unable to ssh my machine in any way - any ideas?
 

Problem: When I SSH my linux box from inside or outside the LAN nothing happens

Set up:
machine 1 Windows 2000 (wife's computer)
machine 2 Fedora Core 3
both behind a Linksys BEFSR41v4 wired router sharing a DSL connection.

What I've Done:
I've configured the port forwarding bit on my router set-up so that ssh will be forwarded to the local ip address of my linux box. I don't know if I have done this correctly. When I try to ssh the outside ip address of my router from anywhere, nothing happens / it hangs.

What things can I do / check in order to zero in on the problem?

I've killed the entire day surfing the net for ideas, to no avail

Any help or ideas is greatly appreciated.

Thanks!

The first thing I'd try is ssh from the box with the ssh server running. Open a shell and ssh username@localhost. Maybe there's a firewall setting on the linux box or sshd isn't actually running. Then try ssh from one internal box to the internal address of the linux box (i.e. ssh username@192.168.XXX.XXX or use Putty since you've got a windows machine).

When you know both of those are working, then you'll know the problem is in your router configuration...

Thanks for the suggestions.

I tried "ssh [user name]@localhost" and got

ssh: localhost: Name or service not known

Does this mean that sshd is not running?

When I run the command "ps -A", it indicates that it is running.

I have an ssh client on the windows machine and did indeed try to ssh the local ip address of the linux box.
The outcome was "The host 192.168.XXX.XXX is unreachable"

By the way, I am not currently running a firewall on the linux box.

Thanks!

It definitely seems like there's a problem with the ssh server. Try nmap localhost on the linux box. It should list port 22 as open and being used by ssh. If not, then try restarting sshd. If it is running, I'd try looking at your sshd_config file.

IIRC, FC installs a inbound-deny, outbound-accept firewall by default. Try 'iptables -L' to make sure it's set to accept inbound connections (at least to port 22).

Ok,

"nmap localhost" yields

Starting nmap 3.70 at 2006-06-28 20:34 UTC
Failed to resolve given hostname/IP: localhost. Note that you can't use '/mask' AND '[1-4,7,100-]' style IP ranges
WARNING: No targets were specified, so 0 hosts scanned.
Nmap run completed -- 0 IP addresses (0 hosts up) scanned in 0.057 seconds

I ran it again as "nmap 192.168.1.101" (internal ip) and got

PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
113/tcp open auth

So it looks like sshd is running, but for some reason "localhost" is not identified with the internal IP address.

I just discovered I can also ssh to 192.168.1.101 from the machine itself and it works fine.

Now, I ran the 'iptables' command and got "command not found"??

Thanks again everyone!

As a user you'll have to probably run /sbin/iptables -L since /sbin probably isn't in your path. Or you can run the command as root if you don't see any results.

Check /etc/hosts file to see if there's a line like .

Sorry, I just looked above at your error "The host 192.168.XXX.XXX is unreachable" you posted. I just want to check to make sure you actually changed the ip address to 192.168.1.101 and didn't leave it with the X's.

I certainly replaced the x's with the linux box's internal ip address...192.168.1.101

the hosts file contains

# Do not remove the following line, or various programs
# that require network functionality will fail.
192.168.1.100 homepc
192.168.1.101 localhost

Is this sufficient?

I just added the "localhost" a minute ago using the Network Configuration application in KDE. It had no name for the 192.168.1.101 address, so i added the "localhost."

I can now ssh "localhost" from "localhost" and login with no problem, now.

Also, How do I display code inside the nifty text box you use?

These guys have things under control for you, but I thought i'd add a few things...

First, localhost should be set to 127.0.0.1

Second, where you have localhost now in your /etc/hosts file change it to something else... like linuxbox or something.

Are your internal IP's static or Dynamic?

Just so you know, the port forwarding on the Linksys is only used when you try to access a particular service from the outside (WAN). From within your network (192.168.1.x network) the port-forwarding is ignored. The reason I asked about static or dynamic IP's is because with dynamic IP's port forwading is sort of pointless seeing the IP will possibly change the next time the machine with the SSH service is rebooted.

On the Windows machine:

- If you have McAfee Security or Norton Internet Security make sure it's not blocking any outgoing traffic for the SSH port.

- If you are using Windows Firewall, try disabling it in Services
(My Computer / Manage / Services)

- Try using Putty to make the connection.

Scott

Upon pljvaldez's advice I got 'iptables -L' to work. I got about 3 screens worth of code. What should I be looking for?

Thanks!

That sounds like a fairly complex firewalling script. Try doing: "iptables -I INPUT -p tcp --dport 22 -j ACCEPT" as root and seeing if you can then connect from the outside.

Wow! That worked! ... what did I just do? I haven't just opened a gaping hole in my security did I?

I ssh'd to my linux machine at work and then from there ssh'd my router at home and it brought me back to my home linuxbox with no problem.

Thank you pljvaldez, Matir, and Scott for your help. I have newbie guilt right now and I hope I can be as much help to someone else in the future.

It's a hole, but a small and relatively secure one. And it's neccessary if you want SSH access. All it says is "allow inbound connections to tcp port 22" (which is the port SSHD runs on by default).

So everything was working fine for a couple of days. However, it has now stoppped working. I tried to ssh from work to my home machine and it hung, like it was doing before.

I checked to make sure my ip adddress was still the same, and it was, as well as checked the port forwarding on the router.

I then tried to check the iptables, but when I ran `iptables -L' as root, it returns 'command not found'.
I tried it again for the sbin directory with the same results. `iptables' is indeed in the sbin directory, as well.

What could be going on here?

iptables issues
 

I am sure the guys that are working with you will figure out the iptables issues.

When you get that working, you may want to check out /etc/ssh/sshd_config. There is a command there called Port. Uncomment it and change it to something other than 22. This will at least give you a small measure of security. Then you will have to change the port on your windows client, or if accessing from linux, ssh -p port-number ip-address.


Good Luck!

Jim