ssh unable to connect remote pc

satimis · 02-18-2008, 05:36 AM

Hi folks,

Just played around ssh with following network setup.

Archlinux workstation
hostname - arch.satimis.com
LAN IP - 192.168.0.2

Ubuntu 7.04 server
hostname - mail.satimis.com
LAN IP - 192.168.0.10

Router
port 22-25 forwarded to 192.168.0.10

On Arch workstation
$ ssh mail.satimis.com (OR www.satimis.com)
after login Arch can ssh-connect Ubuntu

exited

But now;
$ ssh 192.168.0.10
can't connect Ubuntu. No response, just hanging on the screen.

$ ls /var/log/

Code:

Xorg.0.log      crond         everything.log    lastlog         syslog.log.2
Xorg.0.log.old  crond.1       everything.log.1  mail.log        user.log
acpid.log       crond.2       everything.log.2  messages.log    user.log.1
acpid.log.1     daemon.log    faillog           messages.log.1  user.log.2
acpid.log.2     daemon.log.1  gdm               messages.log.2  wtmp
auth.log        daemon.log.2  httpd             old
auth.log.1      errors.log    kernel.log        pacman.log
auth.log.2      errors.log.1  kernel.log.1      syslog.log
btmp            errors.log.2  kernel.log.2      syslog.log.1

Please advise which log file shall I check? How to fix the problem? TIA

Remark: port 22 forwarding removed

B.R.
satimis

billymayday · 02-18-2008, 05:48 AM

Try

find /var/log -type f | xargs grep ssh | less

to see where it's logging

satimis · 02-18-2008, 06:57 AM

Quote:

Originally Posted by billymayday

Try

find /var/log -type f | xargs grep ssh | less

to see where it's logging

On Arch

# find /var/log -type f | xargs grep ssh | less

Code:

/var/log/auth.log.1:Feb 16 04:50:39 arch sshd[7516]: pam_unix_session(sshd:session): session closed for user satimis
/var/log/auth.log.1:Feb 16 04:51:41 arch sshd[7533]: Accepted password for satimis from 192.168.0.10 port 57194 ssh2
/var/log/auth.log.1:Feb 16 04:51:41 arch sshd[7535]: pam_unix_session(sshd:session): session opened for user satimis by (uid=0)
/var/log/auth.log.1:Feb 16 04:51:41 arch sshd[7535]: pam_unix_session(sshd:session): session closed for user satimis
/var/log/auth.log.1:Feb 16 04:52:06 arch sshd[6843]: pam_unix_session(sshd:session): session closed for user satimis
/var/log/auth.log.1:Feb 16 04:52:20 arch sshd[7551]: Accepted password for satimis from 192.168.0.10 port 57195 ssh2
/var/log/auth.log.1:Feb 16 04:52:20 arch sshd[7553]: pam_unix_session(sshd:session): session opened for user satimis by (uid=0)
/var/log/auth.log.1:Feb 16 04:52:20 arch sshd[7553]: pam_unix_session(sshd:session): session closed for user satimis
/var/log/auth.log.1:Feb 16 04:54:42 arch sshd[7570]: Accepted password for satimis from 192.168.0.10 port 57196 ssh2
/var/log/auth.log.1:Feb 16 04:54:42 arch sshd[7572]: pam_unix_session(sshd:session): session opened for user satimis by (uid=0)
/var/log/auth.log.1:Feb 16 04:54:42 arch sshd[7572]: pam_unix_session(sshd:session): session closed for user satimis
/var/log/auth.log.1:Feb 16 04:55:11 arch sshd[7588]: Accepted password for satimis from 192.168.0.10 port 52805 ssh2
/var/log/auth.log.1:Feb 16 04:55:11 arch sshd[7590]: pam_unix_session(sshd:session): session opened for user satimis by (uid=0)
/var/log/auth.log.1:Feb 16 06:29:19 arch sshd[6800]: Received signal 15; terminating.
/var/log/auth.log.1:Feb 16 06:30:16 arch sshd[6806]: Server listening on 0.0.0.0 port 22.
/var/log/auth.log.1:Feb 16 06:32:18 arch sshd[6806]: Received signal 15; terminating.
/var/log/auth.log.1:Feb 17 05:46:01 arch sshd[6746]: Server listening on 0.0.0.0 port 22.
/var/log/auth.log.1:Feb 17 07:32:56 arch sshd[6746]: Received signal 15; terminating.
/var/log/auth.log.1:Feb 17 07:33:55 arch sshd[6776]: Server listening on 0.0.0.0 port 22.
/var/log/auth.log.1:Feb 17 07:35:28 arch sshd[6776]: Received signal 15; terminating.
/var/log/auth.log.1:Feb 17 07:36:23 arch sshd[6742]: Server listening on 0.0.0.0 port 22.
/var/log/auth.log.1:Feb 17 07:39:29 arch sshd[6742]: Received signal 15; terminating.
/var/log/auth.log.1:Feb 17 07:40:25 arch sshd[6735]: Server listening on 0.0.0.0 port 22.
/var/log/auth.log.1:Feb 17 07:43:58 arch sshd[6735]: Received signal 15; terminating.
/var/log/auth.log.1:Feb 17 07:44:53 arch sshd[6788]: Server listening on 0.0.0.0 port 22.
/var/log/auth.log.1:Feb 17 07:58:54 arch sshd[6788]: Received signal 15; terminating.
/var/log/auth.log.1:Feb 18 23:15:33 arch sshd[6776]: Server listening on 0.0.0.0 port 22.

jschiwal · 02-18-2008, 07:08 AM

Did you do something on Feb 17th? Signal 15 is SIGTERM, telling the sshd daemon to terminate.

A quick way to test if a remote computer is listening on port 22 is to run:

Code:

telnet hpmedia 22
Trying 192.168.1.105...
Connected to hpmedia.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.6

This can quickly tell you if the port is closed or the service isn't running.

satimis · 02-18-2008, 07:15 AM

Quote:

Originally Posted by jschiwal

Did you do something on Feb 17th? Signal 15 is SIGTERM, telling the sshd daemon to terminate.

A quick way to test if a remote computer is listening on port 22 is to run:

Code:

telnet hpmedia 22
Trying 192.168.1.105...
Connected to hpmedia.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.6

This can quickly tell you if the port is closed or the service isn't running.

The problem is on Archlinux.

This box has another HD running Ubuntu 7.10 workstation. Just tested it.

$ ssh 192.168.0.10
after login, ssh-connect the server w/o problem.

I'll test your advice later after reconnecting Arch HD.

B.R.
satimis

satimis · 02-18-2008, 08:03 AM

Quote:

Originally Posted by jschiwal

Did you do something on Feb 17th? Signal 15 is SIGTERM, telling the sshd daemon to terminate.

Sorry I can't recall. This Arch box is newly installed and the setup/config is not yet completed.

Quote:

A quick way to test if a remote computer is listening on port 22 is to run:

Code:

telnet hpmedia 22
Trying 192.168.1.105...
Connected to hpmedia.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.6

This can quickly tell you if the port is closed or the service isn't running.

$ telnet hpmedia 22
hpmedia: Unknown host

Edit:

Just discovered.

Archlinux can't ping 192.168.0.10 (server), 192.168.0.1 (router IP)

It can ping itself 192.168.0.2

B.R.
satimis

lsteacke · 02-18-2008, 08:51 AM

It now appears that the problem is no longer ssh, and really we need to establish connectivity throughout your network first. You can no longer ping the router or the Ubuntu server. Could you post the output of /sbin/ifconfig

Also please post the output from the failed ping. Does it timeout? Or destination unreachable.

Just to make sure, you did try to telnet your own server on port 22?

satimis · 02-18-2008, 09:38 AM

Quote:

Originally Posted by lsteacke

It now appears that the problem is no longer ssh, and really we need to establish connectivity throughout your network first. You can no longer ping the router or the Ubuntu server. Could you post the output of /sbin/ifconfig

$ ifconfig

Code:

eth0      Link encap:Ethernet  HWaddr 00:13:D4:FE:DA:87  
          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::213:d4ff:fefe:da87/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:914 errors:0 dropped:0 overruns:0 frame:0
          TX packets:678 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:509474 (497.5 Kb)  TX bytes:137800 (134.5 Kb)
          Interrupt:20 Base address:0xc000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:22 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1792 (1.7 Kb)  TX bytes:1792 (1.7 Kb)

Quote:

Also please post the output from the failed ping. Does it timeout? Or destination unreachable.

router ip

$ ping -c3 192.168.0.1 (router ip)

Code:

PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.

--- 192.168.0.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2007ms

$ ping -c3 192.168.0.10 (server)

Code:

PING 192.168.0.10 (192.168.0.10) 56(84) bytes of data.

--- 192.168.0.10 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2006ms

Quote:

Just to make sure, you did try to telnet your own server on port 22?

On Arch

$ telnet hpmedia 22
hpmedia: Unknown host

$ telnet localhost 22

Code:

Trying 127.0.0.1...Connect server
Connected to arch.satimis.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
quit
Protocol mismatch.
Connection closed by foreign host.

Thanks

B.R.
satimis

satimis · 02-18-2008, 10:26 AM

Hi folks,

Problem solved. It was iptables which rules I setup several hours ago blocking the traffic. I did not realize it.

After running;
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Archlinux can ping router_ip and server_ip. Server can ping Archlinux_ip.

To run "ssh mail.satimis.com" port 22 forwarding is still needed.

Thanks for your assistance.

B.R.
satimis

jschiwal · 02-19-2008, 12:15 AM

FYI, The telnet example I gave used a computer on my LAN. I assumed you would know to use the name of the server you were trying to connect to.

satimis · 02-19-2008, 02:45 AM

Quote:

Originally Posted by jschiwal

FYI, The telnet example I gave used a computer on my LAN. I assumed you would know to use the name of the server you were trying to connect to.

Noted with thanks

satimis

chrelad · 07-29-2009, 09:46 PM

Hi Everyone,

I found this post while looking for the same problem (feature). I had resolved this before on a previous installation of Arch Linux, but had to find it again. Although this post didn't answer the question for me, it got me looking in the right direction.

Like you, my auth log was getting spammed with signal 15's and verbose ssh attempts yielded nothing but "unable to connect." After following this thread, I had made sure that my network configuration was correct and that I could access my router and all other nodes on the network from my arch box.

However, the problem ended up being that the default hosts.deny has the following line in it:

Code:

ALL: ALL: DENY

That cleared it up for me. To get more information on the hosts.(allow|deny) files, man hosts.deny, man hosts.allow.

The quick fix to open everything up is to put the following into your hosts.allow (although I would recommend reading up on the man pages to tailer your hosts.* files appropriately):

Code:

ALL: ALL: ALLOW

Hope this helps others with the same problem

Chrelad