ssh in 11.4 server Refusing connections

caf4926 · October 29, 2011, 4:35pm

Can anyone test this

I have a box/server that is set to allow ssh
It’s been running since March 2011. No problem
Suddenly it’s refusing connections

ssh port is open
sshd is running

nrickert · October 29, 2011, 5:27pm

No problem with ssh here (on my main 11.4 system). It hasn’t been running since March, though - only since I rebooted earlier this week

If connections go through a router, make sure that any router port-forwarding hasn’t been lost.

caf4926 · October 29, 2011, 5:41pm

I never use port forward in the router, never have for ssh over the LAN
It did cross my mind, but I can’t see why it should need it now. It never has.

Thanks for the reply though

robin_listas · October 29, 2011, 5:53pm

On 2011-10-29 16:36, caf4926 wrote:

> I have a box/server that is set to allow ssh
> It’s been running since March 2011. No problem
> Suddenly it’s refusing connections

Logs.

Try verbose on client.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

caf4926 · October 29, 2011, 6:21pm

Later or tomorrow
Wife needs attention ATM

caf4926 · October 29, 2011, 6:37pm

Running from the remote

OpenSSH_5.8p1, OpenSSL 1.0.0c 2 Dec 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.0.2 [192.168.0.2] port ****.
debug1: connect to address 192.168.0.2 port ****: No route to host
ssh: connect to host 192.168.0.2 port ****: No route to host

robin_listas · October 29, 2011, 7:33pm

On 2011-10-29 18:46, caf4926 wrote:
>
> Running from the remote
>
>
> Code:
> --------------------
> OpenSSH_5.8p1, OpenSSL 1.0.0c 2 Dec 2010
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to 192.168.0.2 [192.168.0.2] port ****.
> debug1: connect to address 192.168.0.2 port ****: No route to host
> ssh: connect to host 192.168.0.2 port ****: No route to host
>
>
> --------------------

Ah, there you have! The problem is not in the server, but in the client. A
ping will also fail.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

caf4926 · October 29, 2011, 7:50pm

ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_req=1 ttl=64 time=119 ms
64 bytes from 192.168.0.2: icmp_req=4 ttl=64 time=6.63 ms
64 bytes from 192.168.0.2: icmp_req=5 ttl=64 time=28.0 ms
64 bytes from 192.168.0.2: icmp_req=6 ttl=64 time=49.4 ms

robin_listas · October 29, 2011, 9:23pm

On 2011-10-29 19:56, caf4926 wrote:
>
> ping 192.168.0.2
> PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
> 64 bytes from 192.168.0.2: icmp_req=1 ttl=64 time=119 ms
> 64 bytes from 192.168.0.2: icmp_req=4 ttl=64 time=6.63 ms
> 64 bytes from 192.168.0.2: icmp_req=5 ttl=64 time=28.0 ms
> 64 bytes from 192.168.0.2: icmp_req=6 ttl=64 time=49.4 ms

Mmmm! That’s strange, it works. And the other way round, server to client?

It is slow for a local network, though. I get half a milisecond on mine.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

caf4926 · October 29, 2011, 10:05pm

That was wireless ping and a router being bashed by my Son on WOW.

Here it is on a Cable

64 bytes from 192.168.0.2: icmp_req=1 ttl=64 time=4.05 ms
64 bytes from 192.168.0.2: icmp_req=2 ttl=64 time=1.26 ms
64 bytes from 192.168.0.2: icmp_req=3 ttl=64 time=1.30 ms
64 bytes from 192.168.0.2: icmp_req=4 ttl=64 time=1.43 ms
64 bytes from 192.168.0.2: icmp_req=5 ttl=64 time=1.30 ms
64 bytes from 192.168.0.2: icmp_req=6 ttl=64 time=1.36 ms
64 bytes from 192.168.0.2: icmp_req=7 ttl=64 time=1.47 ms
64 bytes from 192.168.0.2: icmp_req=8 ttl=64 time=1.44 ms

I’ll check the other way when I can

caf4926 · October 29, 2011, 10:36pm

From server to remote laptop

64 bytes from 192.168.0.6: icmp_req=1 ttl=64 time=0.618 ms
64 bytes from 192.168.0.6: icmp_req=2 ttl=64 time=0.268 ms
64 bytes from 192.168.0.6: icmp_req=3 ttl=64 time=0.250 ms
64 bytes from 192.168.0.6: icmp_req=4 ttl=64 time=0.265 ms
64 bytes from 192.168.0.6: icmp_req=5 ttl=64 time=0.276 ms
64 bytes from 192.168.0.6: icmp_req=6 ttl=64 time=0.247 ms
64 bytes from 192.168.0.6: icmp_req=7 ttl=64 time=0.271 ms

robin_listas · October 30, 2011, 1:43am

On 2011-10-29 22:06, caf4926 wrote:
>
> That was wireless ping and a router being bashed by my Son on WOW.

Just in case: here, when I want to ssh to my laptop on wireless, I get
errors similar to yours. I have first to ping in both directions or I get
no route.

Apparently, via cable the connections use just the switch part in the
router. But to go via wi-fi, it uses the router part, and packets in the
desktop have to learn the road via the gateway first.

Something strange.

I also had to add a route entry:



> laptop.va   router      255.255.255.255 UGH   0      0        0 eth0

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

user · October 30, 2011, 2:33am

Carlos E. R. wrote:

> On 2011-10-29 22:06, caf4926 wrote:
>>
>> That was wireless ping and a router being bashed by my Son on WOW.
>
> Just in case: here, when I want to ssh to my laptop on wireless, I get
> errors similar to yours. I have first to ping in both directions or I get
> no route.
>
> Apparently, via cable the connections use just the switch part in the
> router. But to go via wi-fi, it uses the router part, and packets in the
> desktop have to learn the road via the gateway first.

Nice catch - I never gave that a thought. My router sets up bridge
connections the ehternet ports, the wireless, and the DSL modem. It
apparently then loads the arp table (or something like it) and never
hiccups. I also have a NetGear router (no DSL modem) and it does pretty
much what you describe - gets lost on some packets/protocols crossing the
media bridge between wired and wireless

> Something strange.
>
> I also had to add a route entry:
>
>
>


>
>> laptop.va   router      255.255.255.255 UGH   0      0        0 eth0
>
>

>
>

–
Will Honea

caf4926 · October 30, 2011, 3:15am

Since it’s always worked and I didn’t change anything
I’ll have to dig deeper.

Thanks for all the help. I’ll keep you informed.

caf4926 · October 30, 2011, 3:56am

Found the problem

I use address reservation and had recently added a HTC device for my Son. I had a mistake in the reservation list and an error in the MAC for that device.
Which resulted in the 2 devices causing some crossover.
I took out the HTC for now and will look at it later.

Thank you

creatura85 · October 30, 2011, 10:19am

Personally when i need a service such as apache or ssh(like your case here) i make it run for localhost only, call it a functional test. After that i open the port in firewall, other than 22 i suggest you install the package yast-sshd (or yast2-sshd, or something like this) to configure the service. Since i own a router i had created a ip reservation for my network card and no matter what other devices i connect to it 192.168.0.100(my case) is reserved for my PC so i have to make a port forward from the router to my local ip for my ssh port. In addition if you internet provider offers dynamic IP`s a free dns service like no-ip.com is great and their client works for linux too or use the dns service that the router has(mine has the one from dlink, but is just as good as no-ip.com and gets updated every time the router connects to the internet).

robin_listas · October 30, 2011, 1:18pm

On 2011-10-30 04:06, caf4926 wrote:
>
> Found the problem
>
> I use address reservation and had recently added a HTC device for my
> Son. I had a mistake in the reservation list and an error in the MAC for
> that device.
> Which resulted in the 2 devices causing some crossover.
> I took out the HTC for now and will look at it later.

Ah, a collision.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

robin_listas · October 30, 2011, 1:28pm

On 2011-10-30 02:33, Will Honea wrote:
> Carlos E. R. wrote:
>
>> On 2011-10-29 22:06, caf4926 wrote:
>>>
>>> That was wireless ping and a router being bashed by my Son on WOW.
>>
>> Just in case: here, when I want to ssh to my laptop on wireless, I get
>> errors similar to yours. I have first to ping in both directions or I get
>> no route.
>>
>> Apparently, via cable the connections use just the switch part in the
>> router. But to go via wi-fi, it uses the router part, and packets in the
>> desktop have to learn the road via the gateway first.
>
> Nice catch - I never gave that a thought. My router sets up bridge
> connections the ehternet ports, the wireless, and the DSL modem. It
> apparently then loads the arp table (or something like it) and never
> hiccups. I also have a NetGear router (no DSL modem) and it does pretty
> much what you describe - gets lost on some packets/protocols crossing the
> media bridge between wired and wireless

Look, I just powered up the laptop, and if I try ssh get:


> cer@Telcontar:~> SSH_AUTH_SOCK="" ssh -Y root@minas-tirith.valinor
> ssh: connect to host minas-tirith.valinor port 22: No route to host
> cer@Telcontar:~>
> cer@Telcontar:~> ping minas-tirith.valinor
> PING minas-tirith.valinor (192.168.1.129) 56(84) bytes of data.
> From router (192.168.1.1): icmp_seq=2 Redirect Host(New nexthop: minas-tirith.valinor (192.168.1.129))
> From router (192.168.1.1): icmp_seq=3 Redirect Host(New nexthop: minas-tirith.valinor (192.168.1.129))
> From router (192.168.1.1) icmp_seq=1 Destination Host Unreachable
> From router (192.168.1.1) icmp_seq=2 Destination Host Unreachable
> From router (192.168.1.1) icmp_seq=3 Destination Host Unreachable
> From router (192.168.1.1): icmp_seq=4 Redirect Host(New nexthop: minas-tirith.valinor (192.168.1.129))

I then start ping on the laptop to the desktop, and viceversa:


> cer@Telcontar:~> ping minas-tirith.valinor
> PING minas-tirith.valinor (192.168.1.129) 56(84) bytes of data.
> 64 bytes from minas-tirith.valinor (192.168.1.129): icmp_req=1 ttl=63 time=1.93 ms
> 64 bytes from minas-tirith.valinor (192.168.1.129): icmp_req=2 ttl=63 time=1.78 ms
> 64 bytes from minas-tirith.valinor (192.168.1.129): icmp_req=3 ttl=63 time=1.89 ms
> 64 bytes from minas-tirith.valinor (192.168.1.129): icmp_req=4 ttl=63 time=1.68 ms
> 64 bytes from minas-tirith.valinor (192.168.1.129): icmp_req=5 ttl=63 time=1.76 ms
> 64 bytes from minas-tirith.valinor (192.168.1.129): icmp_req=6 ttl=63 time=1.79 ms

and now ssh works:


cer@Telcontar:~> SSH_AUTH_SOCK="" ssh -Y root@minas-tirith.valinor
Password:
Last login: Sat Oct 29 23:41:11 2011 from elessar.valinor
Have a lot of fun...
minas-tirith:~ #

See?

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

user · November 2, 2011, 3:06am

On Sat, 29 Oct 2011 17:33:06 GMT, “Carlos E. R.”
<robin_listas@no-mx.forums.opensuse.org> wrote:

>On 2011-10-29 18:46, caf4926 wrote:
>>
>> Running from the remote
>>
>>
>> Code:
>> --------------------
>> OpenSSH_5.8p1, OpenSSL 1.0.0c 2 Dec 2010
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: Applying options for *
>> debug1: Connecting to 192.168.0.2 [192.168.0.2] port ****.
>> debug1: connect to address 192.168.0.2 port ****: No route to host
>> ssh: connect to host 192.168.0.2 port ****: No route to host
>>
>>
>> --------------------
>
>Ah, there you have! The problem is not in the server, but in the client.A
>ping will also fail.

Maybe. This looks like a network issue. Is the server still at that
address? What is the address mode for the server (DHCP or static)?

?-)

caf4926 · November 2, 2011, 5:50am

Is the server still at that
address?

No
Which I though I had explained. The problem is solved. I had some mixed up entries in address reservation which bumped the server of it’s spot.
Remined me again, never to adjust such settings over wireless. I did it once before it cocked it up. :-))