ssh and port 22 problem, cont.

Gerhard Magnus magnus at agora.rdrop.com
Wed Oct 6 00:54:51 UTC 2004 

Greetings!

I've made some progress on troubleshooting this "ssh & port 22 problem".
Here was my original post:

When I try to connect from a remote machine to my one at home
using ssh I get the error message "ssh: connect to host 64.146.133.1 port
22: Connection refused" -- but using ssh in the outgoing direction (i.e.
from home to the remote location) works fine.

Here's what's happened since:

I have two machines (PuteA and PuteB) sharing an ActionTec DSL modem.  The IP
I was using was that of my "Gateway" ISP (64.146.133.1) -- an error.  But
when I used the correct, static IP address of the ActionTec
(64.146.133.52) I got this message:

ssh: connect to host 64.146.133.52 port22: Connection refused

I thought I had port forwarding (for port 22) set correctly on the modem.  For
troubleshooting, my ISP advised me to run "tcpdump -n host 192.168.0.2" on
PuteA, where 192.168.0.2 is the "internal" IP of PuteA. Then I logged on
to the remote location from PuteB and tried to ssh from there to PuteA
using the static IP address.  The ssh from the remote location timed out
with the same "port 22: connection refused" message.  The tcpdump on Pute
A gave this message:

> tcpdump: listening on eth0
> 17:27:33.662753 arp who-has 192.168.0.2 tell 192.168.0.1

where 182.168.0.1 is the "internal" IP of the modem.  (Sorry if I have
this terminology wrong.)

My ISP says the problem is the firewall on PuteA and that he doesn't do linux
firewalls.

Here are my replies to the people who responded to my first post:

(1) "Do you have the firewall configured to deny incoming packets to port
22?"
How do I check this?

(2) "You need to check that sshd is running on your system."
Yes. I comes up with each boot.  Also "service sshd status" gives
"sshd (pid 787) is running".

(3) "sshd uses /etc/hosts.allow and /etc/hosts.deny. Check that they are
configured to allow your remote machine in."
Both files have only commented lines.

(4) "Also, if your /etc/ssh/sshd_config file has VerifyReverseMapping
turned on, you will get kicked out if your remote address does not work
with a reverse dns lookup."
There's a "VerifyReverseMapping no" line in the file but it's been commented
out.

(5) "Just to be sure: when you are at home machine, try 'ssh localhost'.
If this works, you probably need to check your firewall."
It seems to work -- I ssh to the machine itself.

(6) "This is common on every system I have ever loaded with FC2.  Your
iptables are blocking the connection.  You can do one of the following:
iptables -A INPUT -m tcp -p tcp --dport 22 - j ACCEPT"
I tried this.  The ssh to PuteA from the remote location still times out.

(7) "Oh yes I also took out the REDHAT firewall entrie as I dont have a
clue as to how to work with it."
I've fiddled endlessly with this "system tool" at each of the three levels
of security as well as using the "customize" option to set eth0 as a
trusted device and to allow incoming ssh.  It doesn't show the settings
that actually exist.

(8) "If your fedora box is connected directly to a DSL modem, you should
be able to find your IP address by running ifconfig from the command
line and looking for 'inet addr:' (probably under 'eth0')."
eth0      Link encap:Ethernet  HWaddr 00:40:05:81:60:8E
          inet addr:192.168.0.4  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2184 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2005 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1122075 (1.0 Mb)  TX bytes:190214 (185.7 Kb)
          Interrupt:5 Base address:0x3000
Could this be the problem -- the "inet addr" of 192.168.0.4?  As far as I
can tell, the modem is 192.168.0.1, PuteA is 192.168.0.2, and PuteB is
192.168.0.3.  I haven't set anything as 192.168.0.4.

(9) "nmap 64.146.133.52"
(The 1598 ports scanned but not shown below are in state: closed)
Port       State       Service
23/tcp     open        telnet
53/tcp     open        domain
80/tcp     open        http
Shouldn't ssh be here?  And what's telnet doing open?  The books have me
scared to death of this... hackers, crackers, script kiddies, etc.

Thanks for the help!
Jerry Magnus

More information about the fedora-list mailing list