Here's the message I get when I try to connect to my comp through my external ip....

ssh_exchange_identification: Connection closed by remote host

Here's my iptables:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 192.168.0.1 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT

This is what nmap tells me:
(The 99 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh

Is there anything else I may not be setting that's causing this? Thanks.

-Keerthan

You could try 2 things,

first, SSH to your comp from the same comp, and see what happens.

second, I can see that only SYN is allowed to the SSH port, doesn't ACK need to be allowed as well ? or if you don't want to be so granular, just open the port without checking TCP flags.

just a thought.

I tried connecting to my comp. earlier...that was the error I put up....everything works on LAN i have here....just not working through the external IP....I took off the tcp flags as you said, but still a no-go when I tried connecting.

About the flags, I understand that the TCP packet can contain SYN packets, ACK packets, A FIN packets, and RST packets...client sends SYN packet....my comp is supposed to send an ACK packet for acknowledgement...and then A FIN packets are sent from both sides(or maybe just one?) to finalize communication...and the RST packet is sent from mine to the client if they are rejected...Am I understanding this correct? Please correct me if I'm out there on this. Thanks.

what I meant is that you could try connecting locally "ssh user@localhost" and see what happens.

As for the TCP, it's: client->SYN, server->SYN/ACK, and client then -> ACK. FIN is to close the session by either the client and server.

I'm assuming you mean try to connect on my local network....everything locally works....Any comp on the LAN can ssh to my comp.....its just trying to get it to work with the external ip. Gives some sort of a timed out error I think......Anything else that could be causing this? Thanks again.

-Keerthan

I found the following by googling.

http://www.snailbook.com/faq/libwrap-oops.auto.html

You can find others out there too, but here are a few suggestion I'd try as well.

*** before modifying any of the following files, make sure you create a backup of it. I'd also log your steps to ensure that you can backtrack.

I'd try the following:

Since you're using RH-Lokkit I'm assuming your firewall is the RedHat firewall: "System Settings"-->"Security Level" and make sure that the SSH option is available. You could also reduce the firewall setting temporarily to see if it works ( assuming that it's prudent for the data on your system ).

Use the -v option for verbose mode to help debug the problem ( e.g. ssh -v hostname )

Verify that your /etc/hosts.allow and /etc/hosts.deny are not causing the problem.

If you're using keys, revert to using a good ole login/password until you get the problem resolved.

It's never a bad idea to ensure that it isn't a DNS issue by placing an entry for the client system in the host's /etc/hosts file.

Thanks a bunch pjcp64....did a -v ....it connected but then dropped the connection after checking some identity files...so i checked the hosts.deny file and that was the problem. It works fine now!

I was wondering what commands I could use to drop all of the users connected....or manage them somehow....

Could you elaborate a little on what you mean by dropping and managing?

For instance, do you want only specific users to be able to SSH into your box, or only specific IP Addresses? Or both?

As far as dropping the users, you can kill their jobs:

ps -ef | grep ssh
and for each of the PIDs you want to kill do a
kill <PID>