-   Linux - Server (
-   -   iptables - how to open port 22 (I guess) (

expatCM 12-03-2007 10:00 AM

iptables - how to open port 22 (I guess)
I am feeling reasonably clueless about this one .... I am trying to connect to a new server using PuTTY and get SSH Connection Refused. I have been following the The Perfect Server for Gutsy tutorial on howtoforge. I am up to page 3 where it says "From now on you can use an SSH client and connect from your workstation".

Good if it works but for me it does not.

I have installed openssh-server on one machine. Fresh install of Gutsy server and nothing else on the machine.

I am using PuTTY to connect and I get the message Connection Refused.

If I use command line ssh user@host I get more or less the same thing
ssh: connect to host name port 22: Connection refused

Tried from another machine and the same message.

But I can ping the IP and the host name without issue.

So I was asking round and it has been suggested that I need to open port 22 on iptables. If that is the case I do not know how to. Or is there something else I should look at?

I have tried this command but it did not seem to have any effect -

iptables -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT

Any idea why I have got such a simple tutorial messed up .... ?

complich8 12-03-2007 10:22 AM

"connection refused" means that either (a) the packet made it to the port, but nobody's listening (ie: sshd isn't running) or (b) you hit a "-j REJECT" rule before your accept rule.

So, your first step is to verify that sshd is indeed running on the target machine (eg: "ps -ef | grep sshd" on the target machine). If it's not, try running /etc/init.d/ssh start .

Your second step is to check your INPUT chain (ie: iptables -nvL INPUT ) or whatever it's traversing for REJECT rules. If it is, try inserting your SSH rule above that reject rule.

expatCM 12-03-2007 10:37 PM

Thank you for your help ....

I started with


ps -ef | grep sshd
and this was returned


username 4149 4132 0 10:02 tty1 00:00:00 grep sshd
Then I tried


/etc/init.d/ssh start
and got


No file or directory
so I ran


apt-get install ssh openssh-server
and a couple of keys were installed

Then I restarted the server and went back and ran


ps -ef | grep sshd
This time the following was returned


root                4104        1        0        10:21        ?        00:00:00        /usr/sbin/ssh
username        4176        4159        0        10:24        tty1        00:00:00        grep sshd

So I ran


/etc/init.d/ssh start
and got this message


Starting OpenBSD Secure Shell server sshd
Could not load host key:        /etc/ssh/ssh_host_rsa_key
Could not load host key:        /etc/ssh/ssh_host_dsa_key

I still get Connection Refused.

expatCM 12-03-2007 10:46 PM

the second part of your comments ... iptables

from iptables -nvL INPUT I got


Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts  bytes  target  prof  opt in out  source  destination

Do I need to change this at all?

expatCM 12-04-2007 01:57 AM

What I have just done is to reinstall the server since there was nothing there. Slight difference that instead of installing SSH server through the installer I skipped that and did it only through apt.

The only difference is that I do not get the error about the keys when starting up ssh but I still get connection refused.

expatCM 12-05-2007 05:51 AM

I appear to have got this working.

If I ping hostname I get a response but it relates to opendns and not my local network

PING hostname ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=240 time=320 ms
64 bytes from ( icmp_seq=3 ttl=240 time=321 ms
64 bytes from ( icmp_seq=4 ttl=240 time=318 ms
64 bytes from ( icmp_seq=5 ttl=240 time=318 ms

but if I ping the ip address

PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=1.49 ms
64 bytes from icmp_seq=2 ttl=64 time=0.094 ms
64 bytes from icmp_seq=3 ttl=64 time=0.092 ms
64 bytes from icmp_seq=4 ttl=64 time=0.093 ms
64 bytes from icmp_seq=5 ttl=64 time=0.094 ms
64 bytes from icmp_seq=6 ttl=64 time=0.080 ms

So if I then use putty ipaddress on the cli it will connect.

It looks like I need to work a bit further through the tutorial and edit the hosts file to make this problem go away .....

All times are GMT -5. The time now is 08:20 PM.