LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-13-2007, 08:41 AM   #1
openSauce
Member
 
Registered: Oct 2007
Distribution: Fedora, openSUSE
Posts: 252

Rep: Reputation: 39
ssh connection refused - trying to set up ssh server at home


Hi,

I'd like to be able to use ssh to connect to my home computer remotely. I've been trying things out and tweaking config files but I've not got very far. I can't tell exactly what the problem is at this stage, but I'll tell you what I've done and hopefully somebody can tell me how to diagnose it properly.

I'm running Fedora 7 on my home PC, and for testing purposes I'm running Knoppix from a Live CD on another machine (although I eventually hope to connect using Putty on Windows). I believe this line confirms the ssh daemon is running on Fedora:
Code:
> ps -ef | grep sshd
root      2038     1  0 11:37 ?        00:00:00 /usr/sbin/sshd
The file /etc/ssh/sshd_config includes the following lines:
Code:
PasswordAuthentication yes
ChallengeResponseAuthentication yes
Although as I understand it I should only really need one or the other, and once I've got everything working and I understand it properly, I'll be able to disable both and use only key authentication.

Both computers are connected to a router which is connected directly to the internet; the router is configured to forward a port to my Fedora box which matches the port specified in /etc/ssh/sshd_config. On the Knoppix box, I type
Code:
ssh -p <port> guest@<IP>
where <IP> is the external IP address of the router (i.e. the one that whatismyip.com tells me). ssh returns immediately with "connection refused", it seems as though it doesn't even have time to try to connect, but maybe the router doesn't need to forward to the DNS for its own address? Or maybe these things are just faster than I think.

Can anyone tell me what I should try next? Is there a way to tell if the connection is actually being refused by my Fedora PC, or by the router, or elsewhere?
 
Old 10-13-2007, 10:22 AM   #2
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
Do you have the Fedora default firewall up. If so is post 22 for sshd open?

Brian
 
Old 10-13-2007, 10:25 AM   #3
Freemor
Member
 
Registered: Aug 2005
Location: New Brunswick
Distribution: Trisquel
Posts: 70
Blog Entries: 8

Rep: Reputation: 15
it sounds like it could be a tcpwrapper problem you should check your /ets/hosts.allow and be sure connections to sshd are allowed correctly or especially if your /etc/hosts.deny is set to something like ALL: ALL

Hope this helps
Freemor
 
Old 10-13-2007, 12:53 PM   #4
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
One thought. If you have a firewall on the machine and port 22 is open then this may be your issue. If you are on a lan machine trying to connect to the sshd machine using the external IP then it will more than likely work. Reason is many of these store bought routers lack the support to DNAT back onto itself that way. You need to goto a remote location and try to connect and see what happens.

Other thoguht is maybe the ISP is blocking common server ports.

Goto here and run the advance portscan to see if it is open an up.
http://www.hackerwatch.org/probe/

Brian
 
Old 10-14-2007, 07:05 AM   #5
openSauce
Member
 
Registered: Oct 2007
Distribution: Fedora, openSUSE
Posts: 252

Original Poster
Rep: Reputation: 39
Freemor: /etc/hosts.allow and /etc/hosts.deny are empty. I was hoping this wouldn't matter so long as password authentication and challenge-response authentication were enabled? My understanding is those files are used for host-based authentication, but any one type of authentication is acceptable. In any case, the man page for hosts_access says that if both files are empty, all hosts will be allowed.

Brian1: I do have the Fedora default firewall up, it's a little hard to be sure how it's configured though. I don't know if you're familiar with it, its config window has a list of trusted services (ssh is trusted; no others), and a list of "other ports". I think maybe it's simply identifying the various services (FTP, SMTP, HTTP, HTTPS etc) with different ports - I tried adding port 443 earlier, and when I looked at the firewall config again, the port wasn't listed but HTTPS was checked as a trusted source. Adding port 22 and then going back into the config tool, it looks like nothing has changed. At least, that's how it was yesterday - now I can't add port 443 or any other port, I think the config tool isn't working properly. Do you know what config files it might be using, or where I could find out?

I tried the hackerwatch.org portscan, it seemed to ignore port 22 though. It said port 21 was closed but insecure (despite the firewall), port 23 was secure (invisible to outside world), and gave similar reports for 7 other ports.

Quote:
Originally Posted by Brian1
If you are on a lan machine trying to connect to the sshd machine using the external IP then it will more than likely work.
Should this have read "more than likely not work"? If not, I'm not sure what you mean - that is what I'm doing, and it isn't working! If you meant to say "not", could you say why the router couldn't pass the request on to my ISP server which would then send it straight back here? I'll try it from a remote location when I get the chance, but I'm not very confident about getting it to work when I can't get it to work from home.

Last edited by openSauce; 10-14-2007 at 07:07 AM.
 
Old 10-14-2007, 09:33 AM   #6
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
OK from the other lan machine can you login into the sshd machine using the lan IP of the sshd machine?

If not then the port is close os sshd is not up, or sshd is not configured correctly.

Since you have a live version cd on the other machine see if it has nmap or front-end gui interfaces for namp and scan the sshd machine.

For the remote portscan you have to tell it to search for port 22. port 22 is not in the default search.

Now if you were using the external IP when trying to connect to the sshd machine from another lan machine meaning you are acting like you were on the outside. Then it will more than likely not work. It is the basic store bought routers just lack the ability to redirect onto itself.

Brian
 
Old 10-15-2007, 03:42 PM   #7
openSauce
Member
 
Registered: Oct 2007
Distribution: Fedora, openSUSE
Posts: 252

Original Poster
Rep: Reputation: 39
Quote:
OK from the other lan machine can you login into the sshd machine using the lan IP of the sshd machine?
Oops! Yes I can :"). Sorry, I was certain I'd already tried that, it's such an obvious thing to do. Feel like a right idiot now. Oh well, thanks for your help!
 
Old 10-15-2007, 04:32 PM   #8
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
So you have it working?
If so glad to see you have it going.

Brian
 
Old 10-15-2007, 06:09 PM   #9
mfsteele1@hotmail.co
LQ Newbie
 
Registered: Oct 2007
Posts: 1

Rep: Reputation: 0
How to test for an open port

telnet ip ####

#### = port #.

Doesn't matter what network service is involved, you should get a CONNECTED response like this:

> telnet xxx.xxx.xxx.xxx 43

Trying...
Connected to iap0ito0.

Or, if a firewall or closed port issue exists then you'll get a REFUSED response like this:

> telnet xxx.xxx.xxx.xxx 43

Trying...
telnet: Unable to connect to remote host: Connection refused
 
Old 10-16-2007, 10:59 AM   #10
openSauce
Member
 
Registered: Oct 2007
Distribution: Fedora, openSUSE
Posts: 252

Original Poster
Rep: Reputation: 39
Yeah it's working on the LAN now, thanks. Haven't tried it externally yet, but I guess it should be fine so long as port forwarding's working ok on the router.
 
Old 10-18-2007, 04:38 PM   #11
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
Glad to see you have it working.

Brian
 
  


Reply

Tags
connection, refused, server, ssh, sshd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Connection Refused? lowpro2k3 Linux - Networking 2 11-04-2009 11:02 AM
SSH connection refused theoneandonly19 Red Hat 1 07-01-2007 02:48 AM
ssh - connection refused Murdock1979 Linux - Networking 1 11-22-2006 11:21 PM
SSH Connection Refused meping Linux - Networking 9 04-15-2006 01:04 AM
ssh connection refused rguptatx Red Hat 4 11-13-2003 06:18 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration