Connecting to another computer in my own network using ssh

English Network/Internet
#1

This should be so simple! All computers are running leap 15. I have set up a headless server and am able to log into it using ssh. I want to be able to do the same to the other computers on my network, but only from my own network. I have looked at all the files I can find on the server and on the other computers and can’t seem to find any differences.

When I log onto the server, I open Konsole and type:

ssh 192.168.3.4 -l <username>

There is a user of that name on the server. I am prompted for a password, which I enter and I get the welcome message.

When I try to connect to another computer, using the same method, I get no response and have to press Ctrl C to get the prompt back.

I don’t need or want a graphic interface, simply access using Konsole.

And, important, I do not want access from outside my own network.

What am I missing?

Bart

#2

Have you checked that sshd is running on those computers? Also, if you have an active firewall on each those hosts you wish to reach, make sure port 22 is open.

systemctl status sshd

If necessary enable and start using…

systemctl enable sshd

systemctl start sshd
1 Like
#3

Your router should block all services external to your home network, unless you explicitly configured it to allow a particular service through.

#4

Well, that solved the problem on one computer. Another one is still refusing connections. Yast says the firewall is not active and is not enabled. I did a reboot just because, still not accepting.

Bart

#5

But is the server (sshd) running?

netstat -tulp | grep ssh
#6

…or if netstat (net-tools-deprecated package) not installed, you can do

lsof -i |grep ssh

or check sshd.service with

systemctl status sshd
#7

I would not say “or”, but “and”. They test different (in this case related) things.

You could e.g. serve ssh through xinet.

#8

Not really - both should report (consistently) if sshd is active or not. My main point was for those (including me) who don’t have netstat installed, lsof can be used instead.

#9

While that may be true, I somehow don’t think the OP is dong that, and just so you know Henk , since the release of openSUSE Leap 15 the xinetd services are no longer present anyway.

#10

On both.

I think your first point (using lsof) is very valid. I am afraid that (having it and it’s friends installed) use them like I did for 30 - 40 years and do not always think about not everybody having them by default >:(.

I do also not think he is using xinetd, but checking the open port is in any case the first thing I would do. After all, if it is sshd or xinetd, in both cases it should work. And the netstat -tulp (I do not know about lsof) would show which of them it is, to work on further.

It is a different work flow by habit I assume. I am more of the step by step approach, because next step may depend very much on the outcome of the first.

1 Like
#11

If one wants to check a given port is open, then lsof can be used like this instead

# lsof -i :22
COMMAND PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd    943 root    3u  IPv4  19644      0t0  TCP *:ssh (LISTEN)
sshd    943 root    4u  IPv6  19736      0t0  TCP *:ssh (LISTEN)

which then reports the daemon/process associated with it

It is a different work flow by habit I assume. I am more of the step by step approach, because next step may depend very much on the outcome of the first.

Port and daemon are both useful things to check. For all I know the OP may have configured /etc/ssh/ssh_config to listen on a different port (but unlikely I think).

#12

Am Sat, 28 Jul 2018 09:16:03 GMT
schrieb deano ferrari <deano_ferrari@no-mx.forums.microfocus.com>:

> My main point was for those (including me) who don’t have netstat
> installed, lsof can be used instead.

As the “old” nettools (ipconfig, netstat, route …) have been deprecated by
the tools from iproute2, one should also mention the “ss” (socket statistics)
command as this one seems to be the replacement for netstat.

/usr/sbin/ss -tulpen

AK


Never attribute to malice that which can be adequately explained by stupidity.
(R.J. Hanlon)

#13

Yes, I use ss frequently as well. I recently posted a link to some of the deprecated commands and their replacements…

https://www.tecmint.com/deprecated-linux-networking-commands-and-their-replacements/

#14

lsof reports the same as your sample. I admit I used your code rather than copy and paste and sneaket-net mine. The difference is in the PID and device number only. I see this as proof that port 22 is open and sshd is running. So, I should be able to connect, Correct?

# lsof -i :22
COMMAND PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd    943 root    3u  IPv4  19644      0t0  TCP *:ssh (LISTEN)
sshd    943 root    4u  IPv6  19736      0t0  TCP *:ssh (LISTEN)
#15

Yes, if that is the output from the host you’re trying to connect to then sshd is active and listening on port 22.

Did you also check for an active firewall

system status firewalld

If active, check allowed services…

sudo firewall-cmd --list-services

Configure to allow SSH if necessary.

#16 
systemctl status firewalld

results in the following

● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)
#17

Can you successfully ping the host in question? If so, try running an nmap scan of the host from another machine on the network

nmap <IP address of host>

For example, I get

~> nmap 192.168.1.4
Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-29 10:50 NZST
Nmap scan report for linux-n8nk (192.168.1.4)
Host is up (0.012s latency).
Not shown: 993 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
631/tcp  open  ipp
5801/tcp open  vnc-http-1
5901/tcp open  vnc-1
6001/tcp open  X11:1

Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds

At the SSH server end, you could watch the sshd service

sudo journalctl -fu ssh

then attempt to start an ssh session from another machine and watch the subsequent output generated.

#18

Well, this is interesting…

UNIVAC:~ # nmap 192.168.3.11
Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-28 17:13 MDT
Nmap scan report for linux.Hollis-Home (192.168.3.11)
Host is up (0.00022s latency).
All 1000 scanned ports on linux.Hollis-Home (192.168.3.11) are filtered
MAC Address: 4C:CC:6A:CE:BD:0A (Micro-star Intl)

Nmap done: 1 IP address (1 host up) scanned in 21.41 seconds
UNIVAC:~ #

So the server computer is stopping the connection. But how?

Bart

#19

At the SSH server end, you could watch the sshd service
Code:
sudo journalctl -fu ssh
then attempt to start an ssh session from another machine and watch the subsequent output generated.

I tried this and got absolutely no response other than the line stating the log had been started and showing the date.

As this computer has a unique, to me, system board, I poked around in the bios but as expected, didn’t see anything I thought would contribute to this problem.

Bart

#20

Well, that indicates that a firewall on that host is dropping traffic to all the scanned ports. So you need to check that out further. What OS/version is running on that host?