it was the hosts.allow/.deny files i had

ALL:EXCEPT 127.0.0.1ENY

Now i have sorted that and can connect i have another issue when i connect it works fine but sometimes say every 2hour or so the hosts.deny file updates and the line

ALL:EXCEPT 127.0.0.1ENY

appears from no where

The hosts.allow file is unaltered what could be causing this?

Are you sure your ssh daemon is running?
I ssh my box @ home every day from a windows box @ work... ... just make sure the daemon is running.
When the daemon is not running, most of the time you get a "time out" error
when the firewall is kicking you out, you get a "connection refused" error

I'm not sure what distro you're using, but on My vector Linux, this is how I start it
or I think you should try that before you start messing with iptables...

Sometimes when I can't login to my machine with SSH when I have been able to before, I will usually just go to the machine itself, login, and then delete everything out of my ~/.ssh file, or its something like that, i havent checked for while, but its got the key id's in there. Not that this is a good way, it just seems to work when I need it too .

You never say what distro you're using, but it looks as if it is trying to forcibly keep the hosts.deny file intact as a means of securing the box. That's OK, because the hosts.allow file gives you a way to let stuff in. The basic idea is that hosts.deny keeps everything out EXCEPT for the rules in hosts.allow, so if you add a rule to hosts.allow that lets in an SSH connection, you should be good to go.

There is a nice example here on how to do this, but basically you need to add a line to hosts.allow like this:

sshd : ALL : ALLOW

That should allow all ssh connections to come through. Now, if you are going to be connecting from a limited number of IP addresses, rather than allowing ALL IP addresses, you could restrict it:

sshd : XXX.XXX.XXX.XXX : ALLOW


and just replace the XXX bit with the IP address you want to allow in. Allowing ALL in is certainly easier, but it does expose you to a greater security risk. Of course if you will always be accessing SSH from machines you own, you could do away with username/password authentication and go with key based authentication. There is a nice tutorial on how to do that here.

Thank you
Problem Sorted I did what you said about the hosts.* files

Oh somaybe problem not sorted
I turned my server on this morning tried to ssh back into it and connection refused?

Hosts.deny:
ALL:EXCEPT 127.0.0.1ENY

Hosts.allow
sshd:ALL EXCEPT 192.168.1.2:ALLOW

Is 192.168.1.2 your router? By including that IP in your hosts.allow file after an EXCEPT, you're preventing any connections from there, so if that is a critical part of your network, it might be the problem.

192.168.1.2
Thats only there because i forgot to remove it when i looked at the examples it is nothing on my network. (bit of a stupid mistake its gone now)

OK, If it is still not working I would do two things:

1) check that sshd is actually running
2) Look in your log files (/var/log/syslog and /var/log/messges) and the dmesg output and see if sshd is complaining or leaving any clues.
3) (OK, I lied about 2 thiings) Check your router and make sure that port 22 is being forwarded to the correct IP address. If you use DHCP to get an IP address, the server's IP may have changed and caused this problem.

I did
service sshd status
and got
sshd dead but subsys locked
so i did
service sshd start
and now it works
thanks again