ssh: connection to host port: 22: Connection timed out lost connection
 

We have 2 linux boxes on 2 different floors. I'm able to transfer files from Box A to Box B, but not from box B to box A. When I try to transfer files from B to A I get:

ssh: connect to host 10.0.0.1 port 22: Connection timed out lost connection

What might be the problem here?? I'm able to ping from both machines: A to B and B to A with no errors.

Thanks

Could be:
a) You're not running sshd on Box A.
b) You're running a firewall somewhere that is blocking inbound port 22 to Box A.

On Box A run:
lsof -i :22

You should see (among other things) a line like the following showing it is LISTENing for connections. If not you may need to start your sshd or at least verify /etc/xinetd.d has it started.
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 1781 root 3u IPv6 4892 TCP *:ssh (LISTEN)

If above is running you can try "telnet <box a> 22" to see if this times out as well. If so it would indicate something isn't allowing connections even though you're LISTENing for them.

Possible culprits:
iptables (or some other firewall software) on Box A. If iptables you can run "service iptables stop" then test it. If it works you know it was iptables. You'd then need to figure out a rule to allow port 22 from Box B OR leave iptables off. (You should make a rule. Command to restart iptables is "service iptables start". Turn it off just to see if it is the problem.)

SELinux on Box A. SELinux is a new NSA sponsored security sort of like a firewall on steroids and it is a huge pain for most people. Most people just disable it.

A physical switch/firewall between Box A and Box B that prevents port 22 traffic to Box A. For this you'd have to get a Network person involved if you're not the one who administers these. Typically between floors in buildings there are "VLANS" that do this kind of blocking.

jlighter, thanks a lot!! It seems that most of the greatest problems are caused by a stupid/simple mistake. I forgot I have installed firestarter firewall on box A and it was blocking port 22. Thanks a lot, I don't know why I didn't check for that first. Is firestarter configurable by the command line also? I had to go to box A and allow port 22 using the GUI.

Thanks

I haven't used Firestarter but I gather from other comments I've seen that it is just a GUI front end for iptables. Since you can configure iptables from command line the answer would be yes.

"iptables -L" will list your current rules from command line.

In UNIX/Linux almost everything can be done from the command line even if it is sometimes easier to do from GUI. (Some GUI utilities even have logging modes that will show you the command line they're running behind the scenes.) This is mainly to allow for scripting tasks. I've been doing UNIX for so long it often doesn't even occur to me to look for a GUI solution even on the systems where I have KDE or Gnome running.

I've got this problem too. Ping works, but no connections can be made.

I double-checked, then ran it with the -d switch to observe the output. Nothing happens when I try to connect from a remote machine. I can ssh from localhost, however!

My network topology is such that box A and box B are separated only by a wireless router, where the iptables rules are set to allow all within the LAN:
Shows nothing (unless I'm locally connected to an SSH session; however, shows tcp and tcp6 LISTENing status for the local IP of box A:
It does.

No firewall running on box A - iptables yes this was it - see http://serverfault.com/questions/197...ion-timed-out:
Strangely, iptables was not recognized by the services command.

Nope, Ubuntu 11.10. For the record, this (among other things) worked perfectly alright before the upgrade to Oneiric.

There's a router running dd-wrt in between (as I said, set not to block anything), but with syslogd not logging anything when I try to connect, how can I investigate this further?