ssh fails to work just hanging

satimis · 2008-02-18 10:25:51

Hi folks,

Just played around ssh with following network setup.

Archlinux workstation
hostname - arch.satimis.com
LAN IP - 192.168.0.2

Ubuntu 7.04 server
hostname - mail.satimis.com
LAN IP - 192.168.0.10

Router
port 22-25 forwarded to 192.168.0.10

On Arch workstation
$ ssh mail.satimis.com (OR www.satimis.com)
after login Arch can ssh-connect Ubuntu

exited

But now;
$ ssh 192.168.0.10
can't connect Ubuntu. No response, just hanging on the screen.

$ ls /var/log/

Xorg.0.log      crond         everything.log    lastlog         syslog.log.2
Xorg.0.log.old  crond.1       everything.log.1  mail.log        user.log
acpid.log       crond.2       everything.log.2  messages.log    user.log.1
acpid.log.1     daemon.log    faillog           messages.log.1  user.log.2
acpid.log.2     daemon.log.1  gdm               messages.log.2  wtmp
auth.log        daemon.log.2  httpd             old
auth.log.1      errors.log    kernel.log        pacman.log
auth.log.2      errors.log.1  kernel.log.1      syslog.log
btmp            errors.log.2  kernel.log.2      syslog.log.1

Please advise which log file shall I check? How to fix the problem? TIA

Remark: port 22 forwarding removed

B.R.
satimis

Last edited by satimis (2008-02-18 10:28:03)

tomk · 2008-02-18 10:48:21

Port forwarding is not required here, as both machines are on the same subnet. Try ssh with the debug flag (-v) for more info - you can use it up to three times, depending on the level of detail you need.

satimis · 2008-02-18 11:45:43

tomk wrote:

Port forwarding is not required here, as both machines are on the same subnet. Try ssh with the debug flag (-v) for more info - you can use it up to three times, depending on the level of detail you need.

$ ssh -v 192.168.0.10

OpenSSH_4.7p1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.0.10 [192.168.0.10] port 22.
debug1: connect to address 192.168.0.10 port 22: Connection timed out
ssh: connect to host 192.168.0.10 port 22: Connection timed out

Tried 3 times with the same result.

On Ubuntu
# cat /etc/ssh/ssh_confifg | grep Port

Port 22

It has been uncommented. Neither I have touched this file during my test

Edit-1:

$ cat /etc/rc.local

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

#exit 0

#
# INPUT
#

# allow all incoming traffic from the management interface NIC
# as long as it is a part of an established connection
iptables -I INPUT 1 -j ACCEPT -d 220.232.213.178 -m state --state RELATED,ESTABLISHED

# allow all ssh traffic to the management interface NIC
iptables -I INPUT 2 -j ACCEPT -p TCP -d 220.232.213.178 --destination-port 22

# allow all VMware MUI HTTP traffic to the management interface NIC
iptables -I INPUT 3 -j ACCEPT -p TCP -d 220.232.213.178 --destination-port 8222

# allow all VMware MUI HTTPS traffic to the management interface NIC
iptables -I INPUT 4 -j ACCEPT -p TCP -d 220.232.213.178 --destination-port 8333

# allow all VMware Authorization Daemon traffic to the management interface NIC
iptables -I INPUT 5 -j ACCEPT -p TCP -d 220.232.213.178 --destination-port 902

# reject all other traffic to the management interface NIC
iptables -I INPUT 6 -j REJECT -d 220.232.213.178 --reject-with icmp-port-unreachable

# allows squirrelmail input
#iptables -I INPUT 7 -p ALL -i lo --source 127.0.0.1 -j ACCEPT

#
# OUTPUT
#

# allow all outgoing traffic from the management interface NIC
# if it is a part of an established connection
iptables -I OUTPUT 1 -j ACCEPT -s 220.232.213.178 -m state --state RELATED,ESTABLISHED

# allow all DNS queries from the management interface NIC
iptables -I OUTPUT 2 -j ACCEPT -s 220.232.213.178 -p UDP --destination-port 53

# reject all other traffic from localhost
#iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with icmp-port-unreachable

# reject all other traffic from the management interface NIC
iptables -I OUTPUT 3 -j REJECT -s 220.232.213.178 --reject-with icmp-port-unreachable

Edit-2:

The problem is on Archlinux.

This box has another HD running Ubuntu 7.10 workstation. Just connected it.

$ ssh 192.168.0.10
after login, connected the server

Edit-3:

Just discovered.

Archlinux can't ping 192.168.0.10 (server), 192.168.0.1 (router IP)

satimis

Last edited by satimis (2008-02-18 13:26:12)

satimis · 2008-02-18 15:31:50

Hi tomk,

Problem solved. It was iptables on Archlinux which rules I setup several hours ago blocking the traffic. I did not realise it.

After running;
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Archlinux can ping router_ip and server_ip. Ubuntu_Server can ping Archlinux_ip.

To run "ssh mail.satimis.com" port 22 forwarding is still needed.

Thanks for your assistance.

I'll start another topic later about iptables rules.

B.R.
satimis

Last edited by satimis (2008-02-18 15:33:12)

Arch Linux

#1 2008-02-18 10:25:51

ssh fails to work just hanging

#2 2008-02-18 10:48:21

Re: ssh fails to work just hanging

#3 2008-02-18 11:45:43

Re: ssh fails to work just hanging

#4 2008-02-18 15:31:50

Re: ssh fails to work just hanging

Board footer