LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices


Reply
  Search this Thread
Old 06-26-2009, 12:53 AM   #1
lunlun
Member
 
Registered: Jul 2005
Posts: 41

Rep: Reputation: 15
ssh problem on ubuntu


I know this was asked a million times, but then I dont understand why my ssh wont work on my ubuntu.

I have 2 ubuntu machine. my laptop one works easily. but my desktop ubuntu is refusing to accept ssh.



My desktop ubuntu is Ping-able and after running netstat, I found that port 22 is in fact listening to connections.

/home/mini# netstat -nap | grep :22
tcp6 0 0 :::22 :::* LISTEN 10885/sshd

Iptable shows this,

ACCEPT all -- anywhere anywhere
REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:26668
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere



Can someone please help? Or point me to a google post?


I have had this desktop ubuntu for quite a while and I think
I have originally follow instructions at,
https://help.ubuntu.com/8.04/serverg...sh-server.html
 
Old 06-26-2009, 01:36 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https

you need one of these for port 22, and this is just port 80 and 443 respectively.
 
Old 06-26-2009, 01:45 AM   #3
lunlun
Member
 
Registered: Jul 2005
Posts: 41

Original Poster
Rep: Reputation: 15
I think the following command can help me open the ssh firewall right?

sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT



One thing I don't understand,

doesn't "ACCEPT all -- anywhere anywhere" mean port 22 is already open?

since it accepts ALL connection type from anywhere/anywhere?
 
Old 06-26-2009, 02:08 AM   #4
Uncle_Theodore
Member
 
Registered: Dec 2007
Location: Charleston WV, USA
Distribution: Slackware 12.2, Arch Linux Amd64
Posts: 896

Rep: Reputation: 70
Quote:
Originally Posted by lunlun View Post
I think the following command can help me open the ssh firewall right?

sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
Yes, it should.
Quote:
One thing I don't understand,

doesn't "ACCEPT all -- anywhere anywhere" mean port 22 is already open?

since it accepts ALL connection type from anywhere/anywhere?
Run
iptables -L -v
to see if there is an interface option in this rule. I think it's lo.
 
Old 06-27-2009, 01:48 AM   #5
lunlun
Member
 
Registered: Jul 2005
Posts: 41

Original Poster
Rep: Reputation: 15
is there any reason why it still wont accept ssh connection?
I have added the accept ssh to my firewall
Thanks


/home/mini# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
70905 2462K ACCEPT all -- lo any anywhere anywhere
0 0 REJECT all -- !lo any anywhere 127.0.0.0/8 reject-with icmp-port-unreachable
676K 419M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:www
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:26668
16 960 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
111K 9694K LOG all -- any any anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: '
146K 16M REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
877K 104M ACCEPT all -- any any anywhere anywhere
 
Old 06-27-2009, 03:24 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980
becuase it's clearly after the reject all entry. you'd want to insert it before there, e.g. iptables -I INPUT 4 [rest of command] instead of just -A INPUT to append. Note you'll need iptables-save to store these settings across a reboot.

Last edited by acid_kewpie; 06-27-2009 at 03:25 AM.
 
Old 06-27-2009, 03:42 PM   #7
Andy Alt
Member
 
Registered: Jun 2004
Location: Minnesota, USA
Distribution: Slackware64-stable, Debian64 stable, LFS 7.1
Posts: 458

Rep: Reputation: 122Reputation: 122
lunlun, also try running nmap or nmapfe.

It'll check what ports you have open. It's a good troubleshooting tool when working with firewalls.
 
Old 06-27-2009, 03:42 PM   #8
lunlun
Member
 
Registered: Jul 2005
Posts: 41

Original Poster
Rep: Reputation: 15
solved! thanks!
 
Old 06-27-2009, 04:32 PM   #9
rdawgjigga
LQ Newbie
 
Registered: Jun 2009
Location: Texas
Distribution: Debian, Ubuntu, Kubuntu, Damn Small Linux (DSL), Backtrack 4,
Posts: 13

Rep: Reputation: 0
SSH Server!

You did install openssh-server right? so you can receive ssh connection on your ubuntu desktop? Just wondering.
 
Old 06-27-2009, 04:39 PM   #10
lunlun
Member
 
Registered: Jul 2005
Posts: 41

Original Poster
Rep: Reputation: 15
I did have open ssh

I think my problem was by default, Ubuntu's builtin firewall rejects ssh conection
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Slow ssh connection over lan with Ubuntu Desktop and Ubuntu Server Recursion Linux - Networking 1 05-23-2009 02:17 AM
Chroot SSH problem: ssh working, not SFTP & SCP. NaCo Linux - Security 3 02-01-2009 02:23 AM
Problem installing ssh in ubuntu Feisty bmaheni Linux - Desktop 1 05-14-2008 01:41 PM
SSH problem - ssh-add not respond FerkoPica Linux - Security 6 05-07-2006 03:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu

All times are GMT -5. The time now is 12:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration