can't ssh from host to remote

Michael Havens bmike1 at gmail.com
Thu Jul 17 13:47:11 MST 2014 

on the server it says:

tcp        0      0 0.0.0.0:22              0.0.0.0:*
LISTEN      1308/sshd
tcp        0      0 127.0.0.1:22            127.0.0.1:56545
ESTABLISHED 19569/sshd: bmike1
tcp        0      0 127.0.0.1:56545         127.0.0.1:22
ESTABLISHED 19568/ssh
tcp6       0      0 :::22                   :::*
LISTEN      1308/sshd

while the client says:

tcp        0      0 0.0.0.0:22              0.0.0.0:*
LISTEN      2546/sshd
tcp6       0      0 :::22                   :::*
LISTEN      2546/sshd

so it looks like both are listening.

:-)~MIKE~(-:


On Thu, Jul 17, 2014 at 1:04 PM, Michael Butash <michael at butash.net> wrote:

>  sudo netstat -anp | grep tcp | grep LISTEN
>
> -a == all
> -n == do not resolve dns (slows it down significantly)
> -p == show the app opening the socket (requires sudo to enumerate)
>
> grep tcp == look for tcp-based sockets (most apps won't use udp)
> grep LISTEN == look at listening sockets, vs established that indicated
> something *is* connected
>
> This is a good one to remember, this shows all your "listening" sockets.
> Your ssh socket is outbound to another host, but doesn't look like sshd is
> listening on port 22, which won't let you in.
>
> TCP/UDP sockets are your door into the system.
>
> mb at host ~ $ sudo netstat -anp | grep tcp | grep ssh
> [sudo] password for mb:
> tcp        0      0 0.0.0.0:22              0.0.0.0:*
> LISTEN      19847/sshd
> tcp6       0      0 :::22                   :::*
> LISTEN      19847/sshd
>
> First is ipv4-based socket, second is ipv6-based.  You should see similar,
> with 0.0.0.0 meaning it's listening on _all_ interfaces.
>
> -mb
>
>
>
> On 07/17/2014 12:28 PM, Michael Havens wrote:
>
>     okay,
>  netsstat on the server prints out a lot of data.
>  The first section says:
> Active Internet connections (w/o servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address
> State
> tcp        0      0 192.168.0.4:38521       lax17s01-in-f21.1:https
> ESTABLISHED
> tcp        0      0 192.168.0.4:36523       lax17s01-in-f4.1e:https
> ESTABLISHED
> tcp        0      0 localhost:45886         localhost:53919
> ESTABLISHED
> tcp        0      0 localhost:ssh           localhost:56545
> ESTABLISHED
> tcp        0      0 localhost:44799         localhost:53919
> ESTABLISHED
> tcp        0      0 localhost:47157         localhost:53919
> ESTABLISHED
> tcp        0      0 localhost:53919         localhost:44799
> ESTABLISHED
> tcp        0      0 localhost:53919         localhost:47157
> ESTABLISHED
> tcp        0      0 localhost:56545         localhost:ssh
> ESTABLISHED
> tcp        0      0 localhost:53919         localhost:45886
> ESTABLISHED
> tcp        0      0 192.168.0.4:37884       lax17s01-in-f0.1e:https
> ESTABLISHED
> tcp        0      0 192.168.0.4:45304       lax17s01-in-f5.1e:https
> ESTABLISHED
> tcp        0      0 192.168.0.4:36525       lax17s01-in-f4.1e:https
> ESTABLISHED
> tcp6       1      0 ip6-localhost:53614     ip6-localhost:ipp
> CLOSE_WAIT
>
>  while the second section says:
> Active UNIX domain sockets (w/o servers)
> Proto RefCnt Flags       Type       State         I-Node   Path
> unix  18     [ ]         DGRAM                    11578    /dev/log
> unix  2      [ ]         DGRAM                    10914
> /var/run/wpa_supplicant/wlan0
> unix  3      [ ]         STREAM     CONNECTED     343530
> unix  3      [ ]         STREAM     CONNECTED     198728
> unix  3      [ ]         STREAM     CONNECTED     198167
> unix  3      [ ]         STREAM     CONNECTED     198683
>  ---edit out a lot of stuff--
>
>  while on the remote system netstat prints 7 lines that is basically the
> second section (above).
>
>  I'm not sure how to run sshin debug mode but the man page implies to run
> it with the verbose flag:
> :~$ ssh -v mike at 192.168.1.101
> OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: Connecting to 192.168.1.101 [192.168.1.101] port 22.
> debug1: connect to address 192.168.1.101 port 22: Connection timed out
> ssh: connect to host 192.168.1.101 port 22: Connection timed out
> bmike1 at CQ57-1:~$ ssh -vv mike at 192.168.1.101
> OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to 192.168.1.101 [192.168.1.101] port 22.
> debug1: connect to address 192.168.1.101 port 22: Connection timed out
> ssh: connect to host 192.168.1.101 port 22: Connection timed out
>
>
> :~$ ps -aef | grep sshd
> root      1308     1  0 Jul15 ?        00:00:00 /usr/sbin/sshd -D
> bmike1   19566  4242  0 11:53 pts/2    00:00:00 grep --colour=auto sshd
>
>
>  it doesn't seem ssh failed at any point.
>
> :-)~MIKE~(-:
>
>
> On Thu, Jul 17, 2014 at 12:33 AM, James Mcphee <jmcphe at gmail.com> wrote:
>
>> Verify openssh is enabled on the server with netstat.  Verify you can
>> connect to port 22 from client to server.  Run ssh in debug mode to see
>> messages.  When you hit a point that it fails, then you have a better idea
>> of what's wrong.
>>
>>
>>  On Wed, Jul 16, 2014 at 9:54 PM, Michael Havens <bmike1 at gmail.com>
>> wrote:
>>
>>>   okay, so I bought a used computer to do Linux from scratch on. Well,
>>> I'm going to ssh from my primary computer to the new computer but got a
>>> 'Connection timed out' error. After googling for a bit I discovered ufw was
>>> to blame.
>>>
>>> after I disabled the firewall I could ssh from 192.168.1.101 <parasite>
>>> to 192.168.0.4 <host>
>>>
>>> the error I got going the other way was the connection timed out error:
>>>
>>> ssh mike at 192.168.1.101
>>> ssh: connect to host 192.168.1.101 port 22: Connection timed out
>>>
>>>  After googling some more I thought perhaps openssh-server wasn't
>>> installed... but it is. So please.... what is the problem? I verifed
>>> openssh-client is installed but I don't know what it could be. Could you
>>> help me out?
>>>  :-)~MIKE~(-:
>>>
>>>  ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>>  --
>> James McPhee
>> jmcphe at gmail.com
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20140717/bebcb696/attachment.html>

More information about the PLUG-discuss mailing list