LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 12-03-2007, 10:00 AM   #1
expatCM
Member
 
Registered: Apr 2006
Location: Chiang Mai, Thailand
Distribution: Ubuntu 14.04 64 bit
Posts: 104

Rep: Reputation: 15
iptables - how to open port 22 (I guess)


I am feeling reasonably clueless about this one .... I am trying to connect to a new server using PuTTY and get SSH Connection Refused. I have been following the The Perfect Server for Gutsy tutorial on howtoforge. I am up to page 3 where it says "From now on you can use an SSH client and connect from your workstation".

Good if it works but for me it does not.

I have installed openssh-server on one machine. Fresh install of Gutsy server and nothing else on the machine.

I am using PuTTY to connect and I get the message Connection Refused.

If I use command line ssh user@host I get more or less the same thing
ssh: connect to host name port 22: Connection refused

Tried from another machine and the same message.

But I can ping the IP and the host name without issue.

So I was asking round and it has been suggested that I need to open port 22 on iptables. If that is the case I do not know how to. Or is there something else I should look at?

I have tried this command but it did not seem to have any effect -

iptables -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT

Any idea why I have got such a simple tutorial messed up .... ?
 
Old 12-03-2007, 10:22 AM   #2
complich8
Member
 
Registered: Oct 2007
Distribution: rhel, fedora, gentoo, ubuntu, freebsd
Posts: 104

Rep: Reputation: 15
"connection refused" means that either (a) the packet made it to the port, but nobody's listening (ie: sshd isn't running) or (b) you hit a "-j REJECT" rule before your accept rule.

So, your first step is to verify that sshd is indeed running on the target machine (eg: "ps -ef | grep sshd" on the target machine). If it's not, try running /etc/init.d/ssh start .

Your second step is to check your INPUT chain (ie: iptables -nvL INPUT ) or whatever it's traversing for REJECT rules. If it is, try inserting your SSH rule above that reject rule.
 
Old 12-03-2007, 10:37 PM   #3
expatCM
Member
 
Registered: Apr 2006
Location: Chiang Mai, Thailand
Distribution: Ubuntu 14.04 64 bit
Posts: 104

Original Poster
Rep: Reputation: 15
Thank you for your help ....

I started with

Code:
ps -ef | grep sshd
and this was returned

Code:
username 4149 4132 0 10:02 tty1 00:00:00 grep sshd
Then I tried

Code:
/etc/init.d/ssh start
and got

Code:
No file or directory
so I ran

Code:
apt-get install ssh openssh-server
and a couple of keys were installed


Then I restarted the server and went back and ran

Code:
ps -ef | grep sshd
This time the following was returned

Code:
root 		4104 	1 	0 	10:21	?	00:00:00	/usr/sbin/ssh
username	4176	4159	0	10:24	tty1	00:00:00	grep sshd
So I ran

Code:
/etc/init.d/ssh start
and got this message

Code:
Starting OpenBSD Secure Shell server sshd
Could not load host key:	/etc/ssh/ssh_host_rsa_key
Could not load host key:	/etc/ssh/ssh_host_dsa_key
I still get Connection Refused.
 
Old 12-03-2007, 10:46 PM   #4
expatCM
Member
 
Registered: Apr 2006
Location: Chiang Mai, Thailand
Distribution: Ubuntu 14.04 64 bit
Posts: 104

Original Poster
Rep: Reputation: 15
the second part of your comments ... iptables

from iptables -nvL INPUT I got

Code:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts  bytes  target   prof  opt in out  source  destination

Do I need to change this at all?
 
Old 12-04-2007, 01:57 AM   #5
expatCM
Member
 
Registered: Apr 2006
Location: Chiang Mai, Thailand
Distribution: Ubuntu 14.04 64 bit
Posts: 104

Original Poster
Rep: Reputation: 15
What I have just done is to reinstall the server since there was nothing there. Slight difference that instead of installing SSH server through the installer I skipped that and did it only through apt.

The only difference is that I do not get the error about the keys when starting up ssh but I still get connection refused.
 
Old 12-05-2007, 05:51 AM   #6
expatCM
Member
 
Registered: Apr 2006
Location: Chiang Mai, Thailand
Distribution: Ubuntu 14.04 64 bit
Posts: 104

Original Poster
Rep: Reputation: 15
I appear to have got this working.

If I ping hostname I get a response but it relates to opendns and not my local network

PING hostname (208.67.219.130) 56(84) bytes of data.
64 bytes from nxdomain.guide.opendns.com (208.67.219.130): icmp_seq=1 ttl=240 time=320 ms
64 bytes from nxdomain.guide.opendns.com (208.67.219.130): icmp_seq=3 ttl=240 time=321 ms
64 bytes from nxdomain.guide.opendns.com (208.67.219.130): icmp_seq=4 ttl=240 time=318 ms
64 bytes from nxdomain.guide.opendns.com (208.67.219.130): icmp_seq=5 ttl=240 time=318 ms

but if I ping the ip address

PING 192.168.1.125 (192.168.1.125) 56(84) bytes of data.
64 bytes from 192.168.16.70: icmp_seq=1 ttl=64 time=1.49 ms
64 bytes from 192.168.16.70: icmp_seq=2 ttl=64 time=0.094 ms
64 bytes from 192.168.16.70: icmp_seq=3 ttl=64 time=0.092 ms
64 bytes from 192.168.16.70: icmp_seq=4 ttl=64 time=0.093 ms
64 bytes from 192.168.16.70: icmp_seq=5 ttl=64 time=0.094 ms
64 bytes from 192.168.16.70: icmp_seq=6 ttl=64 time=0.080 ms

So if I then use putty ipaddress on the cli it will connect.

It looks like I need to work a bit further through the tutorial and edit the hosts file to make this problem go away .....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to open a port without using iptables msteiner Linux - Networking 5 11-28-2007 03:23 PM
How to Open a Port in IPtables Doug Vitale Linux - Networking 4 10-14-2007 10:14 PM
Iptables - Port Won't Open stascrash Linux - Security 11 11-09-2006 11:39 AM
iptables open port for Azureus Berticus Linux - Security 2 02-21-2006 04:32 PM
open port 10000 by iptables vijaysh Linux - Security 2 12-24-2004 01:55 PM


All times are GMT -5. The time now is 09:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration