LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-28-2014, 08:09 AM   #1
laanaBloom
LQ Newbie
 
Registered: May 2014
Posts: 4

Rep: Reputation: Disabled
SSH always times out, though it should be working fine?


I've just purchased (or rented) a Linux VPS. It's running Ubuntu Server 12, and I'm having a big problem with it: I can't SSH into it at all. All my attempts time out.

There is an emergency console provided, through which I can create short-term terminal sessions and connect to those. From there, I can see that (A) the machine is up and running, and connected to the internet and (B) SSHD is listening, first on port 22 and after I changed it, on port 5315.

So I'm kind of stumped. Maybe it's a firewall issue? I don't really know enough to troubleshoot or comprehend this problem. I Googled it, and found information about 'ufw', but that isn't installed on my system. I ran 'iptables-save' and the rules, from what I can tell, seem to be accepting of anything from ports 51 to 4765.

I would really love some help on this. I've talked to support but haven't found much help and it's really driving me a bit mad.
 
Old 05-28-2014, 09:05 AM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
Verify $HOME for the source user on source system and the target user on target system are only writable by the respective user (i.e. chmod 755 $HOME is OK but 775 or 777 are not)

Verify $HOME/.ssh those users only has permissions for the respective users (i.e. chmod 700 $HOME/.ssh is OK and nothing else should be.)

Verify the directory structure above $HOME is not wide open to the point it would allow others to override the subdirectories. (e.g. if / had mode 777 on it that would bad and not just for ssh).
 
Old 05-28-2014, 09:06 AM   #3
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,983

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551
what is the output of "ssh -vv user@IP"
 
Old 05-28-2014, 09:14 AM   #4
laanaBloom
LQ Newbie
 
Registered: May 2014
Posts: 4

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by MensaWater View Post
Verify $HOME for the source user on source system and the target user on target system are only writable by the respective user (i.e. chmod 755 $HOME is OK but 775 or 777 are not)
The target's $HOME is rwxr-xr-x (I don't remember the octal translation, sorry). The source user's $HOME is drwxr-xr-x on my Linux box, an admin user on my Windows box, and a regular user on my Android device (I've tried connecting from each with the same result).

Quote:
Verify $HOME/.ssh those users only has permissions for the respective users (i.e. chmod 700 $HOME/.ssh is OK and nothing else should be.)
I ran 'chmod 700' on it just now, no change, unfortunately.

Quote:
Verify the directory structure above $HOME is not wide open to the point it would allow others to override the subdirectories. (e.g. if / had mode 777 on it that would bad and not just for ssh).
I have to admit, I'm not sure how to actually check permissions for /, since 'ls -la /' obviously shows a list of its subdirectories. I'm a bit of a novice, as you can tell. What command should I run?

It might be worth pointing out that I am also running Apache on this machine, and that HTTP requests to localhost work just fine while outside HTTP requests time out (and show no entries in the access or error logs for Apache). That's why I'm thinking it must be a network thing rather than an ssh config thing, but I'm not the expert.

Quote:
what is the output of "ssh -vv user@IP"
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug2: ssh_connect: needpriv 0
debug1: Connecting to <IP> [<IP>] port <port>.
debug1: conncet to address <IP> port <port>: Attempt to connect timed out without establishing a connection


Where the <port>/<IP> bits are me replacing the actual IP and port.
 
Old 05-28-2014, 10:08 AM   #5
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7 / 8
Posts: 3,529

Rep: Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593
If you've nothing on that server then why not reinstall the OS from your VPS account or have their support do this for you. That way you're starting from a "clean" build.
 
Old 05-28-2014, 10:10 AM   #6
laanaBloom
LQ Newbie
 
Registered: May 2014
Posts: 4

Original Poster
Rep: Reputation: Disabled
Oh I have, a half-dozen times. It's always a problem, even if I switch from Ubuntu to Debian to CentOS. That's why I'm thinking it's a firewall config.
 
Old 05-28-2014, 10:13 AM   #7
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7 / 8
Posts: 3,529

Rep: Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593
Ok, I'm assuming you've checked your local configuration to ensure you're allowing SSH outbound?
 
Old 05-28-2014, 10:22 AM   #8
laanaBloom
LQ Newbie
 
Registered: May 2014
Posts: 4

Original Poster
Rep: Reputation: Disabled
I have not. How would I go about doing that? I've read about iptables, if that's what you're talking about, but it's a bit daunting. Here's the output of iptables-save, if it helps.

http://i.imgur.com/Ly5RDql.png
 
Old 05-28-2014, 01:53 PM   #9
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
To see the permissions on a directory rather than the contents use the "-d" flag. So "ls -ld /" would show you the permissions on "/". Note that my earlier suggestion was to check the entire directory path to $HOME so if the user's $HOME is /thisdir/thatdir/developers/home/user you would want to verify "/", "/thisdir", "/thisdir/thatdir", "/thisdir/thatdir/developers" and "/thisdir/thatdir/deveopers/home".

r = 4
w = 2
x = 1
So 4+2+1 = 7 or read/write/execute (rwx)
4+1 - read/execute (r-x) with no write.

You might want to use the "man" pages to get more detail. "man chmod", "man ls", "man ssh", etc... Also you can usually do "man -k <word>" to see if there is a man page related to a concept you want (e.g. "man -k mode"

Have you tried disabling iptables and testing?

The message you got on verbose output says it timed out on connecting which sounds like it couldn't even reach the target port.
On the target server console what happens if you run "lsof -i :<ssh port>" specifying the port it has defined for ssh? You should see a LISTENING item at a minimum.

What happens if you try running "telnet <target server> <ssh port> where you substitute the name of the server and the port ssh is listening on?

When you changed port on the target server did you remember to specify the port on the source server (e.g. ssh -p <target port> <target server>)?
 
Old 05-28-2014, 07:55 PM   #10
stateless
Member
 
Registered: Jan 2013
Distribution: Debian
Posts: 166
Blog Entries: 1

Rep: Reputation: 4
iptables -L
 
Old 05-28-2014, 08:33 PM   #11
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,983

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551
Quote:
Originally Posted by laanaBloom View Post
Oh I have, a half-dozen times. It's always a problem, even if I switch from Ubuntu to Debian to CentOS. That's why I'm thinking it's a firewall config.
you still have yet to post your ssh -vv user@IP_address results. also the permissions you mentioned above are WRONG for the ssh directory. read the links in my signature, they will help.
 
Old 05-29-2014, 02:41 AM   #12
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7 / 8
Posts: 3,529

Rep: Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593
Quote:
Originally Posted by lleb View Post
you still have yet to post your ssh -vv user@IP_address results.
The OP posted these within 10 minutes of you asking for them, try reading post #4 of this thread.
 
1 members found this post helpful.
Old 05-29-2014, 12:22 PM   #13
stateless
Member
 
Registered: Jan 2013
Distribution: Debian
Posts: 166
Blog Entries: 1

Rep: Reputation: 4
Quote:
Originally Posted by laanaBloom View Post
I've just purchased (or rented) a Linux VPS. It's running Ubuntu Server 12, and I'm having a big problem with it: I can't SSH into it at all. All my attempts time out.

There is an emergency console provided, through which I can create short-term terminal sessions and connect to those. From there, I can see that (A) the machine is up and running, and connected to the internet and (B) SSHD is listening, first on port 22 and after I changed it, on port 5315.

So I'm kind of stumped. Maybe it's a firewall issue? I don't really know enough to troubleshoot or comprehend this problem. I Googled it, and found information about 'ufw', but that isn't installed on my system. I ran 'iptables-save' and the rules, from what I can tell, seem to be accepting of anything from ports 51 to 4765.

I would really love some help on this. I've talked to support but haven't found much help and it's really driving me a bit mad.
If your sshd is listening on port 22 and port 5315, but you firewall only accepts incoming on 51 through 4765, that seems clear enough. If you run iptables -L then you can post exactly what your iptables setup is, and we can tell you what needs tweaked.

Also, can you ping your server fine?
 
Old 05-29-2014, 07:43 PM   #14
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,983

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551
Quote:
Originally Posted by TenTenths View Post
The OP posted these within 10 minutes of you asking for them, try reading post #4 of this thread.
yup sorry, he did such a great job at using code flags that i didnt see the ssh -vv out of the code flags.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
$ startx stopped working, was working fine when I shut it down last night BogoMIPS_1962 Slackware 2 08-10-2013 02:04 PM
SSL times out, rest of site works fine. (debian, apache2) mtlhd Linux - Server 9 07-01-2010 12:23 PM
Postfix TLS working fine but SSL over port 25 not working bob808 Linux - Server 10 07-25-2009 10:20 PM
cannot access rsh but ssh is working just fine xear Linux - Networking 6 02-19-2009 09:10 AM
ssh not working from Putty, but works fine from Live CD (Suse of Fedora) jspeed43 Linux - Networking 6 04-29-2008 10:30 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration