Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-28-2014, 08:09 AM
|
#1
|
LQ Newbie
Registered: May 2014
Posts: 4
Rep:
|
SSH always times out, though it should be working fine?
I've just purchased (or rented) a Linux VPS. It's running Ubuntu Server 12, and I'm having a big problem with it: I can't SSH into it at all. All my attempts time out.
There is an emergency console provided, through which I can create short-term terminal sessions and connect to those. From there, I can see that (A) the machine is up and running, and connected to the internet and (B) SSHD is listening, first on port 22 and after I changed it, on port 5315.
So I'm kind of stumped. Maybe it's a firewall issue? I don't really know enough to troubleshoot or comprehend this problem. I Googled it, and found information about 'ufw', but that isn't installed on my system. I ran 'iptables-save' and the rules, from what I can tell, seem to be accepting of anything from ports 51 to 4765.
I would really love some help on this. I've talked to support but haven't found much help and it's really driving me a bit mad.
|
|
|
05-28-2014, 09:05 AM
|
#2
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
Verify $HOME for the source user on source system and the target user on target system are only writable by the respective user (i.e. chmod 755 $HOME is OK but 775 or 777 are not)
Verify $HOME/.ssh those users only has permissions for the respective users (i.e. chmod 700 $HOME/.ssh is OK and nothing else should be.)
Verify the directory structure above $HOME is not wide open to the point it would allow others to override the subdirectories. (e.g. if / had mode 777 on it that would bad and not just for ssh).
|
|
|
05-28-2014, 09:06 AM
|
#3
|
Senior Member
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,983
|
what is the output of "ssh -vv user@IP"
|
|
|
05-28-2014, 09:14 AM
|
#4
|
LQ Newbie
Registered: May 2014
Posts: 4
Original Poster
Rep:
|
Quote:
Originally Posted by MensaWater
Verify $HOME for the source user on source system and the target user on target system are only writable by the respective user (i.e. chmod 755 $HOME is OK but 775 or 777 are not)
|
The target's $HOME is rwxr-xr-x (I don't remember the octal translation, sorry). The source user's $HOME is drwxr-xr-x on my Linux box, an admin user on my Windows box, and a regular user on my Android device (I've tried connecting from each with the same result).
Quote:
Verify $HOME/.ssh those users only has permissions for the respective users (i.e. chmod 700 $HOME/.ssh is OK and nothing else should be.)
|
I ran 'chmod 700' on it just now, no change, unfortunately.
Quote:
Verify the directory structure above $HOME is not wide open to the point it would allow others to override the subdirectories. (e.g. if / had mode 777 on it that would bad and not just for ssh).
|
I have to admit, I'm not sure how to actually check permissions for /, since 'ls -la /' obviously shows a list of its subdirectories. I'm a bit of a novice, as you can tell. What command should I run?
It might be worth pointing out that I am also running Apache on this machine, and that HTTP requests to localhost work just fine while outside HTTP requests time out (and show no entries in the access or error logs for Apache). That's why I'm thinking it must be a network thing rather than an ssh config thing, but I'm not the expert.
Quote:
what is the output of "ssh -vv user@IP"
|
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug2: ssh_connect: needpriv 0
debug1: Connecting to <IP> [<IP>] port <port>.
debug1: conncet to address <IP> port <port>: Attempt to connect timed out without establishing a connection
Where the <port>/<IP> bits are me replacing the actual IP and port.
|
|
|
05-28-2014, 10:08 AM
|
#5
|
Senior Member
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7 / 8
Posts: 3,529
|
If you've nothing on that server then why not reinstall the OS from your VPS account or have their support do this for you. That way you're starting from a "clean" build.
|
|
|
05-28-2014, 10:10 AM
|
#6
|
LQ Newbie
Registered: May 2014
Posts: 4
Original Poster
Rep:
|
Oh I have, a half-dozen times. It's always a problem, even if I switch from Ubuntu to Debian to CentOS. That's why I'm thinking it's a firewall config.
|
|
|
05-28-2014, 10:13 AM
|
#7
|
Senior Member
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7 / 8
Posts: 3,529
|
Ok, I'm assuming you've checked your local configuration to ensure you're allowing SSH outbound?
|
|
|
05-28-2014, 10:22 AM
|
#8
|
LQ Newbie
Registered: May 2014
Posts: 4
Original Poster
Rep:
|
I have not. How would I go about doing that? I've read about iptables, if that's what you're talking about, but it's a bit daunting. Here's the output of iptables-save, if it helps.
http://i.imgur.com/Ly5RDql.png
|
|
|
05-28-2014, 01:53 PM
|
#9
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
To see the permissions on a directory rather than the contents use the "-d" flag. So "ls -ld /" would show you the permissions on "/". Note that my earlier suggestion was to check the entire directory path to $HOME so if the user's $HOME is /thisdir/thatdir/developers/home/user you would want to verify "/", "/thisdir", "/thisdir/thatdir", "/thisdir/thatdir/developers" and "/thisdir/thatdir/deveopers/home".
r = 4
w = 2
x = 1
So 4+2+1 = 7 or read/write/execute (rwx)
4+1 - read/execute (r-x) with no write.
You might want to use the "man" pages to get more detail. "man chmod", "man ls", "man ssh", etc... Also you can usually do "man -k <word>" to see if there is a man page related to a concept you want (e.g. "man -k mode"
Have you tried disabling iptables and testing?
The message you got on verbose output says it timed out on connecting which sounds like it couldn't even reach the target port.
On the target server console what happens if you run "lsof -i :<ssh port>" specifying the port it has defined for ssh? You should see a LISTENING item at a minimum.
What happens if you try running "telnet <target server> <ssh port> where you substitute the name of the server and the port ssh is listening on?
When you changed port on the target server did you remember to specify the port on the source server (e.g. ssh -p <target port> <target server>)?
|
|
|
05-28-2014, 07:55 PM
|
#10
|
Member
Registered: Jan 2013
Distribution: Debian
Posts: 166
Rep:
|
iptables -L
|
|
|
05-28-2014, 08:33 PM
|
#11
|
Senior Member
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,983
|
Quote:
Originally Posted by laanaBloom
Oh I have, a half-dozen times. It's always a problem, even if I switch from Ubuntu to Debian to CentOS. That's why I'm thinking it's a firewall config.
|
you still have yet to post your ssh -vv user@IP_address results. also the permissions you mentioned above are WRONG for the ssh directory. read the links in my signature, they will help.
|
|
|
05-29-2014, 02:41 AM
|
#12
|
Senior Member
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7 / 8
Posts: 3,529
|
Quote:
Originally Posted by lleb
you still have yet to post your ssh -vv user@IP_address results.
|
The OP posted these within 10 minutes of you asking for them, try reading post #4 of this thread.
|
|
1 members found this post helpful.
|
05-29-2014, 12:22 PM
|
#13
|
Member
Registered: Jan 2013
Distribution: Debian
Posts: 166
Rep:
|
Quote:
Originally Posted by laanaBloom
I've just purchased (or rented) a Linux VPS. It's running Ubuntu Server 12, and I'm having a big problem with it: I can't SSH into it at all. All my attempts time out.
There is an emergency console provided, through which I can create short-term terminal sessions and connect to those. From there, I can see that (A) the machine is up and running, and connected to the internet and (B) SSHD is listening, first on port 22 and after I changed it, on port 5315.
So I'm kind of stumped. Maybe it's a firewall issue? I don't really know enough to troubleshoot or comprehend this problem. I Googled it, and found information about 'ufw', but that isn't installed on my system. I ran 'iptables-save' and the rules, from what I can tell, seem to be accepting of anything from ports 51 to 4765.
I would really love some help on this. I've talked to support but haven't found much help and it's really driving me a bit mad.
|
If your sshd is listening on port 22 and port 5315, but you firewall only accepts incoming on 51 through 4765, that seems clear enough. If you run iptables -L then you can post exactly what your iptables setup is, and we can tell you what needs tweaked.
Also, can you ping your server fine?
|
|
|
05-29-2014, 07:43 PM
|
#14
|
Senior Member
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,983
|
Quote:
Originally Posted by TenTenths
The OP posted these within 10 minutes of you asking for them, try reading post #4 of this thread.
|
yup sorry, he did such a great job at using code flags that i didnt see the ssh -vv out of the code flags.
|
|
|
All times are GMT -5. The time now is 05:38 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|