LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-30-2014, 12:19 AM   #1
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Rep: Reputation: 106Reputation: 106
Difficulty connecting with ssh: Connection refused


I have a ssh server that has worked fine for awhile. Today I decided to mess with the settings and now I have a weird error.

I cannot log into it from my computer with port 22.

If I restart the server sshd service under port 23, it works fine.
If I start a new sshd service using a new port I can login fine from my computer --> /usr/sbin/sshd -dp 23000
If I login to another computer (My rpi) and then login to the server under port 22 it works fine.
This is all within LAN

But if I try to login to the server on my computer under port 22 it gives me this error:
ssh: connect to host 192.168.1.89 port 22: Connection refused

EDIT:

I restarted the sshd instance to start on port 23, permitting me to access it again. I then ran a new instance of sshd on port 22 with debug mode on.
Despite getting continued connection refusals, nothing is showing up on the debug.
it's almost like my computer is not even trying to connect to this one sshd server on a single port

Remote sshd_config Local ssh_config

EDIT2:
For future reference, it turns out fail2ban caused the refusal. See my last post.

Last edited by Miati; 12-30-2014 at 09:01 AM.
 
Old 12-30-2014, 02:54 AM   #2
rhoekstra
Member
 
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 372

Rep: Reputation: 42
You could try to do (for troubleshooting purposes) to connect from your computer using telnet, it merely confirms tcp connection and will show an SSH connect handshake.
Code:
telnet <host> 22
Next you're remaining quite vague on what you have messed with.. can you please elaborate?
 
Old 12-30-2014, 05:02 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530
Most important part simply missing:
Quote:
Originally Posted by Miati View Post
Today I decided to mess with the settings and now I have a weird error.
Exactly which settings did you decide to mess with and what about (temporarily) restoring them to previous values to test if that fixes things?..
 
Old 12-30-2014, 08:11 AM   #4
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Original Poster
Rep: Reputation: 106Reputation: 106
telnet fails as well
Code:
telnet 192.168.1.89 22
Trying 192.168.1.89...
telnet: Unable to connect to remote host: Connection refused
After restarting sshd in port 23
Code:
telnet 192.168.1.89 23
Trying 192.168.1.89...
Connected to 192.168.1.89.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
Indicating connection made

Unfortunately, I'm vague because I'm not sure when it started. I use shared connections (something that occurred to me last night) and in a shared connection, you don't need to open a new connection very often, so despite restarting the server & "testing it", I'm not sure if it would of noticed. Some things I did:
  • I generated a new set of host keys using a pass to open, ssh-add to add identity.
  • I purged authorized & known hosts (password auth is permitted in LAN)
  • Commented out HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key in sshd_config (reverted that)
What I did that prevents me from connecting to a single ip address on a single port... I don't know.
I've been trying to restore the values, but since it had been connecting, I figured no issue. I wasn't until after I restored the computer after a suspension did I notice issues (connection died). I've disabled that for now.


Edit:

Ok, just for fun, I restored sshd to start in port 22, copied my public key over so I could connect via external ip. Guess what? It works fine & I can login. No go with lan however
Code:
telnet 12.345.67.891 22
Trying 12.345.67.891...
Connected to 12.345.67.891
Escape character is '^]'.
SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
I think this is the first time someone is having more trouble connecting from a local ip then a external ip

Last edited by Miati; 12-30-2014 at 08:46 AM.
 
Old 12-30-2014, 08:18 AM   #5
rhoekstra
Member
 
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 372

Rep: Reputation: 42
you can verify the ssh daemon is running by using 'netstat -tnlp|grep :22' ?

Can you post all active config lines from sshd_config?
 
Old 12-30-2014, 08:42 AM   #6
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Original Poster
Rep: Reputation: 106Reputation: 106
Quote:
Originally Posted by rhoekstra View Post
you can verify the ssh daemon is running by using 'netstat -tnlp|grep :22' ?

Can you post all active config lines from sshd_config?
Code:
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      32039/sshd      
tcp6       0      0 :::22                   :::*                    LISTEN      32039/sshd
All lines are posted in a pastebin in my first link. Also here -> link
 
Old 12-30-2014, 08:55 AM   #7
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Original Poster
Rep: Reputation: 106Reputation: 106
I had a epiphany & figured it out
Turns out it had nothing to do with my sshd settings.

For some reason or another, my fail2ban service decided my local ip was bad & banned me, logs confirmed this occuring pretty much at exactly the same time I started having issue. Probably during the period of trying to connect to it with keys not in sync or something.
Why on earth I could "get around it" so much lies directly with fail2ban I suppose.
Unfortunately, this potentially got compounded by a shared connection (delaying my notice of it) and the fact I was changing a lot of other settings after "verifying" the connection worked.

Lessons learned:
Ensure a new connection is actually made each time when testing
When regenerating keys, make sure everything is correctly set to avoid flags from being raised!

Thank you everyone for helping. This one really had me stumped.

Last edited by Miati; 12-30-2014 at 09:02 AM.
 
Old 12-30-2014, 09:22 AM   #8
rhoekstra
Member
 
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 372

Rep: Reputation: 42
Glad you got it sorted. my next question would indeed be to check the firewall ... where you would probably have found it as well ...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] difficulty connecting to internet via terminal onus Linux - Newbie 8 04-26-2013 04:51 PM
Difficulty connecting Suse to Broadband ruebensglen Linux - Newbie 4 10-30-2008 01:57 PM
Difficulty connecting to https debeus Linux - Networking 1 06-16-2007 08:04 PM
Difficulty connecting Ubuntu to XP via ethernet hacker supreme Linux - Networking 4 11-01-2006 08:18 AM
Difficulty connecting to Netgear Router srj55 Linux - Wireless Networking 0 07-03-2004 02:39 PM


All times are GMT -5. The time now is 08:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration