LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-21-2011, 05:26 PM   #1
dev21082
LQ Newbie
 
Registered: Jul 2010
Location: iit kharagpur , india
Posts: 13

Rep: Reputation: 0
ssh port 22 connection timed out


hii

i have two PCs A and B, both are connected via LAN

PC A Configuration is

IP Address 10.102.6.232
Broadcast Address 10.102.6.255
Subnet Mask 255.255.255.0
Default Route 10.102.6.2
Primary DNS 144.16.192.55

PC B Configuration is

IP Address 144.16.205.236
Broadcast Address 144.16.255.255
Subnet Mask 255.255.0.0
Default Route 144.16.204.1
Primary DNS 144.16.192.55

I am trying to connect B from A using command shh -X devendra@144.16.205.236, and facing error like ssh port 22 connection timed out.

help me out Plz .... thankyou
 
Old 03-21-2011, 05:35 PM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 650Reputation: 650Reputation: 650Reputation: 650Reputation: 650Reputation: 650
Sounds like there's a firewall between the two machines, if the sshd service wasn't running you should receive a "connect failed" message as opposed to a timeout. It's also possible that the target machine can't perform a reverse lookup on the source machines IP address but usually that would slow down the initial connection not prevent it completely.

Can you ssh into the server from another machine ok ?

cheers
 
1 members found this post helpful.
Old 03-21-2011, 07:25 PM   #3
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
These machines are on different LAN segments, apparently with at least one router between them. Also, your PC B is using what is a public IP range, but you mention it being a LAN. Are you sure that your configuration is valid? In other words is either a public facing machine and this address has been assigned to you (you can't just pick your own) or do you have it fully isolated?

Are you able to ping from one machine to the other? I would verify this before working on SSH. Then you can run nmap to verify that the appropriate port is open on the target end.
 
1 members found this post helpful.
Old 03-22-2011, 04:05 AM   #4
dev21082
LQ Newbie
 
Registered: Jul 2010
Location: iit kharagpur , india
Posts: 13

Original Poster
Rep: Reputation: 0
Thank you for reply

I am able to run "ping 144.16.205.236" output is like

64 bytes from 144.16.205.236: icmp_seq=1 ttl=60 time=0.560 ms
64 bytes from 144.16.205.236: icmp_seq=2 ttl=60 time=0.546 ms
64 bytes from 144.16.205.236: icmp_seq=3 ttl=60 time=0.556 ms

exactly i do not know how to use nmap to verify the appropriate port is open or not, but i tried this command


"sudo nmap -sU 127.0.0.1" where 127.0.0.1 is the host for both system
its giving

Interesting ports on localhost (127.0.0.1):
Not shown: 997 closed ports
PORT STATE SERVICE
137/udp open|filtered netbios-ns
138/udp open|filtered netbios-dgm
5353/udp open|filtered zeroconf
 
Old 03-22-2011, 04:53 AM   #5
linuxgurusa
Member
 
Registered: Mar 2008
Location: Namibia, Swakopmund
Distribution: Redhat, Fedora, Centos, ClearOS, Mandrake
Posts: 150

Rep: Reputation: 27
HI There DEV21082

OK, you need to understand what the guys are saying or asking:

Firstly, you have 2 different networks you are asking about.

Network 1 = 10.102.6.0/24
Network 2 = 144.16.0.0/16

You want to connect FROM network 1 TO Network 2 machine ? (From IP 10.102.6.232) TO IP (144.16.205.236)

Please do following command FROM machine 10.102.6.232

telnet 144.16.205.236 22

You must get a reply like

SSH-2.0-OpenSSH_5.4 or what ever version, does not matter what version.

If you get connection timed out or can't connect, please do following command FROM machine 10.102.6.232

traceroute -n 144.16.205.236 if Linux machine
tracert -d 144.16.205.236 if Windows machine

Give us answer please
 
1 members found this post helpful.
Old 03-22-2011, 08:59 AM   #6
dev21082
LQ Newbie
 
Registered: Jul 2010
Location: iit kharagpur , india
Posts: 13

Original Poster
Rep: Reputation: 0
hello sir, thank u for reply

the problem is same as you are saying. i tried the command "telnet 144.16.205.236 22" and result was like "telnet: Unable to connect to remote host: Network is unreachable".

after that i tried the command "traceroute -n 144.16.205.236" and got the result as "traceroute: icmp socket: Operation not permitted". what it's mean ?
 
Old 03-22-2011, 09:24 AM   #7
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
Quote:
"traceroute: icmp socket: Operation not permitted"
This sounds like a permissions problem. Did you try running this command with sudo?

Quote:
"telnet: Unable to connect to remote host: Network is unreachable".
You have a routing problem where traffic can't get from one host to the other. What is the physical organization of your LAN? In other words, can you describe the connection between these two machines? For example: host A <------> switch <-----> host B.

Last edited by Noway2; 03-22-2011 at 09:24 AM. Reason: fixed quote tag
 
1 members found this post helpful.
Old 03-22-2011, 02:41 PM   #8
dev21082
LQ Newbie
 
Registered: Jul 2010
Location: iit kharagpur , india
Posts: 13

Original Poster
Rep: Reputation: 0
thank u for reply

sorry i could not tried with sudo but when i am trying "sudo traceroute -n 144.16.205.236" it is coming like

traceroute to 144.16.205.236 (144.16.205.236), 64 hops max, 40 byte packets
1 10.102.6.2 0 ms 0 ms 0 ms
2 10.200.31.1 1 ms 0 ms 0 ms
3 10.200.8.1 1 ms 1 ms 0 ms
4 10.154.1.1 1 ms 1 ms 1 ms
5 144.16.205.236 1 ms !C 1 ms !C 1 ms !C

sir i am new user for ubuntu 9.10. i am not understanding by the means of "host A <------> switch <-----> host B."

Last edited by dev21082; 03-22-2011 at 02:45 PM.
 
Old 03-23-2011, 04:15 AM   #9
linuxgurusa
Member
 
Registered: Mar 2008
Location: Namibia, Swakopmund
Distribution: Redhat, Fedora, Centos, ClearOS, Mandrake
Posts: 150

Rep: Reputation: 27
Quote:
Originally Posted by dev21082 View Post
thank u for reply

sorry i could not tried with sudo but when i am trying "sudo traceroute -n 144.16.205.236" it is coming like

traceroute to 144.16.205.236 (144.16.205.236), 64 hops max, 40 byte packets
1 10.102.6.2 0 ms 0 ms 0 ms
2 10.200.31.1 1 ms 0 ms 0 ms
3 10.200.8.1 1 ms 1 ms 0 ms
4 10.154.1.1 1 ms 1 ms 1 ms
5 144.16.205.236 1 ms !C 1 ms !C 1 ms !C

sir i am new user for ubuntu 9.10. i am not understanding by the means of "host A <------> switch <-----> host B."
Thank you for the info buddy... OK, let's see now ..

It seems like the host you are connecting to (144.16.205.236) is actually on a WAN connection away from you. The "problem" now is, do you have access to firewall rules between you (10.102.6.232) and the HOSTB (144.16.205.236)??

There seems to be a route between you and HOSTB, but I can see there might be some ICMP filtering(firewall) as well.
Maybe if you have access to HOSTB (144.16.205.236), can you run command:

/sbin/iptables -L -n

Send us output please? Maybe there is no rule that will allow you access, or maybe there is a rule to allow your IP address (10.102.6.232) but you are actually connecting via NAT ip address (10.102.6.2) or something.

SO, please send us output of : /sbin/iptables -L -n on server 144.16.205.236 and we help from there !!
 
1 members found this post helpful.
Old 03-23-2011, 07:25 AM   #10
kingston
Member
 
Registered: Mar 2008
Location: Bengaluru, India
Distribution: RHEL 5.5, Solaris 5.10
Posts: 215
Blog Entries: 1

Rep: Reputation: 21
yeah. I faced the same kind of problem, and it was the external firewall which is blocking one of my network from communicating with another.
And also check the firewall,iptables configurations in both the (network) systems
 
1 members found this post helpful.
Old 03-23-2011, 12:44 PM   #11
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
My suspicion is that 10.102.6.2 is the ip address assigned to the OP and that they are using DSL or some other form of internet access where they are behind a private proxy net of the ISP. Chances are that port 22, and others, are deliberately blocked.
 
1 members found this post helpful.
Old 03-24-2011, 03:12 AM   #12
dev21082
LQ Newbie
 
Registered: Jul 2010
Location: iit kharagpur , india
Posts: 13

Original Poster
Rep: Reputation: 0
dear sir, thank u for help

I am the root user for both HOSTA (10.102.6.232) and HOSTB (144.16.205.236), but i don't know how to access firewall rules between them.

I tried command "/sbin/iptables -L -n" on HOSTB (144.16.205.236), it is coming like

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination



and i also tried the command "/sbin/iptables -L -n" on HOSTA (10.102.6.232), it is coming like

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Last edited by dev21082; 03-24-2011 at 03:18 AM.
 
Old 03-24-2011, 05:49 AM   #13
linuxgurusa
Member
 
Registered: Mar 2008
Location: Namibia, Swakopmund
Distribution: Redhat, Fedora, Centos, ClearOS, Mandrake
Posts: 150

Rep: Reputation: 27
Quote:
Originally Posted by dev21082 View Post
dear sir, thank u for help

I am the root user for both HOSTA (10.102.6.232) and HOSTB (144.16.205.236), but i don't know how to access firewall rules between them.

I tried command "/sbin/iptables -L -n" on HOSTB (144.16.205.236), it is coming like

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination



and i also tried the command "/sbin/iptables -L -n" on HOSTA (10.102.6.232), it is coming like

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Thank you for info, I can see there is no rule blocking it, but I suspect that you might have internal routing issues.

Please do following commands on each HOSTA and HOSTB and give feedback

From HOSTA(10.102.6.232): traceroute -n 144.16.205.236
From HOSTB(144.16.205.236): traceroute -n 10.102.6.232
 
1 members found this post helpful.
Old 03-24-2011, 08:40 AM   #14
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
I have another question I would like to add to this. Do you know what these IP addresses are?
Code:
10.200.31.1, 10.200.8.1, 10.154.1.1
They appeared between your two hosts last time you performed a traceroute. Given that the last octet is .1 on each of them, my guess is that they are routers. What are the subnet masks of your two hosts (10.102.6.2 and 144.16.205.236)? You might also try switching from port 22 to a random, higher numbered port like 8228 or something to rule out port 22 being blocked.
 
1 members found this post helpful.
Old 07-15-2013, 09:30 AM   #15
k.kshitij
LQ Newbie
 
Registered: Apr 2011
Posts: 3

Rep: Reputation: 0
Hi All,
I'm facing the same problem, I'm connected to a amazon server (via ssh) from my machine and want to transfer files from my machine (ip:192.168.0.100) to amazon server (ip:172.31.9.192).

I ran traceroute -n 192.168.0.100 on amazon server following are the results
1 ec2-50-112-0-180.us-west-2.compute.amazonaws.com (50.112.0.180) 0.539 ms 0.744 ms 0.722 ms
2 205.251.232.224 (205.251.232.224) 1.595 ms 1.820 ms 1.796 ms
3 205.251.232.206 (205.251.232.206) 1.573 ms 1.762 ms 1.736 ms
4 205.251.232.102 (205.251.232.102) 7.608 ms 205.251.232.100 (205.251.232.100) 7.321 ms 205.251.232.73 (205.251.232.73) 7.271 ms
5 205.251.225.21 (205.251.225.21) 7.264 ms 205.251.225.197 (205.251.225.197) 7.654 ms 205.251.225.161 (205.251.225.161) 7.089 ms
6 tuk-edge-14.inet.qwest.net (65.122.235.177) 7.788 ms !N 65-122-235-173.dia.static.qwest.net (65.122.235.173) 21.671 ms !N tuk-edge-13.inet.qwest.net (65.122.235.169) 7.642 ms !N

Then is ran traceroute -n 172.31.9.192 on my local machine and got the following message.




1 192.168.0.1 1.237 ms 1.525 ms 1.799 ms
2 203.187.209.1 55.601 ms 55.654 ms 57.704 ms
3 * * *
4 203.109.71.73 144.309 ms 157.189 ms 157.662 ms
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * *^C
I dont know what is the issue and why I'm not able to transfer the files to the amazon server when I'm getting connected to it.
Any help in this regards is appreciated.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh: connection to host port: 22: Connection timed out lost connection cucolin@ Linux - Server 4 11-22-2011 07:15 AM
ssh connection timed out johnquatrehuit Linux - Networking 2 08-20-2010 06:36 PM
ssh: connect to host XXXX port 22: Connection timed out jv2112 Linux - Newbie 3 07-04-2010 05:42 PM
ssh port 22: Connection timed out ( Unable to Copy file remotly ) bp_vanarse Linux - General 3 04-03-2010 08:53 PM
ssh: connect to host thyme1 port 22: Connection timed out - solved abstom Linux - Server 1 09-19-2009 06:33 AM


All times are GMT -5. The time now is 12:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration