summary on my previous post - "SSH connection problem"
Zhengguo Xu
tworiversfolk at gmail.com
Thu Sep 11 22:50:24 UTC 2008
thanks all, guys. :-)
there're many posts and lots of information follows my initial post, i
thought it might be better if i make a summary for what i have done so far
and it might be easier for late-coming gurus to get the whole situation at a
glance. so here it goes:
scenario:
i have a desktop (ip 192.168.1.35) and a lptop (ip 192.168.1.36) at home
network. i installed openssh-server on both of them. i have the same user
name on both PCs.
my problem is:
i can connect from desktop to laptop but not reversely. in another word,
desktop to laptop, ok. laptop to desktop, no connection.
what i have done following all the suggestions you guys provide:
1. i run "ssh localhost" on both PCs and they work fine.
2. "sudo /etc/init.d/ssh restart" on desktop. output is:
* Starting OpenBSD Secure Shell server sshd [
OK ]
still no connection from laptop to desktop after that.
3. "netstat -an | grep 22 | grep LISTEN" on desktop:
ttcp6 0 0 :::22 :::*
LISTEN
unix 2 [ ACC ] STREAM LISTENING 21762
/tmp/orbit-zhengguo/linc-1b96-0-61f847b3223d1
unix 2 [ ACC ] STREAM LISTENING 22180
/tmp/orbit-zhengguo/linc-1bd8-0-14b173498db0
unix 2 [ ACC ] STREAM LISTENING 22232
/tmp/orbit-zhengguo/linc-1bd7-0-73832025dcb9
unix 2 [ ACC ] STREAM LISTENING 22304
/tmp/orbit-zhengguo/linc-1bb1-0-30dd8720b0dde
unix 2 [ ACC ] STREAM LISTENING 22387
/tmp/orbit-zhengguo/linc-1be9-0-5e13ed25cd93a
unix 2 [ ACC ] STREAM LISTENING 22567
/tmp/orbit-zhengguo/linc-1bdb-0-61f847bfa746
unix 2 [ ACC ] STREAM LISTENING 22572
/tmp/orbit-zhengguo/linc-1be3-0-5e13ed28b1c2
unix 2 [ ACC ] STREAM LISTENING 22577
/tmp/orbit-zhengguo/linc-1be1-0-c42a5caba2b
unix 2 [ ACC ] STREAM LISTENING 22610
/tmp/orbit-zhengguo/linc-1bf3-0-68dc5c4b61bd2
unix 2 [ ACC ] STREAM LISTENING 22753
/tmp/orbit-zhengguo/linc-1c03-0-6ad3398c3d2b
unix 2 [ ACC ] STREAM LISTENING 22812
/tmp/orbit-zhengguo/linc-1bec-0-21f17fadac7d2
unix 2 [ ACC ] STREAM LISTENING 22950
/tmp/orbit-zhengguo/linc-1c0f-0-62f5b1002ed58
unix 2 [ ACC ] STREAM LISTENING 28927
/tmp/gedit-svn.zhengguo.4040482822
same command on laptop:
tcp6 0 0 :::22 :::*
LISTEN
unix 2 [ ACC ] STREAM LISTENING 21735
/tmp/orbit-zhengguo/linc-177a-0-3b77f1c4f2228
unix 2 [ ACC ] STREAM LISTENING 22252
/tmp/scim-bridge-0.3.0.socket-1000 at localhost:0.0
unix 2 [ ACC ] STREAM LISTENING 22777
/tmp/orbit-zhengguo/linc-1801-0-354a40bdf22b0
unix 2 [ ACC ] STREAM LISTENING 22810
/tmp/orbit-zhengguo/linc-1803-0-28fd485411c25
4. To force to IPV4 on desktop:
$ sudo vi /etc/ssh/sshd_config
At the top, uncomment
ListenAddress 0.0.0.0
And then
$ sudo /etc/init.d/ssh restart
to no avail. still no connection
5. "ps -A | grep iptables" on desktop gives nothing. Does that mean iptables
is not running?
6. "ps -A | grep fire" on desktop gives only firefox. guess that means my
firestarter is not running.
7. "ssh -vv 192.168.1.35" on laptop gives following output:
OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.35 [192.168.1.35] port 22.
debug1: connect to address 192.168.1.35 port 22: Connection timed out
ssh: connect to host 192.168.1.35 port 22: Connection timed out
also tried "telnet", "ping" the same address on laptop, doesn't work.
since desktop to laptop works, so "ssh -vv 192.168.1.36" on desktop, as
expected, get a lot of information and after i typing the password,
connection established. so i didn't bother to post the output.
8. ifconfig of desktop:
eth0 Link encap:Ethernet HWaddr 00:11:d8:40:66:76
inet addr:192.168.1.35 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::211:d8ff:fe40:6676/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:836 errors:0 dropped:0 overruns:0 frame:0
TX packets:756 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:722731 (705.7 KB) TX bytes:187887 (183.4 KB)
Interrupt:21 Base address:0xe400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2179 errors:0 dropped:0 overruns:0 frame:0
TX packets:2179 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:131320 (128.2 KB) TX bytes:131320 (128.2 KB)
wlan0 Link encap:Ethernet HWaddr 00:30:f1:f8:c9:54
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wmaster0 Link encap:UNSPEC HWaddr
00-30-F1-F8-C9-54-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ipconfig of laptop:
eth0 Link encap:Ethernet HWaddr 00:14:22:e0:43:68
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:19
eth1 Link encap:Ethernet HWaddr 00:13:ce:da:05:f0
inet addr:192.168.1.36 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::213:ceff:feda:5f0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:59 errors:0 dropped:0 overruns:0 frame:0
TX packets:93 errors:0 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:1000
RX bytes:5888059 (5.6 MB) TX bytes:2216268 (2.1 MB)
Interrupt:18 Base address:0xe000 Memory:dcffd000-dcffdfff
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2733 errors:0 dropped:0 overruns:0 frame:0
TX packets:2733 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:142640 (139.2 KB) TX bytes:142640 (139.2 KB)
9. "tracepath 192.168.1.35" from desktop is:
1: 192.168.1.35 (192.168.1.35) 0.125ms pmtu
16436
1: 192.168.1.35 (192.168.1.35) 0.085ms reached
1: 192.168.1.35 (192.168.1.35) 0.090ms reached
Resume: pmtu 16436 hops 1 back 64
same command from laptop is:
1: UbuntuDell.local (192.168.1.36) 0.127ms pmtu 1500
1: no reply
2: no reply
3: no reply
4: no reply
5: no reply
6: no reply
7: no reply
8: no reply
9: no reply
10: no reply
11: no reply
12: no reply
13: no reply
14: no reply
15: no reply
16: no reply
17: no reply
18: no reply
19: no reply
20: no reply
21: no reply
22: no reply
23: no reply
24: no reply
25: no reply
26: no reply
27: no reply
28: no reply
29: no reply
30: no reply
31: no reply
Too many hops: pmtu 1500
Resume: pmtu 1500
10. sshd_config as follows:
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
i was told it's ok.
11. "sudo iptables -L" on desktop:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 250.Red-80-58-61.staticIP.rima-tde.net
anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- 250.Red-80-58-61.staticIP.rima-tde.net
anywhere
ACCEPT tcp -- 254.Red-80-58-61.staticIP.rima-tde.net
anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- 254.Red-80-58-61.staticIP.rima-tde.net
anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg
10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 192.168.1.255
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg
10/min burst 5
INBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info
prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg
10/sec burst 5
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info
prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 192.168.1.35
250.Red-80-58-61.staticIP.rima-tde.net tcp dpt:domain
ACCEPT udp -- 192.168.1.35
250.Red-80-58-61.staticIP.rima-tde.net udp dpt:domain
ACCEPT tcp -- 192.168.1.35
254.Red-80-58-61.staticIP.rima-tde.net tcp dpt:domain
ACCEPT udp -- 192.168.1.35
254.Red-80-58-61.staticIP.rima-tde.net udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info
prefix `Unknown Output'
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state
RELATED,ESTABLISHED
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix
`Inbound '
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix
`Inbound '
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp
echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp
echo-request
LOG all -- anywhere anywhere limit: avg
5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg
5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
however, on laptop the same command has output:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
it seems empty. is it normal?
ok, here're things i've done so far trying to get the connection but to no
avail. any further suggestion are welcomed whole haertly.
thanks again for all the help you've given to me. :-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20080912/0c4827db/attachment.html>
More information about the ubuntu-users
mailing list