sshd is running but doesn't seem to accept connections

ladr0n · 2008-12-31 18:51:26

Hey guys

I'm setting up a new machine which serves as a gateway for my private network. I have iptables set up and ip forwarding is working correctly. I can't seem to connect to this machine via ssh. This might be something I did incorrectly with my iptables rules, but I can't find the problem with them myself. Whether I try from inside or outside of my network, I get the error:

ladr0n@laptop> ssh -p xxxx ladr0n@192.168.0.1                              ~
ssh_exchange_identification: Connection closed by remote host

Here are the uncommented lines of my /etc/ssh/sshd_config file:

Port xxxx
Protocol 2

PermitRootLogin no
ChallengeResponseAuthentication no
UsePAM yes
Subsystem    sftp    /usr/lib/ssh/sftp-server

And my iptables configuration:

# Generated by iptables-save v1.4.2 on Wed Dec 31 12:57:55 2008
*filter
:INPUT DROP [3:84]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [4613:391641]
:fw-interfaces - [0:0]
:fw-open - [0:0]
:interfaces - [0:0]
:open - [0:0]
-A INPUT -p icmp -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -j interfaces 
-A INPUT -j open 
-A INPUT -p tcp -j REJECT --reject-with tcp-reset 
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable 
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP 
-A INPUT -f -j DROP 
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP 
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP 
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -j fw-interfaces 
-A FORWARD -j fw-open 
-A FORWARD -j REJECT --reject-with icmp-host-unreachable 
-A fw-interfaces -i eth0 -j ACCEPT 
-A interfaces -i lo -j ACCEPT 
-A interfaces -i eth0 -j ACCEPT 
-A open -p tcp -m tcp --dport 8674 -j ACCEPT 
COMMIT
# Completed on Wed Dec 31 12:57:55 2008
# Generated by iptables-save v1.4.2 on Wed Dec 31 12:57:55 2008
*nat
:PREROUTING ACCEPT [15:1266]
:POSTROUTING ACCEPT [33:2311]
:OUTPUT ACCEPT [33:2311]
-A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE 
COMMIT

Any help would be greatly appreciated. Thanks.

theringmaster · 2008-12-31 19:15:54

make sure something like sshd: ALL or whatever is in your /etc/hosts.allow

Last edited by theringmaster (2008-12-31 19:16:50)

ladr0n · 2008-12-31 20:20:57

Good call, ringmaster. I added the line 'sshd: ALL' to /etc/hosts.allow and it works now. Thank you!

Last edited by ladr0n (2008-12-31 20:22:25)

theringmaster · 2008-12-31 20:22:22

oh and sshd: ALL might be a security risk, but you can read the wiki page to be sure.

ladr0n · 2008-12-31 20:34:02

You're right, it is a slight risk. However, I need to be able to access this machine from anywhere, so I can't restrict sshd to a particular range of IP addresses. I've seen a way to set up sshd so that it will reject a certain IP address after so many failed login attempts. I'll probably use either that or port knocking eventually, but for now I at least have it set up and working properly. Thanks again

Arch Linux

#1 2008-12-31 18:51:26

sshd is running but doesn't seem to accept connections

#2 2008-12-31 19:15:54

Re: sshd is running but doesn't seem to accept connections

#3 2008-12-31 20:20:57

Re: sshd is running but doesn't seem to accept connections

#4 2008-12-31 20:22:22

Re: sshd is running but doesn't seem to accept connections

#5 2008-12-31 20:34:02

Re: sshd is running but doesn't seem to accept connections

Board footer