1) Check your Local Router port forwarding/triggering.

2) Verify that port 22 is open:

http://www.auditmypc.com/firewall-test.asp

3) Verify that /etc/ssh/sshd_conf has:

a) Protocol 2 
b) Root access disabled
PermitRootLogin                 no

c) Listen on 0.0.0.0
d) Keys setup.

http://www.linuxsecure.de/index.php?action=33

4) If you are in fact opening up SSH to the internet, you should optimally setup:

a) IPTABLES SSH protection rule:  (NOTE if you have Suse or RHEL your iptables are probably setup differently).

# /sbin/iptables-save >/root/iptables.last

# vi /root/iptables.last


Verify you have all the basics...and add at bottom:
-A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
-A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
then enter 
# /sbin/iptables-restore </root/iptables.last

You can also just drop this into the command line:
# sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
# sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
Be sure to save this for persistence (next restart survival):

# /etc/init.d/iptables save

http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/


b) Sshutout or SSHIT  wrapper for dictionary and brute force attacks:

http://www.techfinesse.com/sshutout/sshutout.html


5) Still not working?  

a) Check SELINUX

b) Check the logs on the server.

c) Run a sniffer and watch while you try.

# tcpdump >file
# grep $login file

Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452

> From: phrkonaleash@gmail.com
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: Re: ssh problems
> Date: Mon, 17 Nov 2008 19:56:00 -0700
> 
> On Mon November 17 2008 07:44:11 pm Mike Hoy wrote:
> > Hi,
> >
> > I just set up ssh server on this computer and was able to connect like
> > this:
> >
> > ssh localhost
> >
> > and from my laptop connected to the same router like this
> >
> > ssh username@192.168.1.100
> >
> > Now I take it that I'm going to need my real ip address so I tried
> > that and I got
> >
> > ssh: connect to host IP_ADDRESS port 22: Connection refused
> >
> > I thought it may have something to do with my router so I forwarded
> > port 22 to this machine and same error. Any thoughts as to what's
> > going on? I need to be able to connect to this machine from work
> > tomorrow.
> 
> Hi MIke,
> 
> There are two problems most likely, imo... DHCP is giving you a new ip address 
> (either on the router or your ISP) or that our ISP simply does not allow you 
> to connect to port 22... This is common on port 80 but i am not so sure on 
> 22.
> 
> try doing a traceroute on it, and when the trace dies, do an nslookup on that 
> site and see if that's one of your ISP's then call them up and bitch em out.
> 
> if you think it may be a dhcp problem try a dynamic dns service like 
> dyndns.org (I use it quite wonderfully, with a package called ddclient in 
> debian apt) If you don't have a domain name on your system this will provide 
> you with a free *.dyndns.org domain name, which again, quite nice
> 
> If these don't work for you, someone else will help :)
> 
> ~Ryan
> 
> 
> --
> Thanks and best regards,
> Ryan Rix
> TamsPalm - The PalmOS Blog
> 
> I begin to wonder if randomized sigs really accomplish anything.
> 
> 
> 

_________________________________________________________________
Stay up to date on your PC, the Web, and your mobile phone with Windows Live
http://clk.atdmt.com/MRT/go/119462413/direct/01/