This problem has just arisen following the setting up of a new modem/router.

I have two computers, desktop and laptop. The router is attached to the desktop and the laptop communicates via wireless to the router.

I can ssh from the desktop to the laptop without problems. In the other direction it doesn't work because nmap shows "80/tcp open http" to be the only port open.
I have cleared my firewall without effect.

I can ping in both directions.

I thought it might be the firewall in the router (Netgear DG834G) but this only affects the WAN and turning off the firewall doesn't help.

Question: how can I open port 22 for ssh?

Hello acampbell,

Have you denied any outside connection to SSH in the Desktop? It would be nice to check your sshd_config file and also any TCP Wrappers rule. Perhaps you've got a 'Deny' directive in the sshd_config file. If you have cleared the firewall in the router, just check if you have any rules with your Desktop machine, ie.. in IPTABLES or so... Hope you would reply in detail, so that we could solve the trouble...

Thanks...

Can you post the output of IPTABLES -L? Also, check to make sure that SSHd is actually running on both machines.

Oh dear: now I can't ssh to the laptop either!

If I turn off shorewall, iptables -L shows nothing stopped:
===================================================
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
===================================================

And yes, sshd is running.

Here is sshd.config (I haven't changed it)

===================================================
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes
=============================

Hello acampbell,

Please check if you have any rules in the host.deny and host.allow files.
SSH is one of the services that has the libwrap module builtin by default,So any rules related to ssh in those files would be a hindrance. Also turn your firewall ON and just check if you have any rules related to your ssh service. By the way, could you please check if you have any firewall active in the router... Perhaps the router would be blocking the connections by default.

Please reply...

The answer to all the above is no. I did have a firewall in the router but it relates to WAN and putting ALLOW to everything didn't help.

BUT I think something in my /etc/hosts is misconfigured. The router is on 192.168.0.1 and the laptop is on 192.168.0.3. The odd thing is that if I ssh to 192.168.0.3 from the desktop I get the desktop!!!

If I am on the laptop and ssh to 192.168.0.3 I also get the desktop!!

In other words, on both computers I can access the DESKTOP from 192.168.0.3 but I can't access the laptop at all.

Here are my /etc/hosts files (desktop=arcadia, laptop=ibm)
==================================================
Desktop

127.0.0.1 localhost.localdomain localhost
192.168.0.1 arcadia.acampbell.org.uk arcadia
192.168.0.3 ibm

# The following lines are desirable for IPv6 capable hosts
# (added automatically by netbase upgrade)

::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
========================================
Laptop

127.0.0.1 localhost.localdomain localhost
192.168.0.1 arcadia.acampbell.org.uk arcadia
192.168.0.3 ibm

# The following lines are desirable for IPv6 capable hosts
# (added automatically by netbase upgrade)

::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

OK, sorry to reply to myself, but as usual, stating the problem clearly also suggested the solution. All I needed to do was to use the IPs shown on the router page when I was connected; I can now ssh both ways.

Thanks to everyone for help; I'm afraid I started some red herrings.