[SOLVED] cannot ssh into my laptop, but can ssh to other machines from laptop
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
root@tacos:/etc/ssh# cat ssh_config
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# RhostsRSAAuthentication no
# RSAAuthentication yes
PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
Code:
root@tacos:/etc/ssh# cat sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
Distribution: Primarily Deb/Ubuntu, and some CentOS
Posts: 829
Original Poster
Rep:
Yes, it's running. I can ping from and to normally. All machines on same subnet. How do I check if port 22 is open?
Code:
erik@tacos:~$ systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2016-06-09 10:21:29 CDT; 3min 41s ago
Process: 1361 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Main PID: 1001 (sshd)
CGroup: /system.slice/ssh.service
└─1001 /usr/sbin/sshd -D
Jun 09 10:21:29 tacos systemd[1]: Starting OpenBSD Secure Shell server...
Jun 09 10:21:29 tacos sshd[1001]: Server listening on 0.0.0.0 port 22.
Jun 09 10:21:29 tacos sshd[1001]: Server listening on :: port 22.
Jun 09 10:21:29 tacos systemd[1]: Started OpenBSD Secure Shell server.
Jun 09 10:21:33 tacos systemd[1]: Reloading OpenBSD Secure Shell server.
Jun 09 10:21:33 tacos sshd[1001]: Received SIGHUP; restarting.
Jun 09 10:21:33 tacos systemd[1]: Reloaded OpenBSD Secure Shell server.
Jun 09 10:21:33 tacos sshd[1001]: Server listening on 0.0.0.0 port 22.
Jun 09 10:21:33 tacos sshd[1001]: Server listening on :: port 22.
Distribution: Primarily Deb/Ubuntu, and some CentOS
Posts: 829
Original Poster
Rep:
Quote:
Originally Posted by michaelk
Can you access ssh from the laptop itself?
Try using -vvv to see more information.
ssh -vvv username@IP_address
Yes i can ssh from my laptop to other machines normally.
Code:
erik@tacos:/etc/ssh$ ssh erik@mydesktop
erik@mydesktop's password:
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Jun 9 11:06:05 2016 from tacos.mydomain
erik@mydesktop:~$
Code:
erik@mydesktop:~$ ssh -vvv erik@192.168.1.4
OpenSSH_6.7p1 Debian-5+deb8u2, OpenSSL 1.0.1t 3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.4 [192.168.1.4] port 22.
debug1: connect to address 192.168.1.4 port 22: Connection timed out
ssh: connect to host 192.168.1.4 port 22: Connection timed out
I was asking if you could login to the ssh server from the laptop itself. It should work since the status indicates it started successfully. I would also guess it is a firewall issue.
I am unfamiliar with linux lite but it is based upon Ubuntu. Post the output of the command.
sudo ufw status verbose
Distribution: Primarily Deb/Ubuntu, and some CentOS
Posts: 829
Original Poster
Rep:
Quote:
Originally Posted by lazydog
Your firewall might be blocking you. Ensure that you allow port 22 through.
See the attachment.
I typed firewall in the menu search and found Firewall Configuration. That had a Incoming/Outgoing Allow/Deny settings. I changed from Deny to Allow on the Incoming side and now it works. I can ssh into my laptop. This is very different than what I'm used to. I haven't had to do this on my Debian or Centos machines. I feel like this OS is kinda Windows-y. Oh well...
I changed from Deny to Allow on the Incoming side and now it works.
Sure does. since you just opened every port running software. https://help.ubuntu.com/community/Gufw
says "Deny: The system will deny entry traffic to a port."
cannot ssh into my laptop, but can ssh to other machines from laptop
A firewall wich is blocking ssh port by default is not Windows-y for me. At least it seems quite dangerous to me to enable it without having a deep look into sshd config...
Your firewall was working correctly. It is supposed to block incoming traffic until you allow it. You should only be allowing the traffic you know of and want to allow through. As others have said you really need to look at your firewall and open only those ports which are needed.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.