You are not logged in.

Pages: 1

#1 2024-01-16 22:01:01

chuckd333
Member
Registered: 2023-03-09
Posts: 23

[SOLVED] Can't SSH from laptop to server on LAN but can SSH to EC2

I run Arch on my laptop and used to be able to SSH to my Dell R630 server when server was wired to a Netgear Orbi satellite in the kitchen. I moved the server to the basement and connected it to the main Orbi router (which is connected to the FiOS ONT) via ethernet to port 1 on the router. Now I can't access the server via SSH from my laptop. Also I can't access the router on 192.168.1.1 from my laptop. But I can get to 192.168.1.1 from server.

It seems like there is some change on my laptop preventing me from connecting to my LAN but I can SSH to my EC2 instance and ping 1.1.1.1

This all came about because I tried to create a VM from virt-manager and SSH to the server for the connection which failed.

Can someone help troubleshoot? Here are some commands I've run so far: (All commands from my laptop)

$ uname -r
6.7.0-arch3-1

192.168.1.13 is server ip and using the stock sshd_config with password login and port 22.

$ ssh user@192.168.1.13
ssh: connect to host 192.168.1.13 port 22: No route to host
$ ss -ta
State                      Recv-Q                     Send-Q                                         Local Address:Port                                              Peer Address:Port                      
LISTEN                     0                          4096                                                 0.0.0.0:llmnr                                                  0.0.0.0:*                         
LISTEN                     0                          4096                                               127.0.0.1:ipp                                                    0.0.0.0:*                         
LISTEN                     0                          4096                                           127.0.0.53%lo:domain                                                 0.0.0.0:*                         
LISTEN                     0                          32                                              192.168.1.12:domain                                                 0.0.0.0:*                         
LISTEN                     0                          4096                                              127.0.0.54:domain                                                 0.0.0.0:*                         
LISTEN                     0                          128                                                  0.0.0.0:ssh                                                    0.0.0.0:*                         
LISTEN                     0                          32                                             192.168.100.1:domain                                                 0.0.0.0:*                         
ESTAB                      0                          0                                               192.168.1.18:56720                                           172.253.62.188:https                     
LISTEN                     0                          4096                                                    [::]:llmnr                                                     [::]:*                         
LISTEN                     0                          4096                                                   [::1]:ipp                                                       [::]:*                         
LISTEN                     0                          128                                                     [::]:ssh                                                       [::]:*
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: wlp0s20f3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether c8:34:8e:34:75:fe brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.18/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp0s20f3
       valid_lft 85761sec preferred_lft 85761sec
    inet6 fe80::38ea:d8e9:7911:f023/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:a7:f3:2c brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.1/24 brd 192.168.100.255 scope global virbr1
       valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:0d:fa:19 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.12/24 brd 192.168.1.255 scope global virbr0
       valid_lft forever preferred_lft forever

Below command on my laptop used to identify all devices on the LAN including the Dell server with Intel NIC. When I run nmap on server it finds all devices but maybe not my laptop - not sure about that.

$ sudo nmap -sC 192.168.1.18/24
Starting Nmap 7.94 ( https://nmap.org ) at 2024-01-16 16:39 EST
Nmap scan report for arch (192.168.1.12)
Host is up (0.0000020s latency).
Not shown: 998 closed tcp ports (reset)
PORT   STATE SERVICE
22/tcp open  ssh
| ssh-hostkey: 
|   256 2f:cd:f6:08:36:a9:d9:1a:4d:99:8d:75:9e:8c:5f:80 (ECDSA)
|_  256 02:e8:73:1e:52:02:21:1e:8b:37:ab:db:f7:e6:b4:66 (ED25519)
53/tcp open  domain
| dns-nsid: 
|_  bind.version: dnsmasq-2.89

Nmap scan report for arch (192.168.1.18)
Host is up (0.0000030s latency).
Not shown: 999 closed tcp ports (reset)
PORT   STATE SERVICE
22/tcp open  ssh
| ssh-hostkey: 
|   256 2f:cd:f6:08:36:a9:d9:1a:4d:99:8d:75:9e:8c:5f:80 (ECDSA)
|_  256 02:e8:73:1e:52:02:21:1e:8b:37:ab:db:f7:e6:b4:66 (ED25519)

Post-scan script results:
| ssh-hostkey: Possible duplicate hosts
| Key 256 2f:cd:f6:08:36:a9:d9:1a:4d:99:8d:75:9e:8c:5f:80 (ECDSA) used by:
|   192.168.1.12
|   192.168.1.18
| Key 256 02:e8:73:1e:52:02:21:1e:8b:37:ab:db:f7:e6:b4:66 (ED25519) used by:
|   192.168.1.12
|_  192.168.1.18
Nmap done: 256 IP addresses (2 hosts up) scanned in 32.82 seconds
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
$  systemctl status sshd
● sshd.service - OpenSSH Daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: disabled)
     Active: active (running) since Tue 2024-01-16 11:28:30 EST; 5h 27min ago
   Main PID: 4287 (sshd)
      Tasks: 1 (limit: 18669)
     Memory: 1.2M (peak: 5.3M)
        CPU: 963ms
     CGroup: /system.slice/sshd.service
             └─4287 "sshd: /usr/bin/sshd -D [listener] 0 of 10-100 startups"

Jan 16 16:40:03 arch sshd[16245]: banner exchange: Connection from 192.168.1.18 port 51384: could not read protocol version
Jan 16 16:40:03 arch sshd[16244]: Connection closed by 192.168.1.18 port 51372
Jan 16 16:40:03 arch sshd[16246]: error: Protocol major versions differ: 2 vs. 1
Jan 16 16:40:03 arch sshd[16246]: banner exchange: Connection from 192.168.1.18 port 51386: could not read protocol version
Jan 16 16:40:03 arch sshd[16247]: Unable to negotiate with 192.168.1.18 port 51390: no matching host key type found. Their offer: ssh-dss [preauth]
Jan 16 16:40:03 arch sshd[16249]: Unable to negotiate with 192.168.1.18 port 51396: no matching host key type found. Their offer: ssh-rsa [preauth]
Jan 16 16:40:03 arch sshd[16251]: Connection closed by 192.168.1.18 port 51406 [preauth]
Jan 16 16:40:03 arch sshd[16253]: Unable to negotiate with 192.168.1.18 port 51408: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]
Jan 16 16:40:03 arch sshd[16255]: Unable to negotiate with 192.168.1.18 port 51418: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]
Jan 16 16:40:03 arch sshd[16257]: Connection closed by 192.168.1.18 port 51428 [preauth]

Last edited by chuckd333 (2024-01-16 22:49:39)

Offline

#2 2024-01-16 22:21:43

seth
Member
Registered: 2012-09-03
Posts: 51,608

Re: [SOLVED] Can't SSH from laptop to server on LAN but can SSH to EC2

virbr0 has na IP on the same subnet, but no carrier (ie. no traffic is getting through there)

ip r get 192.168.1.1
ip r get 192.168.1.13
ip r

Edit:

This all came about because I tried to create a VM from virt-manager and SSH to the server for the connection which failed.

"How"?
https://wiki.archlinux.org/title/Virt-m … Networking

Last edited by seth (2024-01-16 22:25:22)

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#3 2024-01-16 22:30:04

chuckd333
Member
Registered: 2023-03-09
Posts: 23

Re: [SOLVED] Can't SSH from laptop to server on LAN but can SSH to EC2

Thanks Seth. I'm not sure how I managed to do that. 

$ ip r get 192.168.1.1
192.168.1.1 dev virbr0 src 192.168.1.12 uid 1000 
    cache 

$  ip r get 192.168.1.13
192.168.1.13 dev virbr0 src 192.168.1.12 uid 1000 
    cache 

$ ip r
default via 192.168.1.1 dev wlp0s20f3 proto dhcp src 192.168.1.18 metric 600 
192.168.1.0/24 dev virbr0 proto kernel scope link src 192.168.1.12 linkdown 
192.168.1.0/24 dev wlp0s20f3 proto kernel scope link src 192.168.1.18 metric 600 
192.168.100.0/24 dev virbr1 proto kernel scope link src 192.168.100.1 linkdown

r.e. virt-manager - I used the GUI and "Add Connection" >> "QEMU/KVM" >> Check SSH box >> Added user and 192.168.1.13.....connection would hang and say "connecting" and used Bridge

I just did this:

$  systemctl status libvirtd
● libvirtd.service - libvirt legacy monolithic daemon
     Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; preset: disabled)
     Active: active (running) since Tue 2024-01-16 17:32:04 EST; 3s ago
TriggeredBy: ● libvirtd-ro.socket
             ● libvirtd.socket
             ● libvirtd-admin.socket
       Docs: man:libvirtd(8)
             https://libvirt.org/
   Main PID: 18649 (libvirtd)
      Tasks: 24 (limit: 32768)
     Memory: 68.0M (peak: 69.8M)
        CPU: 388ms
     CGroup: /system.slice/libvirtd.service
             ├─  562 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/network.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
             ├─  563 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/network.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
             ├─  590 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
             ├─  591 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
             └─18649 /usr/bin/libvirtd --timeout 120

Jan 16 17:32:04 arch systemd[1]: Starting libvirt legacy monolithic daemon...
Jan 16 17:32:04 arch systemd[1]: Started libvirt legacy monolithic daemon.
Jan 16 17:32:04 arch dnsmasq[590]: read /etc/hosts - 2 names
Jan 16 17:32:04 arch dnsmasq[562]: read /etc/hosts - 4 names
Jan 16 17:32:04 arch dnsmasq[590]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 names
Jan 16 17:32:04 arch dnsmasq[562]: read /var/lib/libvirt/dnsmasq/network.addnhosts - 0 names
Jan 16 17:32:04 arch dnsmasq-dhcp[590]: read /var/lib/libvirt/dnsmasq/default.hostsfile
Jan 16 17:32:04 arch dnsmasq-dhcp[562]: read /var/lib/libvirt/dnsmasq/network.hostsfile

$  ssh -vvvv chris@192.168.1.13
OpenSSH_9.6p1, OpenSSL 3.2.0 23 Nov 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 2: include /etc/ssh/ssh_config.d/*.conf matched no files
debug2: resolve_canonicalize: hostname 192.168.1.13 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/chris/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/chris/.ssh/known_hosts2'
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.1.13 [192.168.1.13] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: connect to address 192.168.1.13 port 22: No route to host
ssh: connect to host 192.168.1.13 port 22: No route to host

Last edited by chuckd333 (2024-01-16 22:36:55)

Offline

#4 2024-01-16 22:35:46

seth
Member
Registered: 2012-09-03
Posts: 51,608

Re: [SOLVED] Can't SSH from laptop to server on LAN but can SSH to EC2

The traffic is routed over the virbr0 into nowhere.
Deleting the route ("ip r del 192.168.1.0/24 dev virbr0 proto kernel scope link src 192.168.1.12") is gonna do (or removing the entire bridge) for the regular connection.
Depending on how the bridge was added, it'll disappear or re-appear with a reboot also.

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#5 2024-01-16 22:48:21

chuckd333
Member
Registered: 2023-03-09
Posts: 23

Re: [SOLVED] Can't SSH from laptop to server on LAN but can SSH to EC2

So in virt-manager I had started 

virbr0

and 

virbr1

on boot. I thought that was on booting the VMs.

I turned off the "on boot" from within virt-manager GUI, rebooted and I can now SSH to my server on the LAN and my router 192.168.1.1.

Thanks Seth.

Offline

Pages: 1

Board footer

Powered by FluxBB