Linux-Noob Forums

Full Version: failing to ssh
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

Hey, I'm really newish to linux, I used redhat for six months, six years ago. Needless to say, my linux-fu was always a bit spare and now its spare and rusty.

 

I got a box without a use, and I thought hey, it would be nice to have a minecraft server. A friend of mine said that once I got the box capable of having ssh access he'd finish setting it up. Well, spent the last two days with a fresh install of ubuntu server x64 11.10 relearning enough to make this work. I installed openssh, added a ssh list to iptables, port forwarded 22 to the box... and failed miserably to log in from my home box to this pain in my neck. Connection Refused every time.

 

Its starting to feel like I'm woefully ignorant.. Any help would be very appreciated.


Quote:Hey, I'm really newish to linux, I used redhat for six months, six years ago. Needless to say, my linux-fu was always a bit spare and now its spare and rusty.
You're in the right place to give it a polish!

 

Quote:I got a box without a use, and I thought hey, it would be nice to have a minecraft server. A friend of mine said that once I got the box capable of having ssh access he'd finish setting it up. Well, spent the last two days with a fresh install of ubuntu server x64 11.10 relearning enough to make this work. I installed openssh, added a ssh list to iptables, port forwarded 22 to the box... and failed miserably to log in from my home box to this pain in my neck. Connection Refused every time. 

Its starting to feel like I'm woefully ignorant.. Any help would be very appreciated.
This one caught me out, too - you probably did what I did: install ubuntu as a productive desktop system and.. forgot to install the "sshd" service, which isn't on by default (ssh server, rather than client)

 

To check to see if it's installed:



Code:
dpkg -l | grep ssh




On my box, I get the following back:



Code:
ii  libssh-4           0.4.5-1              A tiny C SSH library
ii  openssh-client     1:5.5p1-4ubuntu6     secure shell (SSH) client, for secure access to remote machines
ii  openssh-server     1:5.5p1-4ubuntu6     secure shell (SSH) server, for secure access from remote machines
ii  python-paramiko    1.7.6-2              Make ssh v2 connections with Python
ii  ssh-askpass-gnome  1:5.5p1-4ubuntu6     interactive X program to prompt users for a passphrase for ssh-add




You can see the third line down - "openssh-server" needs to be installed. If you see this missing, use a quick "apt" to install it.

 

However, if it IS installed, it may not be running. Usually, ssh binds to port 22, so check to see if that port is open with:



Code:
netstat -an | grep 22




 

If there's no joy, look at starting it with:



Code:
service ssh start




(note that this last command needs to be run as root - either precede it with "sudo", or type "sudo -i" first to become root before issuing that command)

 

Once it's up and running, a quick test is:



Code:
ssh localhost




- good luck!


Well, I have good news and I have bad news. Openssh-server is installed, I can ssh from the machine into itself, which makes me think that the port is open. However, from my windows machine with FileZilla, trying to connect via localhost and port 22 results in connection refused.

 

My router goes off of 10.0.0.1 as the gateway, and in the netstat it looks like its listening for a more common 127.0.0.1. I don't know if this is the problem, or if it is, how to fix it.


Quote:and in the netstat it looks like its listening for a more common 127.0.0.1. I don't know if this is the problem, or if it is, how to fix it.
Yup - (a) that's what's causing it, and (B) to fix it is fairly simple.

 

1. look in /etc/ssh - there are a series of config files in there. They're readable by an ordinary user, but can only be modified by a priv'd one.

2. The file you're after is sshd_config - this affects sshd (SSH daemon). There is another (ssh_config) that affects the ssh client connectivity (provides defaults for all users, which is overridden per-user). You don't want this second one.

3. Look for the entry in this file marked ListenAddress - this may look like:



Code:
ListenAddress 127.0.0.1




 

Change it to read:



Code:
ListenAddress 0.0.0.0




(this means it's listening on every IP you have on that machine)

 

Restart the SSH server, eg:



Code:
service ssh restart




and you should be done! A "netstat" should show 0.0.0.0:22 (where before it probably showed 127.0.0.1:22).

 

One last point - if you are allowing this machine to be exposed to the interwebs, best move your SSH port off 22, since this is what plenty of sniffers actively target. Something high like 2222, 12322, 22122, 54322 will do the trick - just change the setting against "Port" in the same config file. Don't forget to amend your firewall rules and routing tables also, if you decide to change it!


Continuing with the wacky, found the etc/ssh/sshd_config file, found the line that says ListenAddress 0.0.0.0, however to be more accurate it reads

 

#ListenAddress ::

#ListenAddress 0.0.0.0

 

From what I can figure, # means commented out, I think. So, I un-commented the second line. Restarted ssh, and now netstat is now reading

 

tcp 0 0.0.0.0:22 0.0.0.0:* LISTEN

unix 3 [ ] STREAM CONNECTED 6222 /var/run/dbus/system_bus_socket

unix 3 [ ] STREAM CONNECTED 6221

 

 

 

So, I think that fixed that.... except my face is now permanently embedded in the desk, now not only can I not ssh with filezilla with the windows box but the ubuntu box can no longer ssh into itself, it tries but for some bloody reason it wont accept the password, after trying four times it spits out Permission denied (publickey, password)

It is very possible I just can't see straight and I'm typing in the password wrong twelve times in a row, but ultimately something is still wrong.


okay - as root, can you check there are no other ssh process running? It could be that sshd didn't restart properly.

 

Also, if you ARE getting a prompt (yet wrong pass) just try changing the address over to 127.0.0.1 and seeing if you can still "ssh localhost" as before (after restarting sshd)

 

Lastly.. check there aren't any "Listen" lines lower down uncommented. That caught me out before!

Well, some things have changed. Other people actually tried to ssh to it now, and that works. However, I cannot localhost to the box still. Should narrow down the problem, I hope.

Can you ssh in from another machine? Also, are you trying to ssh in as root?

 

Also, try using the IP rather than "localhost" on the box itself, see what response you get.

 

Lastly, check the logfiles. /var/log/auth or /var/log/secure ought to have some information about the SSHd, so may show reasons why your login was rejected.


ssh ip hangs the machine, no idea why.

/var/log/secure and /var/log/auth do not exist for one reason or another, looking for where it's hiding the log files. Friend can ssh in using the IP, and the log info for the root account. I cannot ssh within the same network from a second machine with the same login information, well using "localhost".


Did you change the SSH port at all? Also, what user are you connecting as?

 

Can you also try to ping the IP from the machine itself and another on the network? I suspect your routing tables have snarled up somehow, or name resolution is at fault - someone connecting from outside will have an IP that can resolve back to a hostname, but machines on your local network will not be part of any DNS zone.

(although "ssh 127.0.0.1" ought to work fine).

 

To find which file contains SSH information, try the following:



Code:
grep -l ssh /var/log/*




That should tell you the names of files containing "ssh" in them, so you can examine those more closely.

 

(if it's not logging then it'll be an option in sshd_config - but I've not come across any distro that doesn't log ssh info by default)

Pages: 1 2