SSH Connection Attempt Hangs

David Curtis dcurtis at uniserve.com
Mon Jul 20 14:38:00 UTC 2009


On Mon, 20 Jul 2009 04:57:41 -0500
Jay Ridgley <jridgley2 at austin.rr.com> wrote:

> Good Morning Y'all,
> 
> I just finished converting my firewall(two NICs) to Ubuntu 8.04 LTS, 
> with the latest updates. I am pleased with the results except ---
> 
> I can do SSH from the firewall(mateo) to any of my local systems, 
> however, when I attempt to go from a local system(polar) to my firewall 
> it hangs and NEVER asks for the users password. Ideas?
> 
> jay at mateo ~$ ssh polar <--- works
> jay at polar ~$ ssh mateo <--- HANGS
> 
> I am also using firestarter... prior to installing firestarter if I 
> tried to get from polar to mateo the connection was refused. Why the 
> change?

When you don't have a running sshd on port 22 but packets are /not/ being dropped you will get a 'connection refused' error. Firestarter, when run, most likely tells iptables/netfilter to drop packets on port 22 , hence no response, though the ssh-client should time out eventually on polar.  I believe Sshd is not installed by default, only the client, but it's been a while since I was using 8.04. A 'sudo apt-get install ssh' should bring in sshd. 

I only fooled with firestarter briefly, it's ok I guess, for a port filter. But you might want more detailed control over iptables. There's much better scripts for gateway/router setups. Some might suggest shorewall, I suggest arno-iptables-firewall. And I suggest getting the newest versions you can find.

> 
> NOTE: Prior to converting the firewall system to Ubuntu 8.04 LTS from 
> RedHat 7.2 I had no problem with SSH. But, I was not pleased with the 
> overall setup and RH 7.2 is a bit long in the tooth!

If RH 7.2 recieved the same security errata as it's commercial equivalent (RHEL 2.1) it was supported until May 31 2009 (7 year cycle), that ain't too bad. 
-- 
David Curtis <dcurtis at uniserve.com>




More information about the ubuntu-users mailing list