<div dir="ltr">thanks all, guys. :-)<br><br>there're many posts and lots of information follows my initial post, i thought it might be better if i make a summary for what i have done so far and it might be easier for late-coming gurus to get the whole situation at a glance. so here it goes:<br>
<br>scenario: <br>i have a desktop (ip <a href="http://192.168.1.35">192.168.1.35</a>) and a lptop (ip <a href="http://192.168.1.36">192.168.1.36</a>) at home network. i installed openssh-server on both of them. i have the same user name on both PCs.<br>
<br>my problem is:<br>i can connect from desktop to laptop but not reversely. in another word, desktop to laptop, ok. laptop to desktop, no connection.<br><br>what i have done following all the suggestions you guys provide:<br>
<br>1. i run "ssh localhost" on both PCs and they work fine. <br><br>2. "sudo /etc/init.d/ssh restart" on desktop. output is:<br><br> * Starting OpenBSD Secure Shell server sshd [ OK ] <br>
<br>still no connection from laptop to desktop after that.<br><br>3. "netstat -an | grep 22 | grep LISTEN" on desktop:<br><br>ttcp6 0 0 :::22 :::* LISTEN <br>unix 2 [ ACC ] STREAM LISTENING 21762 /tmp/orbit-zhengguo/linc-1b96-0-61f847b3223d1<br>
unix 2 [ ACC ] STREAM LISTENING 22180 /tmp/orbit-zhengguo/linc-1bd8-0-14b173498db0<br>unix 2 [ ACC ] STREAM LISTENING 22232 /tmp/orbit-zhengguo/linc-1bd7-0-73832025dcb9<br>unix 2 [ ACC ] STREAM LISTENING 22304 /tmp/orbit-zhengguo/linc-1bb1-0-30dd8720b0dde<br>
unix 2 [ ACC ] STREAM LISTENING 22387 /tmp/orbit-zhengguo/linc-1be9-0-5e13ed25cd93a<br>unix 2 [ ACC ] STREAM LISTENING 22567 /tmp/orbit-zhengguo/linc-1bdb-0-61f847bfa746<br>unix 2 [ ACC ] STREAM LISTENING 22572 /tmp/orbit-zhengguo/linc-1be3-0-5e13ed28b1c2<br>
unix 2 [ ACC ] STREAM LISTENING 22577 /tmp/orbit-zhengguo/linc-1be1-0-c42a5caba2b<br>unix 2 [ ACC ] STREAM LISTENING 22610 /tmp/orbit-zhengguo/linc-1bf3-0-68dc5c4b61bd2<br>unix 2 [ ACC ] STREAM LISTENING 22753 /tmp/orbit-zhengguo/linc-1c03-0-6ad3398c3d2b<br>
unix 2 [ ACC ] STREAM LISTENING 22812 /tmp/orbit-zhengguo/linc-1bec-0-21f17fadac7d2<br>unix 2 [ ACC ] STREAM LISTENING 22950 /tmp/orbit-zhengguo/linc-1c0f-0-62f5b1002ed58<br>unix 2 [ ACC ] STREAM LISTENING 28927 /tmp/gedit-svn.zhengguo.4040482822<br>
<br>same command on laptop:<br><br>tcp6 0 0 :::22 :::* LISTEN <br>unix 2 [ ACC ] STREAM LISTENING 21735 /tmp/orbit-zhengguo/linc-177a-0-3b77f1c4f2228<br>
unix 2 [ ACC ] STREAM LISTENING 22252 /tmp/scim-bridge-0.3.0.socket-1000@localhost:0.0<br>unix 2 [ ACC ] STREAM LISTENING 22777 /tmp/orbit-zhengguo/linc-1801-0-354a40bdf22b0<br>unix 2 [ ACC ] STREAM LISTENING 22810 /tmp/orbit-zhengguo/linc-1803-0-28fd485411c25<br>
<br>4. To force to IPV4 on desktop:<br>$ sudo vi /etc/ssh/sshd_config<br><br>At the top, uncomment<br>ListenAddress <a href="http://0.0.0.0">0.0.0.0</a><br><br>And then<br>$ sudo /etc/init.d/ssh restart<br><br>to no avail. still no connection<br>
<br>5. "ps -A | grep iptables" on desktop gives nothing. Does that mean iptables is not running?<br><br>6. "ps -A | grep fire" on desktop gives only firefox. guess that means my firestarter is not running.<br>
<br>7. "ssh -vv <a href="http://192.168.1.35">192.168.1.35</a>" on laptop gives following output:<br><br>OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007<br>debug1: Reading configuration data /etc/ssh/ssh_config<br>
debug1: Applying options for *<br>debug2: ssh_connect: needpriv 0<br>debug1: Connecting to <a href="http://192.168.1.35">192.168.1.35</a> [<a href="http://192.168.1.35">192.168.1.35</a>] port 22.<br>debug1: connect to address <a href="http://192.168.1.35">192.168.1.35</a> port 22: Connection timed out<br>
ssh: connect to host <a href="http://192.168.1.35">192.168.1.35</a> port 22: Connection timed out<br><br>also tried "telnet", "ping" the same address on laptop, doesn't work.<br><br>since desktop to laptop works, so "ssh -vv <a href="http://192.168.1.36">192.168.1.36</a>" on desktop, as expected, get a lot of information and after i typing the password, connection established. so i didn't bother to post the output.<br>
<br>8. ifconfig of desktop:<br><br>eth0 Link encap:Ethernet HWaddr 00:11:d8:40:66:76 <br> inet addr:<a href="http://192.168.1.35">192.168.1.35</a> Bcast:<a href="http://192.168.1.255">192.168.1.255</a> Mask:<a href="http://255.255.255.0">255.255.255.0</a><br>
inet6 addr: fe80::211:d8ff:fe40:6676/64 Scope:Link<br> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br> RX packets:836 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:756 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:1000<br> RX bytes:722731 (705.7 KB) TX bytes:187887 (183.4 KB)<br> Interrupt:21 Base address:0xe400<br><br>lo Link encap:Local Loopback <br> inet addr:<a href="http://127.0.0.1">127.0.0.1</a> Mask:<a href="http://255.0.0.0">255.0.0.0</a><br>
inet6 addr: ::1/128 Scope:Host<br> UP LOOPBACK RUNNING MTU:16436 Metric:1<br> RX packets:2179 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:2179 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:0<br> RX bytes:131320 (128.2 KB) TX bytes:131320 (128.2 KB)<br><br>wlan0 Link encap:Ethernet HWaddr 00:30:f1:f8:c9:54 <br> UP BROADCAST MULTICAST MTU:1500 Metric:1<br>
RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0<br> collisions:0 txqueuelen:1000<br> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)<br>
<br>wmaster0 Link encap:UNSPEC HWaddr 00-30-F1-F8-C9-54-00-00-00-00-00-00-00-00-00-00 <br> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br> RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:1000<br> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)<br><br>ipconfig of laptop:<br><br> eth0 Link encap:Ethernet HWaddr 00:14:22:e0:43:68 <br> UP BROADCAST MULTICAST MTU:1500 Metric:1<br>
RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0<br> collisions:0 txqueuelen:1000<br> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)<br>
Interrupt:19<br><br>eth1 Link encap:Ethernet HWaddr 00:13:ce:da:05:f0 <br> inet addr:<a href="http://192.168.1.36">192.168.1.36</a> Bcast:<a href="http://192.168.1.255">192.168.1.255</a> Mask:<a href="http://255.255.255.0">255.255.255.0</a><br>
inet6 addr: fe80::213:ceff:feda:5f0/64 Scope:Link<br> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br> RX packets:59 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:93 errors:0 dropped:0 overruns:0 carrier:1<br>
collisions:0 txqueuelen:1000<br> RX bytes:5888059 (5.6 MB) TX bytes:2216268 (2.1 MB)<br> Interrupt:18 Base address:0xe000 Memory:dcffd000-dcffdfff<br><br>lo Link encap:Local Loopback <br>
inet addr:<a href="http://127.0.0.1">127.0.0.1</a> Mask:<a href="http://255.0.0.0">255.0.0.0</a><br> inet6 addr: ::1/128 Scope:Host<br> UP LOOPBACK RUNNING MTU:16436 Metric:1<br> RX packets:2733 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:2733 errors:0 dropped:0 overruns:0 carrier:0<br> collisions:0 txqueuelen:0<br> RX bytes:142640 (139.2 KB) TX bytes:142640 (139.2 KB)<br><br>9. "tracepath <a href="http://192.168.1.35">192.168.1.35</a>" from desktop is:<br>
<br> 1: <a href="http://192.168.1.35">192.168.1.35</a> (<a href="http://192.168.1.35">192.168.1.35</a>) 0.125ms pmtu 16436<br> 1: <a href="http://192.168.1.35">192.168.1.35</a> (<a href="http://192.168.1.35">192.168.1.35</a>) 0.085ms reached<br>
1: <a href="http://192.168.1.35">192.168.1.35</a> (<a href="http://192.168.1.35">192.168.1.35</a>) 0.090ms reached<br> Resume: pmtu 16436 hops 1 back 64<br><br>same command from laptop is:<br>
<br>1: UbuntuDell.local (<a href="http://192.168.1.36">192.168.1.36</a>) 0.127ms pmtu 1500<br> 1: no reply<br> 2: no reply<br> 3: no reply<br> 4: no reply<br> 5: no reply<br> 6: no reply<br> 7: no reply<br>
8: no reply<br> 9: no reply<br>10: no reply<br>11: no reply<br>12: no reply<br>13: no reply<br>14: no reply<br>15: no reply<br>16: no reply<br>17: no reply<br>18: no reply<br>19: no reply<br>20: no reply<br>
21: no reply<br>22: no reply<br>23: no reply<br>24: no reply<br>25: no reply<br>26: no reply<br>27: no reply<br>28: no reply<br>29: no reply<br>30: no reply<br>31: no reply<br> Too many hops: pmtu 1500<br> Resume: pmtu 1500<br>
<br>10. sshd_config as follows:<br><br># Package generated configuration file<br># See the sshd(8) manpage for details<br><br># What ports, IPs and protocols we listen for<br>Port 22<br># Use these options to restrict which interfaces/protocols sshd will bind to<br>
#ListenAddress ::<br>#ListenAddress <a href="http://0.0.0.0">0.0.0.0</a><br>Protocol 2<br># HostKeys for protocol version 2<br>HostKey /etc/ssh/ssh_host_rsa_key<br>HostKey /etc/ssh/ssh_host_dsa_key<br>#Privilege Separation is turned on for security<br>
UsePrivilegeSeparation yes<br><br># Lifetime and size of ephemeral version 1 server key<br>KeyRegenerationInterval 3600<br>ServerKeyBits 768<br><br># Logging<br>SyslogFacility AUTH<br>LogLevel INFO<br><br># Authentication:<br>
LoginGraceTime 120<br>PermitRootLogin yes<br>StrictModes yes<br><br>RSAAuthentication yes<br>PubkeyAuthentication yes<br>#AuthorizedKeysFile %h/.ssh/authorized_keys<br><br># Don't read the user's ~/.rhosts and ~/.shosts files<br>
IgnoreRhosts yes<br># For this to work you will also need host keys in /etc/ssh_known_hosts<br>RhostsRSAAuthentication no<br># similar for protocol version 2<br>HostbasedAuthentication no<br># Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication<br>
#IgnoreUserKnownHosts yes<br><br># To enable empty passwords, change to yes (NOT RECOMMENDED)<br>PermitEmptyPasswords no<br><br># Change to yes to enable challenge-response passwords (beware issues with<br># some PAM modules and threads)<br>
ChallengeResponseAuthentication no<br><br># Change to no to disable tunnelled clear text passwords<br>#PasswordAuthentication yes<br><br># Kerberos options<br>#KerberosAuthentication no<br>#KerberosGetAFSToken no<br>#KerberosOrLocalPasswd yes<br>
#KerberosTicketCleanup yes<br><br># GSSAPI options<br>#GSSAPIAuthentication no<br>#GSSAPICleanupCredentials yes<br><br>X11Forwarding yes<br>X11DisplayOffset 10<br>PrintMotd no<br>PrintLastLog yes<br>TCPKeepAlive yes<br>#UseLogin no<br>
<br>#MaxStartups 10:30:60<br>#Banner /etc/<a href="http://issue.net">issue.net</a><br><br># Allow client to pass locale environment variables<br>AcceptEnv LANG LC_*<br><br>Subsystem sftp /usr/lib/openssh/sftp-server<br><br>
UsePAM yes<br><br>i was told it's ok.<br><br>11. "sudo iptables -L" on desktop:<br><br>Chain INPUT (policy DROP)<br>target prot opt source destination <br>ACCEPT tcp -- <a href="http://250.Red-80-58-61.staticIP.rima-tde.net">250.Red-80-58-61.staticIP.rima-tde.net</a> anywhere tcp flags:!FIN,SYN,RST,ACK/SYN <br>
ACCEPT udp -- <a href="http://250.Red-80-58-61.staticIP.rima-tde.net">250.Red-80-58-61.staticIP.rima-tde.net</a> anywhere <br>ACCEPT tcp -- <a href="http://254.Red-80-58-61.staticIP.rima-tde.net">254.Red-80-58-61.staticIP.rima-tde.net</a> anywhere tcp flags:!FIN,SYN,RST,ACK/SYN <br>
ACCEPT udp -- <a href="http://254.Red-80-58-61.staticIP.rima-tde.net">254.Red-80-58-61.staticIP.rima-tde.net</a> anywhere <br>ACCEPT all -- anywhere anywhere <br>ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5 <br>
DROP all -- anywhere <a href="http://255.255.255.255">255.255.255.255</a> <br>DROP all -- anywhere <a href="http://192.168.1.255">192.168.1.255</a> <br>DROP all -- <a href="http://BASE-ADDRESS.MCAST.NET/8">BASE-ADDRESS.MCAST.NET/8</a> anywhere <br>
DROP all -- anywhere <a href="http://BASE-ADDRESS.MCAST.NET/8">BASE-ADDRESS.MCAST.NET/8</a> <br>DROP all -- <a href="http://255.255.255.255">255.255.255.255</a> anywhere <br>DROP all -- anywhere <a href="http://0.0.0.0">0.0.0.0</a> <br>
DROP all -- anywhere anywhere state INVALID <br>LSI all -f anywhere anywhere limit: avg 10/min burst 5 <br>INBOUND all -- anywhere anywhere <br>
LOG_FILTER all -- anywhere anywhere <br>LOG all -- anywhere anywhere LOG level info prefix `Unknown Input' <br><br>Chain FORWARD (policy DROP)<br>target prot opt source destination <br>
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5 <br>LOG_FILTER all -- anywhere anywhere <br>LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward' <br>
<br>Chain OUTPUT (policy DROP)<br>target prot opt source destination <br>ACCEPT tcp -- <a href="http://192.168.1.35">192.168.1.35</a> <a href="http://250.Red-80-58-61.staticIP.rima-tde.net">250.Red-80-58-61.staticIP.rima-tde.net</a> tcp dpt:domain <br>
ACCEPT udp -- <a href="http://192.168.1.35">192.168.1.35</a> <a href="http://250.Red-80-58-61.staticIP.rima-tde.net">250.Red-80-58-61.staticIP.rima-tde.net</a> udp dpt:domain <br>ACCEPT tcp -- <a href="http://192.168.1.35">192.168.1.35</a> <a href="http://254.Red-80-58-61.staticIP.rima-tde.net">254.Red-80-58-61.staticIP.rima-tde.net</a> tcp dpt:domain <br>
ACCEPT udp -- <a href="http://192.168.1.35">192.168.1.35</a> <a href="http://254.Red-80-58-61.staticIP.rima-tde.net">254.Red-80-58-61.staticIP.rima-tde.net</a> udp dpt:domain <br>ACCEPT all -- anywhere anywhere <br>
DROP all -- <a href="http://BASE-ADDRESS.MCAST.NET/8">BASE-ADDRESS.MCAST.NET/8</a> anywhere <br>DROP all -- anywhere <a href="http://BASE-ADDRESS.MCAST.NET/8">BASE-ADDRESS.MCAST.NET/8</a> <br>
DROP all -- <a href="http://255.255.255.255">255.255.255.255</a> anywhere <br>DROP all -- anywhere <a href="http://0.0.0.0">0.0.0.0</a> <br>DROP all -- anywhere anywhere state INVALID <br>
OUTBOUND all -- anywhere anywhere <br>LOG_FILTER all -- anywhere anywhere <br>LOG all -- anywhere anywhere LOG level info prefix `Unknown Output' <br>
<br>Chain INBOUND (1 references)<br>target prot opt source destination <br>ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED <br>ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED <br>
LSI all -- anywhere anywhere <br><br>Chain LOG_FILTER (5 references)<br>target prot opt source destination <br><br>Chain LSI (2 references)<br>target prot opt source destination <br>
LOG_FILTER all -- anywhere anywhere <br>LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' <br>
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN <br>LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' <br>
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST <br>LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' <br>
DROP icmp -- anywhere anywhere icmp echo-request <br>LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound ' <br>DROP all -- anywhere anywhere <br>
<br>Chain LSO (0 references)<br>target prot opt source destination <br>LOG_FILTER all -- anywhere anywhere <br>LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound ' <br>
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable <br><br>Chain OUTBOUND (1 references)<br>target prot opt source destination <br>ACCEPT icmp -- anywhere anywhere <br>
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED <br>ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED <br>ACCEPT all -- anywhere anywhere <br>
<br>however, on laptop the same command has output:<br><br>Chain INPUT (policy ACCEPT)<br>target prot opt source destination <br><br>Chain FORWARD (policy ACCEPT)<br>target prot opt source destination <br>
<br>Chain OUTPUT (policy ACCEPT)<br>target prot opt source destination <br><br><br>it seems empty. is it normal?<br><br><br>ok, here're things i've done so far trying to get the connection but to no avail. any further suggestion are welcomed whole haertly.<br>
<br>thanks again for all the help you've given to me. :-)<br><br><br></div>