SSH wont connet
Hey all, I am having a hard time figuring out why i cannot connect to my box from outside through SSH when logging through local host works perfectly.
When i check my iptables through iptables -L i have nothing at all however when i nmap my port 22 i get : 22/tcp filtered ssh This apparently means that this port is under some kind of firewall control... Any help about what i should do to be able to connect from outside would be greatly appreciated. Madi PS: Even after temporarily disabling iptables "chkconfig iptables off" i cannot connect and nmap still give the same output |
Is this host behind some kind of router/firewall? If so, do you have port forwarding for port 22 to the correct host your trying to connect to?
|
Quote:
No unfortunately i am not behind any firewall or router. That's what is making me go crazy... Any other suggestions ?? Thx, Madi |
Using chkconfig is only going keep services from starting after a reboot, so try using 'service iptables stop' or '/etc/init.d/iptables stop' instead
Also check that SSHd is running on the server Finally try running tcpdump to make sure that the sshd server is seeing the packets (tcpdump port 22). |
Capt_Caveman, Thx for the suggestions.
I have indeed stopped the iptables and made sure that they wont restart after i rebooted. On the other hand, i assume sshd is running on my machine since i can connect from local host. As for TCPDUMP, i am no expert in networking but i see a couple of messages coming fom the machine i tried to connect (xxx.xxx.xxx.xxx.ssh) from to my box and couple ou ack sent back. when i stop the tcpdump i get the following message, 36 packets captured 36 packets received by filter 0 packets dropped by kernel If i understand correctly, i am getting the ssh requests but they are still getting stopped by a firewall service ...is that correct ? Madi |
On the other hand, i assume sshd is running on my machine since i can connect from local host.
Sounds like it's running then, however make sure that it's listening on the correct IP address. Run 'netstat -pant" and you should see an entry for port 22. Make sure that the ip address for that entry is not 127.0.0.1. It will likely be 0.0.0.0 or :::: or whatever the machines IP should be. As for TCPDUMP, i am no expert in networking but i see a couple of messages coming fom the machine i tried to connect (xxx.xxx.xxx.xxx.ssh) from to my box and couple ou ack sent back. Could you post part of the output (make sure to change any public IPs). If i understand correctly, i am getting the ssh requests but they are still getting stopped by a firewall service ...is that correct ? Usually yes, however there are a number of things such as networking problems that can result in a 'filtered' nmap status. Also some ISPs filter certain ports at upstream routers, so you may want to try using traceroute and see if your packets are dying somewhere upstream (try comparing normal traceroute to traceroute on port 22). It could also be a problem with the firewall of the remote machine you are sshing from. |
All times are GMT -5. The time now is 02:38 AM. |