You are not logged in.
- Topics: Active | Unanswered
#1 2010-06-07 19:05:12
- vendion
- Member
- From: Tennessee, USA
- Registered: 2010-03-10
- Posts: 204
- Website
[Solved] Problems configuring SSH
Hello all, I have installed and configured openSSH according to the wiki, http://wiki.archlinux.org/index.php/SSH, and I have the port open in my firewall but I am unable to make a connection to or from my Arch box. The problem has to be with this box and not a network issue because my other boxes, one Mac and a system running openSUSE 11.2, are able to talk to each other with no problems.
When I try to ssh out of this box I get the following error:
vendion ~ $ ssh vendion@192.168.1.112
ssh: connect to host 192.168.1.112 port 22: Connection refused
and when trying to ssh into this box I get
ssh_exchange_identification: Connection closed by remote host
To insure that it is not my firewall here is my rule list for Iptables:
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- 127.0.0.0/8 anywhere
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-request state NEW
ACCEPT all -- anywhere anywhere
OPEN-UDP udp -- anywhere anywhere state NEW
OPEN-TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN state NEW
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain OPEN-TCP (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Chain OPEN-UDP (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domainAnyone seen this before or know what is going on?
EDIT: Please note I will be more than happy to upload config files to pastebin if needed
Last edited by vendion (2010-08-10 23:30:58)
Offline
#2 2010-06-07 19:36:06
- ber_t
- Member
- From: Berlin, Germany
- Registered: 2010-03-10
- Posts: 214
- Website
Re: [Solved] Problems configuring SSH
Can you pastebin the output of ssh -vvv ...?
Have you tried "UsePAM yes" in /etc/ssh/sshd_config?
Last edited by ber_t (2010-06-07 19:37:14)
Offline
#3 2010-06-07 20:00:45
- Zeist
- Arch Linux f@h Team Member
- Registered: 2008-07-04
- Posts: 532
Re: [Solved] Problems configuring SSH
You might have to add sshd: ALL to /etc/hosts.allow
I haven't lost my mind; I have a tape back-up somewhere.
Twitter
Offline
#4 2010-06-07 21:20:51
- Sjoden
- Member
- From: WA
- Registered: 2007-08-16
- Posts: 380
- Website
Re: [Solved] Problems configuring SSH
Hello all, I have installed and configured openSSH according to the wiki, http://wiki.archlinux.org/index.php/SSH, and I have the port open in my firewall but I am unable to make a connection to or from my Arch box. The problem has to be with this box and not a network issue because my other boxes, one Mac and a system running openSUSE 11.2, are able to talk to each other with no problems.
When I try to ssh out of this box I get the following error:
vendion ~ $ ssh vendion@192.168.1.112
ssh: connect to host 192.168.1.112 port 22: Connection refusedand when trying to ssh into this box I get
ssh_exchange_identification: Connection closed by remote host
To insure that it is not my firewall here is my rule list for Iptables:
Chain INPUT (policy DROP) target prot opt source destination DROP all -- 127.0.0.0/8 anywhere [b]ACCEPT all -- anywhere anywhere [/b] DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp echo-request state NEW [b]ACCEPT all -- anywhere anywhere [/b] OPEN-UDP udp -- anywhere anywhere state NEW OPEN-TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN state NEW REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain OPEN-TCP (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpt:ssh Chain OPEN-UDP (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domainAnyone seen this before or know what is going on?
EDIT: Please note I will be more than happy to upload config files to pastebin if needed
Can you post the output of
iptables -L -vYou probably want to remove the two lines in bold from iptables, unless there are more options that aren't showing because of normal mode hiding them.
Last edited by Sjoden (2010-06-07 21:23:33)
Offline
#5 2010-06-09 00:18:51
- vendion
- Member
- From: Tennessee, USA
- Registered: 2010-03-10
- Posts: 204
- Website
Re: [Solved] Problems configuring SSH
You might have to add sshd: ALL to /etc/hosts.allow
I already have sshd allowed for my local network in /etc/hosts.allow, should have posted that in my OP.
Offline
#6 2010-06-09 00:45:11
- vendion
- Member
- From: Tennessee, USA
- Registered: 2010-03-10
- Posts: 204
- Website
Re: [Solved] Problems configuring SSH
Can you pastebin the output of ssh -vvv ...?
Have you tried "UsePAM yes" in /etc/ssh/sshd_config?
Yes I have UsePAM enabled on my sshd_config
I assume that you want the debugging output from sshing into my Arch box correct? If so then here it is, http://pastebin.ca/1879448, looks to me like ssh doesn't like my RSA1 key on my Mac but that never has messed with anything before. As for sshing out from the Arch box this is all I get http://pastebin.ca/1879451. I hope this output helps figure out what I more than likely have done wrong, yes I know the problem exists between the keyboard and the chair 
.
Offline
#7 2010-06-09 00:50:06
- vendion
- Member
- From: Tennessee, USA
- Registered: 2010-03-10
- Posts: 204
- Website
Re: [Solved] Problems configuring SSH
Can you post the output of
iptables -L -vYou probably want to remove the two lines in bold from iptables, unless there are more options that aren't showing because of normal mode hiding them.
No problem,
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- eth0 any 127.0.0.0/8 anywhere
80 4000 ACCEPT all -- lo any anywhere anywhere
35 1418 DROP all -- any any anywhere anywhere state INVALID
808K 1118M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request state NEW
36 3912 ACCEPT all -- eth0 any anywhere anywhere
0 0 OPEN-UDP udp -- any any anywhere anywhere state NEW
0 0 OPEN-TCP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN state NEW
0 0 REJECT udp -- any any anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-proto-unreachable
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 449K packets, 25M bytes)
pkts bytes target prot opt in out source destination
Chain OPEN-TCP (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:www
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
Chain OPEN-UDP (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:domainI know my rules may be a little lacking, but I am a n00b when it comes to iptables and have not taken the time to tweak it, I just followed the guide here, http://wiki.archlinux.org/index.php/Sim … l_firewall, just to give me something temporary, until I know exactly what I need to have open and for what reason.
Offline
#8 2010-06-10 21:27:59
- ber_t
- Member
- From: Berlin, Germany
- Registered: 2010-03-10
- Posts: 214
- Website
Re: [Solved] Problems configuring SSH
What about
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A OUTPUT -p tcp --sport ssh -j ACCEPT?
Offline
#9 2010-06-11 16:18:35
- vendion
- Member
- From: Tennessee, USA
- Registered: 2010-03-10
- Posts: 204
- Website
Re: [Solved] Problems configuring SSH
Well that didn't seem to do the trick but to completely rule out the firewall I temporally stopped iptables and tried to connect out and got this:
vendion ~ $ ssh vendion@192.168.1.112
ssh: connect to host 192.168.1.112 port 22: Connection refused
vendion ~ $ ping 192.168.1.112
PING 192.168.1.112 (192.168.1.112) 56(84) bytes of data.
64 bytes from 192.168.1.112: icmp_seq=1 ttl=64 time=0.825 ms
64 bytes from 192.168.1.112: icmp_seq=2 ttl=64 time=0.819 ms
64 bytes from 192.168.1.112: icmp_seq=3 ttl=64 time=0.806 ms
64 bytes from 192.168.1.112: icmp_seq=4 ttl=64 time=0.831 ms
64 bytes from 192.168.1.112: icmp_seq=5 ttl=64 time=0.846 ms
--- 192.168.1.112 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 0.806/0.825/0.846/0.028 ms
I don't have problems sshing to this box from any other machines, to rule out the chance that it is my config here is what I have in my ssh_config, http://pastebin.ca/1886204, and my sshd_config, http://pastebin.ca/1886205 hopefully someone can spot something wrong, I have also made sure that sshd is allowed in my /etc/hosts.allow file.
Last edited by vendion (2010-06-19 03:38:00)
Offline
#10 2010-08-08 14:54:17
- thom_raindog
- Member
- Registered: 2008-04-29
- Posts: 175
Re: [Solved] Problems configuring SSH
Has this been solved? I am fighting something very similar on a new arch box that can not connect out nor in while the rest of the network (another archbox and a kubuntu netbook) work dandy...
Offline
#11 2010-08-10 23:30:23
- vendion
- Member
- From: Tennessee, USA
- Registered: 2010-03-10
- Posts: 204
- Website
Re: [Solved] Problems configuring SSH
Yes I managed to solve this my issue was a missing ":" in the /etc/hosts.allow file for sshd.
Offline