[SOLVED] Ssh connection problem

cajunchief · 12-03-2015, 07:26 PM

To ALL:
To All:
I have a comcast router hard wired to a buffalo router connected to a ethernet switch with two cpu's on it. The routers are ALL SET UP AND WORKING!!!

I recently got my ssh working between both computers. YES IT DID WORK!

Then I decided to try and implement the password-less option. So I did an ssh-keygen
I then modified my /etc/ssh/sshd_config files to ensure this option works. And I did it on both cpu's.
Then I tried to do an ssh from cpuA to cpuB and from cpuB to cpuA this is what I am getting:
No I HAVE NOT CHANGED MY FIREWALL

On cpuA to cpuB

"ssh: connect to host 175.x.x.2 port 2222: No Route to Host"

On cpuB to cpuA

"ssh: connect to host 175.x.x.1 port 2222: Connection refused"

Questions
1: what other info do you need?
2: WTFO is going on if you can tell?

Thanks mates

cajunchief

berndbausch · 12-03-2015, 08:00 PM

no route to host: Sender doesn't know how to get to the host (routing table) or receiver doesn't reply, e.g. firewall dropping the packet or receiver switched off.
connection refused: Packet arrives at receiver but is rejcted by firewall or because nobody is listening.

What you can do (in no particular order):
Go back to the old config
Using netstat or ss, check if there is a listener on port 2222
Check routing tables
Run sshd with debug option
Run ssh client with debug option
Trace packets with tcpdump

cajunchief · 12-07-2015, 09:29 AM

berndbausch,

I ran a netstat -a and got the following result:

Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:49709 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 192.168.122.1:domain *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 cajunchieflgt:53855 yv-in-f189.1e100.net:https ESTABLISHED
tcp 1 0 cajunchieflgt:49235 a184-26-136-139.deploy:http CLOSE_WAIT
tcp 0 0 *:55022 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 ::1:ipp *:* LISTEN
udp 0 0 *:dhcp-failover *:*
udp 0 0 localhost:659 *:*
udp 0 0 *:48030 *:*
udp 0 0 *:945 *:*
udp 0 0 192.168.122.1:domain *:*
udp 0 0 *:bootps *:*
udp 0 0 *:bootpc *:*
udp 0 0 *:dhcp-failover2 *:*
udp 0 0 *:40549 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 cajunchieflgt:ntp *:*
udp 0 0 192.168.122.1:ntp *:*
udp 0 0 localhost:ntp *:*
udp 0 0 *:ntp *:*
udp 0 0 *:49286 *:*
udp 0 0 *:945 *:*
udp 0 0 *:57196 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 fe80::9eb6:54ff:fef5:760:ntp *:*
udp 0 0 ::1:ntp *:*
udp 0 0 *:ntp *:*
Active UNIX domain sockets (servers and established)

The port number I have in the /etc/ssh/sshd_config is not shown as being listened on???

cajunchief

berndbausch · 12-07-2015, 09:42 AM

That would explain connection refused, so I guess you ran netstat on cpuA.
I forgot to include "check if sshd is running" in my list. Is it? If not, does anything change when you start it?

cajunchief · 12-07-2015, 02:11 PM

berndbausch,

Sorry, i forgot to mention that I DID CHECK and SSHD is running well!

cajunchief

michaelk · 12-07-2015, 03:31 PM

Have you checked the log files for errors?
What changes did you make to the sshd_config files?
As berndbausch suggested can you revert back to your last known working sshd_config files?

berndbausch · 12-07-2015, 05:19 PM

Quote:

Originally Posted by cajunchief

berndbausch,

Sorry, i forgot to mention that I DID CHECK and SSHD is running well!

cajunchief

So, sshd is running, but nothing is listening on the configured port. Can you do lsof -p pidofsshd to check what port it is listening on? Can you switch on debugging on sshd?

cajunchief · 12-08-2015, 03:03 PM

Hey berndbausch,

I ran the command and this is what I got:

lsof -p pidofsshd
lsof: illegal process ID: pidofsshd
lsof 4.82
latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ
latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man
usage: [-?abhlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-f[gG]] [+|-e s]
[-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s]
[+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [-Z [Z]] [--] [names]
Use the ``-h'' option to get more help information.

???
cajunchief

michaelk · 12-08-2015, 03:25 PM

Replace pidofsshd with the actual process number of sshd i.e. the output of:

ps ax | pgrep sshd

berndbausch · 12-08-2015, 04:04 PM

Quote:

Originally Posted by michaelk

Replace pidofsshd with the actual process number of sshd i.e. the output of:

ps ax | pgrep sshd

Also, rather than just typing in what people say, please try to understand the meaning. The lsof man page is not necessarily an easy read, but it does contain a description of the -p option.

Sum1 · 12-08-2015, 05:30 PM

Please provide the following on both cpuA and cpuB

Code:

ip addr show

|||||||||||||||||||||||||

Please provide the content of /etc/ssh/sshd_config on cpuB

|||||||||||||||||||||||||

Please provide the output of

Code:

ps -e|egrep sshd

on cpuB

|||||||||||||||||||||||||

Please provide the output of

Code:

route -n

on both cpuA and cpuB

Sum1 · 12-08-2015, 05:59 PM

Also you mentioned making some changes to the sshd_config files to make public key authentication work, but I believe sshd defaults to allowing this capability.
This is from my own default sshd_config file:

Code:

#RSAAuthentication yes
#PubkeyAuthentication yes

Sum1 · 12-10-2015, 10:54 AM

OP gone?

cajunchief · 01-05-2016, 08:52 PM

Michaelk I ran the command with the changes you recommend and this is what it said:

Quote:

Originally Posted by michaelk

Replace pidofsshd with the actual process number of sshd i.e. the output of:

ps ax | pgrep sshd

sudo lsof -p 2458
[sudo] password for cajunchief:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 2458 root cwd DIR 8,1 4096 2 /
sshd 2458 root rtd DIR 8,1 4096 2 /
sshd 2458 root txt REG 8,1 569280 704035 /usr/sbin/sshd
sshd 2458 root DEL REG 8,1 522491 /lib/libutil-2.12.so
sshd 2458 root DEL REG 8,1 540427 /lib/libkrb5.so.3.3
sshd 2458 root DEL REG 8,1 540426 /lib/libcom_err.so.2.1
sshd 2458 root DEL REG 8,1 540424 /lib/libkrb5support.so.0.1
sshd 2458 root DEL REG 8,1 540423 /lib/libkeyutils.so.1.3
sshd 2458 root DEL REG 8,1 542960 /lib/libplds4.so
sshd 2458 root DEL REG 8,1 542958 /lib/libnspr4.so
sshd 2458 root DEL REG 8,1 522487 /lib/librt-2.12.so
sshd 2458 root mem REG 8,1 58708 522475 /lib/libnss_files-2.12.so
sshd 2458 root DEL REG 8,1 540415 /lib/libselinux.so.1
sshd 2458 root DEL REG 8,1 522463 /lib/libcrypt-2.12.so
sshd 2458 root DEL REG 8,1 522437 /lib/libfreebl3.so
sshd 2458 root DEL REG 8,1 540422 /lib/libaudit.so.1.0.0
sshd 2458 root DEL REG 8,1 522469 /lib/libnsl-2.12.so
sshd 2458 root DEL REG 8,1 540425 /lib/libk5crypto.so.3.1
sshd 2458 root DEL REG 8,1 522483 /lib/libpthread-2.12.so
sshd 2458 root DEL REG 8,1 522665 /lib/libwrap.so.0.7.6
sshd 2458 root DEL REG 8,1 522600 /lib/libpam.so.0.82.2
sshd 2458 root DEL REG 8,1 673483 /usr/lib/libcrypto.so.1.0.1e
sshd 2458 root DEL REG 8,1 670988 /usr/lib/libnss3.so
sshd 2458 root DEL REG 8,1 522452 /lib/ld-2.12.so
sshd 2458 root DEL REG 8,1 666987 /usr/lib/libnssutil3.so
sshd 2458 root DEL REG 8,1 522590 /lib/libfipscheck.so.1.1.0
sshd 2458 root DEL REG 8,1 522465 /lib/libdl-2.12.so
sshd 2458 root DEL REG 8,1 522485 /lib/libresolv-2.12.so
sshd 2458 root DEL REG 8,1 522459 /lib/libc-2.12.so
sshd 2458 root DEL REG 8,1 540411 /lib/libz.so.1.2.3
sshd 2458 root DEL REG 8,1 540428 /lib/libgssapi_krb5.so.2.2
sshd 2458 root DEL REG 8,1 542959 /lib/libplc4.so
sshd 2458 root 0u CHR 1,3 0t0 3995 /dev/null
sshd 2458 root 1u CHR 1,3 0t0 3995 /dev/null
sshd 2458 root 2u CHR 1,3 0t0 3995 /dev/null
sshd 2458 root 3u IPv4 17132 0t0 TCP *:34585(LISTEN)
sshd 2458 root 4u IPv6 17136 0t0 TCP *:34585 (LISTEN)

cajunchief

michaelk · 01-06-2016, 08:05 AM

Looks like ssh is listening on port 34585.

How are you verifying that ssh is working well? Can you login on each server itself? If you configured ssh for keys only then you need setup keys for that user.

ssh -p 2222 localhost