LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-18-2014, 12:41 PM   #1
Ryanms3030
Member
 
Registered: Jan 2014
Distribution: Debian, Mint, CentOS, Ubuntu
Posts: 261

Rep: Reputation: Disabled
Help with SSH


Hello all,

I am trying to set up my first home linux server. I installed CentOS 6.5 but can't connect SSH...should be the simplest thing right?

I have openssh installed. I configured iptables and ssh config file per various tutortials I've read. I am only connected wifi with server and clients if that matters.

Whenever I try to connect ssh hostname from client I get port number timed out.

Like I say, I'm kind of lost because I've been troubleshooting for a day and seems like it should be simple. I have checked firewalls and tried disabling them, checked router settings etc. Do I need to set a static IP?
 
Old 01-18-2014, 01:18 PM   #2
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
did you set SELinux to permissive? DO NOT DISABLE SELinux, just set it to permissive, then reboot the server for the effect to take place.

also read the links in my sig.
 
Old 01-18-2014, 01:20 PM   #3
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,275

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
It seems simple, but did you check that sshd (the OpenSSH server) is running? Have you confirmed that the server and client machines otherwise have network connectivity? Can you ping from one to the other?
 
Old 01-18-2014, 03:58 PM   #4
WarTurkey
Member
 
Registered: Jun 2009
Location: Ambler, PA, United States
Distribution: Debian, Arch
Posts: 67

Rep: Reputation: 16
Are you able to ssh <user>@127.0.0.1? (essentially confirms that the server is running, as btmiller suggested)
 
Old 01-18-2014, 08:55 PM   #5
Ryanms3030
Member
 
Registered: Jan 2014
Distribution: Debian, Mint, CentOS, Ubuntu
Posts: 261

Original Poster
Rep: Reputation: Disabled
Thanks for all the suggestions. Here's where I'm at:

1. Yes, both machines have network connections. I can ping each machine from one another and get a reply
2. SSH is running and I have restarted SSH and iptables after each change
3. SELinux is enabled and running
4. ssh <user>@127.0.0.1 returns ssh: connect to host 127.0.0.1 port 22: Connection refused

Funny thing is that I did change the port number in the ssh config file and it was still saying port 22: Connection refused. I changed the port back to 22 in ssh config and iptables and restarted the services to see if that matters and I still get port 22 refused

Any other thoughts or more info I could provide? I thought getting ssh working was going to be the easiest task setting up the server haha
 
Old 01-18-2014, 09:03 PM   #6
Ryanms3030
Member
 
Registered: Jan 2014
Distribution: Debian, Mint, CentOS, Ubuntu
Posts: 261

Original Poster
Rep: Reputation: Disabled
now for my really stupid noob question. In my config files I just modified what was already existing. All of the lines started with #. Is the # in the config file necessary or does that mean I'm commenting out the lines?
 
Old 01-18-2014, 10:15 PM   #7
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mint, OpenBSD
Posts: 11,333
Blog Entries: 12

Rep: Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729
Number sign (octothorp) comments out lines. It's for notes and unused entries.

I use it when I change a config file; rather than delete the old line, I comment it out. Then, if my change doesn't work right, I have an easy way to go back and try again.
 
Old 01-19-2014, 12:01 AM   #8
Ryanms3030
Member
 
Registered: Jan 2014
Distribution: Debian, Mint, CentOS, Ubuntu
Posts: 261

Original Poster
Rep: Reputation: Disabled
OK. I uncommented all the lines in my configs that seemed imporant (per other tutorials). I didn't have a user config file in /.ssh so I created one based on this

http://wiki.linuxquestions.org/wiki/...SH_Config_file

On the system ssh_config I basically added my host name and port numbers and uncommented those lines. The files were auto created so I only changed the text for host and port and uncommented and didn't touch anything else

I can ping the server from my client

Do I need to have a static ip on the server? It's currently dhcp on the wifi. I tried ssh to the assigned ip of the server and it timed out:

$ ssh -p 2222 abc@196.100.2.2
ssh: connect to host 196.100.2.2 port 2222: Connection timed out

When I try to ssh the 127.0.0.1 port I get:

ssh: connect to host 127.0.0.1 port 22: Connection refused


Even though I changed all the ports to a different port not 22

I also keep reading about FQDN. Do I need that? My server hostname is just one word, no .whatever.com in it, does that matter?


Thanks for all the help. Also, can someone point me to a good guide on setting up a server with ssh and other basics from scratch? I feel like I need to get back to square one here
 
Old 01-19-2014, 01:16 AM   #9
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,403

Rep: Reputation: Disabled
You should put IP addresses in sshd_config, not hostnames. And you did mean sshd_config, not ssh_config, right? I don't know if using hostnames in sshd_config is supported at all, but even if it is, it's not really a good idea to use them. The ssh daemon will have to resolve them into IP addresses (you cannot bind to a hostname), which means name resolution must be working by the time the ssh daemon is started, which is by no means a certainty.

In short: forget about hostnames in sshd_config, use IP addresses instead.

The defaults for the ssh daemon is to bind to port 22 on all local IP addresses, so you don't really need to tell it which IP address it should listen on, unless you want to exclude some IP addresses on a system that has more than one. In other words, it's probably best to leave the "Port" and "ListenAddress" parameters commented out with #-signs.

As for troubleshooting: on the server itself, at least one of ssh localhost or ssh <IP_address_of_server> should always work. If you get a connection error, the daemon just isn't running.
 
Old 01-19-2014, 06:06 PM   #10
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
Quote:
Originally Posted by Ryanms3030 View Post
Thanks for all the suggestions. Here's where I'm at:

3. SELinux is enabled and running
again is it set to permissive?
 
Old 01-19-2014, 06:50 PM   #11
Ryanms3030
Member
 
Registered: Jan 2014
Distribution: Debian, Mint, CentOS, Ubuntu
Posts: 261

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by lleb View Post
again is it set to permissive?
I thought I did but I guess I didn't because I just figured out how to do that. (sorry I am figuring a lot out as I'm going along)

In my wisdom I decided I should just re-install my server from scratch since I modified a bunch of configs before I even tested SSH. Long story but I am using an Intel NUC for this "server" and I had no luck installing Centos on it unless I did the net install (at work) because I don't have easy access to a lan port to connect to at home. I tried installing Debian as my second option but I can't get the wifi recognized during install and thus can't install it. So I decided to just install Fedora 20 for now. I know that's not the best server option but it's easy to install on this hardware and this is a learning experience so I don't mind re-installing in a few months.

So now I am running a fresh install of Fedora. I installed openssh-server. I have not changed any config files. I did set selinux to permissive on the server and client. And I'm still getting connection to port 22 timed out.

Could this be a network issue? I have a cable modem at home connected to a Netgear wifi router. And everything is dhcp.
 
Old 01-19-2014, 08:46 PM   #12
andy78
Member
 
Registered: Oct 2005
Location: Stockholm, Sweden
Distribution: Ubuntu
Posts: 78

Rep: Reputation: 18
"And I'm still getting connection to port 22 timed out."

When you receive this error, what command d you run from your client when connecting to your server?
Paste the full command with ip username everything.
I let us have look.
 
Old 01-19-2014, 09:04 PM   #13
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 664

Rep: Reputation: 80
Well with the above saying it looks like you are struggling to much to setup things and didnt followed a good tutorial or followed a bunch of inappropriate one.

Server is not something you install every day for any small or big issue.

Here is what you can do to make ssh work:

1 remove and reinstall ssh
2 setup sshd_config to listen to teh default port
3 give your machine and network ip info in config file.
4 configure iptables to allow in and out connection to port 22
5 set selinux to permissive
6 start sshd service and if require reboot
 
1 members found this post helpful.
Old 01-19-2014, 09:40 PM   #14
tranphat
Member
 
Registered: Dec 2013
Posts: 57

Rep: Reputation: Disabled
You should perform 2 things to check what ssh actually does:

1. ssh -v IP_Address_Of_Server --> -v parameter will print out the debugging log. You can pick up the problematic ones.
2. Can you telnet to server on port 22? Please check this carefully. Please try within local and from remote client.

Please post your result after doing.
 
Old 01-19-2014, 10:07 PM   #15
Ryanms3030
Member
 
Registered: Jan 2014
Distribution: Debian, Mint, CentOS, Ubuntu
Posts: 261

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by tranphat View Post
You should perform 2 things to check what ssh actually does:

1. ssh -v IP_Address_Of_Server --> -v parameter will print out the debugging log. You can pick up the problematic ones.
2. Can you telnet to server on port 22? Please check this carefully. Please try within local and from remote client.

Please post your result after doing.
I'm getting the following from client and host

$ ssh -v 198.100.252.23
OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 51: Applying options for *
debug1: Connecting to 198.100.252.23 [198.100.252.23] port 22.

Last edited by Ryanms3030; 01-19-2014 at 10:11 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: SSH an ill-managed mess says SSH author Tatu Ylonen LXer Syndicated Linux News 0 04-12-2013 04:30 PM
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 03:50 AM
setting up an ssh soxy or local ssh tunnel from within an ssh soxy Mangenius Linux - Networking 0 03-05-2007 04:15 PM
Passwordless SSH with SSH commercial server and open ssh cereal83 Linux - General 7 04-18-2006 01:34 PM


All times are GMT -5. The time now is 05:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration