LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-09-2016, 10:54 AM   #1
erik2282
Member
 
Registered: May 2011
Location: TX
Distribution: Debian, CentOS
Posts: 577

Rep: Reputation: 158Reputation: 158
cannot ssh into my laptop, but can ssh to other machines from laptop


Linux lite 3.0 on Samsung R480 Laptop

I can ssh into other machines from my laptop normally. But If I try to ssh from any machine into my laptop it hangs, doesn't even try to authenticate.

openssh-client and openssh-server are both installed


Code:
root@tacos:/etc/ssh# ls
moduli            ssh_host_dsa_key.pub    ssh_host_ed25519_key.pub
ssh_config        ssh_host_ecdsa_key      ssh_host_rsa_key
sshd_config       ssh_host_ecdsa_key.pub  ssh_host_rsa_key.pub
ssh_host_dsa_key  ssh_host_ed25519_key    ssh_import_id
Code:
root@tacos:/etc/ssh# cat ssh_config 

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
    PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no
Code:
root@tacos:/etc/ssh# cat sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile	%h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
 
Old 06-09-2016, 11:14 AM   #2
dab1414
Member
 
Registered: May 2011
Location: OK, USA
Distribution: Slackware 14.1_64
Posts: 70

Rep: Reputation: 49
Is your ssh server running?
Can you ping your laptop?
Is port 22 open?
 
1 members found this post helpful.
Old 06-09-2016, 11:29 AM   #3
erik2282
Member
 
Registered: May 2011
Location: TX
Distribution: Debian, CentOS
Posts: 577

Original Poster
Rep: Reputation: 158Reputation: 158
Yes, it's running. I can ping from and to normally. All machines on same subnet. How do I check if port 22 is open?
Code:
erik@tacos:~$ systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2016-06-09 10:21:29 CDT; 3min 41s ago
  Process: 1361 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
 Main PID: 1001 (sshd)
   CGroup: /system.slice/ssh.service
           └─1001 /usr/sbin/sshd -D

Jun 09 10:21:29 tacos systemd[1]: Starting OpenBSD Secure Shell server...
Jun 09 10:21:29 tacos sshd[1001]: Server listening on 0.0.0.0 port 22.
Jun 09 10:21:29 tacos sshd[1001]: Server listening on :: port 22.
Jun 09 10:21:29 tacos systemd[1]: Started OpenBSD Secure Shell server.
Jun 09 10:21:33 tacos systemd[1]: Reloading OpenBSD Secure Shell server.
Jun 09 10:21:33 tacos sshd[1001]: Received SIGHUP; restarting.
Jun 09 10:21:33 tacos systemd[1]: Reloaded OpenBSD Secure Shell server.
Jun 09 10:21:33 tacos sshd[1001]: Server listening on 0.0.0.0 port 22.
Jun 09 10:21:33 tacos sshd[1001]: Server listening on :: port 22.
 
Old 06-09-2016, 11:39 AM   #4
lazydog
Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 776
Blog Entries: 1

Rep: Reputation: 122Reputation: 122
Code:
telnet <host name or ip> 22
Example

Code:
 telnet laptop 22
 or
 telnet 192.168.1.2 22
You should get a response back something like;
Code:
$ telnet 10.5.32.50 22
Trying 10.5.32.50...
Connected to 10.5.32.50.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.6.1

Last edited by lazydog; 06-09-2016 at 11:40 AM.
 
1 members found this post helpful.
Old 06-09-2016, 12:03 PM   #5
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,929

Rep: Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520
Can you access ssh from the laptop itself?

Try using -vvv to see more information.

ssh -vvv username@IP_address
 
1 members found this post helpful.
Old 06-09-2016, 12:12 PM   #6
erik2282
Member
 
Registered: May 2011
Location: TX
Distribution: Debian, CentOS
Posts: 577

Original Poster
Rep: Reputation: 158Reputation: 158
I guess its not open?? How do I open it? I'll google it.

From desktop to laptop
Code:
erik@mydesktop:~$ telnet 192.168.1.4 22
Trying 192.168.1.4...
telnet: Unable to connect to remote host: Connection timed out
From laptop to desktop
Code:
erik@tacos:~$ telnet 192.168.1.78 22
Trying 192.168.1.78...
Connected to 192.168.1.78.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2
 
Old 06-09-2016, 12:20 PM   #7
erik2282
Member
 
Registered: May 2011
Location: TX
Distribution: Debian, CentOS
Posts: 577

Original Poster
Rep: Reputation: 158Reputation: 158
Quote:
Originally Posted by michaelk View Post
Can you access ssh from the laptop itself?

Try using -vvv to see more information.

ssh -vvv username@IP_address
Yes i can ssh from my laptop to other machines normally.

Code:
erik@tacos:/etc/ssh$ ssh erik@mydesktop
erik@mydesktop's password: 

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Jun  9 11:06:05 2016 from tacos.mydomain
erik@mydesktop:~$
Code:
erik@mydesktop:~$ ssh -vvv erik@192.168.1.4
OpenSSH_6.7p1 Debian-5+deb8u2, OpenSSL 1.0.1t  3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.4 [192.168.1.4] port 22.
debug1: connect to address 192.168.1.4 port 22: Connection timed out
ssh: connect to host 192.168.1.4 port 22: Connection timed out

Last edited by erik2282; 06-09-2016 at 12:22 PM.
 
Old 06-09-2016, 12:26 PM   #8
lazydog
Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 776
Blog Entries: 1

Rep: Reputation: 122Reputation: 122
Your firewall might be blocking you. Ensure that you allow port 22 through.
 
1 members found this post helpful.
Old 06-09-2016, 12:30 PM   #9
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,929

Rep: Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520
I was asking if you could login to the ssh server from the laptop itself. It should work since the status indicates it started successfully. I would also guess it is a firewall issue.

I am unfamiliar with linux lite but it is based upon Ubuntu. Post the output of the command.
sudo ufw status verbose
 
1 members found this post helpful.
Old 06-09-2016, 12:49 PM   #10
erik2282
Member
 
Registered: May 2011
Location: TX
Distribution: Debian, CentOS
Posts: 577

Original Poster
Rep: Reputation: 158Reputation: 158
Quote:
Originally Posted by lazydog View Post
Your firewall might be blocking you. Ensure that you allow port 22 through.
See the attachment.

I typed firewall in the menu search and found Firewall Configuration. That had a Incoming/Outgoing Allow/Deny settings. I changed from Deny to Allow on the Incoming side and now it works. I can ssh into my laptop. This is very different than what I'm used to. I haven't had to do this on my Debian or Centos machines. I feel like this OS is kinda Windows-y. Oh well...

Thanks All of you guys for your help.
Attached Thumbnails
Click image for larger version

Name:	Screenshot_2016-06-09_11-48-44.png
Views:	8
Size:	124.3 KB
ID:	22062  
 
Old 06-09-2016, 01:29 PM   #11
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,158
Blog Entries: 10

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Quote:
Originally Posted by erik2282 View Post
I changed from Deny to Allow on the Incoming side and now it works.
Sure does. since you just opened every port running software.
https://help.ubuntu.com/community/Gufw
says "Deny: The system will deny entry traffic to a port."

Open the port you need not all of them.
 
1 members found this post helpful.
Old 06-09-2016, 01:51 PM   #12
Tonus
Member
 
Registered: Jan 2007
Location: Paris, France
Distribution: Slackware-current with grub2
Posts: 385
Blog Entries: 3

Rep: Reputation: 97
cannot ssh into my laptop, but can ssh to other machines from laptop

A firewall wich is blocking ssh port by default is not Windows-y for me. At least it seems quite dangerous to me to enable it without having a deep look into sshd config...

Anyway, you could mark the thread as solved.
 
1 members found this post helpful.
Old 06-09-2016, 01:56 PM   #13
beachboy2
Senior Member
 
Registered: Jan 2007
Location: Wild West Wales, UK
Distribution: Ubuntu MATE, Mint MATE & antiX MX-15
Posts: 1,664
Blog Entries: 5

Rep: Reputation: 562Reputation: 562Reputation: 562Reputation: 562Reputation: 562Reputation: 562
erik2282,

Selectively open a single port (in this case #22), NOT all of them:

https://help.ubuntu.com/lts/serverguide/firewall.html
 
1 members found this post helpful.
Old 06-09-2016, 02:25 PM   #14
lazydog
Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 776
Blog Entries: 1

Rep: Reputation: 122Reputation: 122
Your firewall was working correctly. It is supposed to block incoming traffic until you allow it. You should only be allowing the traffic you know of and want to allow through. As others have said you really need to look at your firewall and open only those ports which are needed.
 
1 members found this post helpful.
Old 06-09-2016, 02:34 PM   #15
erik2282
Member
 
Registered: May 2011
Location: TX
Distribution: Debian, CentOS
Posts: 577

Original Poster
Rep: Reputation: 158Reputation: 158
Oh how awesome of me. Thanks for pointing that out guys. I set it back to Deny and ran:

Code:
$ sudo ufw enable

$ sudo ufw allow 22
Thanks guys. This time its really solved.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't access SSH server when it's on a wireless laptop. RaisedByWolves Linux - Networking 21 04-20-2013 01:51 AM
Using aliases from laptop on a sever connected by ssh skania Linux - Server 1 01-11-2013 06:02 PM
[SOLVED] cant ssh into laptop schneidz Linux - Networking 5 08-17-2009 11:42 PM
Automatic SSH tunnel for laptop ming0 Linux - Networking 1 02-26-2005 01:00 AM
Cannot ssh into my laptop kayhan Linux - Newbie 7 10-15-2002 09:24 PM


All times are GMT -5. The time now is 10:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration