summary on my previous post - "SSH connection problem"

Zhengguo Xu tworiversfolk at gmail.com
Thu Sep 11 22:50:24 UTC 2008


thanks all, guys. :-)

there're many posts and lots of information follows my initial post, i
thought it might be better if i make a summary for what i have done so far
and it might be easier for late-coming gurus to get the whole situation at a
glance. so here it goes:

scenario:
i have a desktop (ip 192.168.1.35) and a lptop (ip 192.168.1.36) at home
network. i installed openssh-server on both of them. i have the same user
name on both PCs.

my problem is:
i can connect from desktop to laptop but not reversely. in another word,
desktop to laptop, ok. laptop to desktop, no connection.

what i have done following all the suggestions you guys provide:

1. i run "ssh localhost" on both PCs and they work fine.

2. "sudo /etc/init.d/ssh restart" on desktop. output is:

 * Starting OpenBSD Secure Shell server sshd                             [
OK ]

still no connection from laptop to desktop after that.

3. "netstat -an | grep 22 | grep LISTEN" on desktop:

ttcp6       0      0 :::22                   :::*
LISTEN
unix  2      [ ACC ]     STREAM     LISTENING     21762
/tmp/orbit-zhengguo/linc-1b96-0-61f847b3223d1
unix  2      [ ACC ]     STREAM     LISTENING     22180
/tmp/orbit-zhengguo/linc-1bd8-0-14b173498db0
unix  2      [ ACC ]     STREAM     LISTENING     22232
/tmp/orbit-zhengguo/linc-1bd7-0-73832025dcb9
unix  2      [ ACC ]     STREAM     LISTENING     22304
/tmp/orbit-zhengguo/linc-1bb1-0-30dd8720b0dde
unix  2      [ ACC ]     STREAM     LISTENING     22387
/tmp/orbit-zhengguo/linc-1be9-0-5e13ed25cd93a
unix  2      [ ACC ]     STREAM     LISTENING     22567
/tmp/orbit-zhengguo/linc-1bdb-0-61f847bfa746
unix  2      [ ACC ]     STREAM     LISTENING     22572
/tmp/orbit-zhengguo/linc-1be3-0-5e13ed28b1c2
unix  2      [ ACC ]     STREAM     LISTENING     22577
/tmp/orbit-zhengguo/linc-1be1-0-c42a5caba2b
unix  2      [ ACC ]     STREAM     LISTENING     22610
/tmp/orbit-zhengguo/linc-1bf3-0-68dc5c4b61bd2
unix  2      [ ACC ]     STREAM     LISTENING     22753
/tmp/orbit-zhengguo/linc-1c03-0-6ad3398c3d2b
unix  2      [ ACC ]     STREAM     LISTENING     22812
/tmp/orbit-zhengguo/linc-1bec-0-21f17fadac7d2
unix  2      [ ACC ]     STREAM     LISTENING     22950
/tmp/orbit-zhengguo/linc-1c0f-0-62f5b1002ed58
unix  2      [ ACC ]     STREAM     LISTENING     28927
/tmp/gedit-svn.zhengguo.4040482822

same command on laptop:

tcp6       0      0 :::22                   :::*
LISTEN
unix  2      [ ACC ]     STREAM     LISTENING     21735
/tmp/orbit-zhengguo/linc-177a-0-3b77f1c4f2228
unix  2      [ ACC ]     STREAM     LISTENING     22252
/tmp/scim-bridge-0.3.0.socket-1000 at localhost:0.0
unix  2      [ ACC ]     STREAM     LISTENING     22777
/tmp/orbit-zhengguo/linc-1801-0-354a40bdf22b0
unix  2      [ ACC ]     STREAM     LISTENING     22810
/tmp/orbit-zhengguo/linc-1803-0-28fd485411c25

4. To force to IPV4 on desktop:
$ sudo vi /etc/ssh/sshd_config

At the top, uncomment
ListenAddress 0.0.0.0

And then
$ sudo /etc/init.d/ssh restart

to no avail. still no connection

5. "ps -A | grep iptables" on desktop gives nothing. Does that mean iptables
is not running?

6. "ps -A | grep fire" on desktop gives only firefox. guess that means my
firestarter is not running.

7. "ssh -vv 192.168.1.35" on laptop gives following output:

OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.35 [192.168.1.35] port 22.
debug1: connect to address 192.168.1.35 port 22: Connection timed out
ssh: connect to host 192.168.1.35 port 22: Connection timed out

also tried "telnet", "ping" the same address on laptop, doesn't work.

since desktop to laptop works, so "ssh -vv 192.168.1.36" on desktop, as
expected, get a lot of information and after i typing the password,
connection established. so i didn't bother to post the output.

8. ifconfig of desktop:

eth0      Link encap:Ethernet  HWaddr 00:11:d8:40:66:76
          inet addr:192.168.1.35  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::211:d8ff:fe40:6676/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:836 errors:0 dropped:0 overruns:0 frame:0
          TX packets:756 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:722731 (705.7 KB)  TX bytes:187887 (183.4 KB)
          Interrupt:21 Base address:0xe400

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2179 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2179 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:131320 (128.2 KB)  TX bytes:131320 (128.2 KB)

wlan0     Link encap:Ethernet  HWaddr 00:30:f1:f8:c9:54
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wmaster0  Link encap:UNSPEC  HWaddr
00-30-F1-F8-C9-54-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ipconfig of laptop:

 eth0      Link encap:Ethernet  HWaddr 00:14:22:e0:43:68
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:19

eth1      Link encap:Ethernet  HWaddr 00:13:ce:da:05:f0
          inet addr:192.168.1.36  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::213:ceff:feda:5f0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:59 errors:0 dropped:0 overruns:0 frame:0
          TX packets:93 errors:0 dropped:0 overruns:0 carrier:1
          collisions:0 txqueuelen:1000
          RX bytes:5888059 (5.6 MB)  TX bytes:2216268 (2.1 MB)
          Interrupt:18 Base address:0xe000 Memory:dcffd000-dcffdfff

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2733 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2733 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:142640 (139.2 KB)  TX bytes:142640 (139.2 KB)

9.  "tracepath 192.168.1.35" from desktop is:

 1:  192.168.1.35 (192.168.1.35)                            0.125ms pmtu
16436
 1:  192.168.1.35 (192.168.1.35)                            0.085ms reached
 1:  192.168.1.35 (192.168.1.35)                            0.090ms reached
     Resume: pmtu 16436 hops 1 back 64

same command from laptop is:

1:  UbuntuDell.local (192.168.1.36)                        0.127ms pmtu 1500
 1:  no reply
 2:  no reply
 3:  no reply
 4:  no reply
 5:  no reply
 6:  no reply
 7:  no reply
 8:  no reply
 9:  no reply
10:  no reply
11:  no reply
12:  no reply
13:  no reply
14:  no reply
15:  no reply
16:  no reply
17:  no reply
18:  no reply
19:  no reply
20:  no reply
21:  no reply
22:  no reply
23:  no reply
24:  no reply
25:  no reply
26:  no reply
27:  no reply
28:  no reply
29:  no reply
30:  no reply
31:  no reply
     Too many hops: pmtu 1500
     Resume: pmtu 1500

10. sshd_config as follows:

# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile    %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

i was told it's ok.

11. "sudo iptables -L" on desktop:

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  250.Red-80-58-61.staticIP.rima-tde.net
anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT     udp  --  250.Red-80-58-61.staticIP.rima-tde.net
anywhere
ACCEPT     tcp  --  254.Red-80-58-61.staticIP.rima-tde.net
anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT     udp  --  254.Red-80-58-61.staticIP.rima-tde.net
anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            limit: avg
10/sec burst 5
DROP       all  --  anywhere             255.255.255.255
DROP       all  --  anywhere             192.168.1.255
DROP       all  --  BASE-ADDRESS.MCAST.NET/8  anywhere
DROP       all  --  anywhere             BASE-ADDRESS.MCAST.NET/8
DROP       all  --  255.255.255.255      anywhere
DROP       all  --  anywhere             0.0.0.0
DROP       all  --  anywhere             anywhere            state INVALID
LSI        all  -f  anywhere             anywhere            limit: avg
10/min burst 5
INBOUND    all  --  anywhere             anywhere
LOG_FILTER  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level info
prefix `Unknown Input'

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            limit: avg
10/sec burst 5
LOG_FILTER  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level info
prefix `Unknown Forward'

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  192.168.1.35
250.Red-80-58-61.staticIP.rima-tde.net tcp dpt:domain
ACCEPT     udp  --  192.168.1.35
250.Red-80-58-61.staticIP.rima-tde.net udp dpt:domain
ACCEPT     tcp  --  192.168.1.35
254.Red-80-58-61.staticIP.rima-tde.net tcp dpt:domain
ACCEPT     udp  --  192.168.1.35
254.Red-80-58-61.staticIP.rima-tde.net udp dpt:domain
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  BASE-ADDRESS.MCAST.NET/8  anywhere
DROP       all  --  anywhere             BASE-ADDRESS.MCAST.NET/8
DROP       all  --  255.255.255.255      anywhere
DROP       all  --  anywhere             0.0.0.0
DROP       all  --  anywhere             anywhere            state INVALID
OUTBOUND   all  --  anywhere             anywhere
LOG_FILTER  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level info
prefix `Unknown Output'

Chain INBOUND (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state
RELATED,ESTABLISHED
LSI        all  --  anywhere             anywhere

Chain LOG_FILTER (5 references)
target     prot opt source               destination

Chain LSI (2 references)
target     prot opt source               destination
LOG_FILTER  all  --  anywhere             anywhere
LOG        tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix
`Inbound '
DROP       tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,ACK/SYN
LOG        tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix
`Inbound '
DROP       tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,ACK/RST
LOG        icmp --  anywhere             anywhere            icmp
echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP       icmp --  anywhere             anywhere            icmp
echo-request
LOG        all  --  anywhere             anywhere            limit: avg
5/sec burst 5 LOG level info prefix `Inbound '
DROP       all  --  anywhere             anywhere

Chain LSO (0 references)
target     prot opt source               destination
LOG_FILTER  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            limit: avg
5/sec burst 5 LOG level info prefix `Outbound '
REJECT     all  --  anywhere             anywhere            reject-with
icmp-port-unreachable

Chain OUTBOUND (1 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere

however, on laptop the same command has output:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


it seems empty. is it normal?


ok, here're things i've done so far trying to get the connection but to no
avail. any further suggestion are welcomed whole haertly.

thanks again for all the help you've given to me. :-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20080912/0c4827db/attachment.html>


More information about the ubuntu-users mailing list