New FC2 not allowing ssh connections

Mon Nov 15 19:14:11 UTC 2004

On Mon, 15 Nov 2004 12:56:25 -0600, Bob McClure Jr
<robertmcclure at earthlink.net> wrote:
> On Mon, Nov 15, 2004 at 10:29:20AM -0800, Mark Knecht wrote:
> 
> 
> > On Mon, 15 Nov 2004 09:21:05 -0800, Rick Stevens
> > <rstevens at vitalstream.com> wrote:
> > > Mark Knecht wrote:
> > >
> > >
> > > > Hi,
> > > >    I built a new FC2 machine from scratch recently. It's been working
> > > > fine for outgoing connections. Today I wanted to connect to it but
> > > > haven't been able to. When I attempt to connect to it from my laptop
> > > > or another FC2 desktop I get:
> > > >
> > > > flash mark $ ssh -X -Y -C -c blowfish -l mark 192.168.10.101
> > > > ssh: connect to host 192.168.10.101 port 22: No route to host
> > > > flash mark $
> > >
> > > You have a routing issue on flash, Mark.  Check "netstat -rn" and verify
> > > that a) your default route is correct and b) that your netmask is
> > > correct.  192.168 is a non-internet-routable class B (/16) network, so
> > > you can safely get by with a "255.255.0.0" netmask.
> > >
> > > >    I've started sshd and looked at /etc/rc.d/init.d/sshd_config. It
> > > > says it allows X11Forwarding. It has port 22 commented out, but I
> > > > assume that's OK. Anyway, I tried uncommenting it and restarting sshd
> > > > but no improvement.
> > >
> > > It's not an SSH issue, it's a routing issue.  You have no route to the
> > > 192.168.10 network.  If you can dump out the results of "ifconfig -a"
> > > and "netstat -rn", we can help.
> >
> > Rick,
> >    This did not seem to be the case, or I am still misunderstanding you.
> >
> > Gentoo -> Gentoo - worked
> > Gentoo - FC2 - failed
> > FC2 -> Gentoo - worked
> > FC2 -> FC2 - failed
> >
> > Gentoo -> FC2 (with iptables disabled at target) - worked
> > FC2 -> FC2 (with iptables disabled at target) - worked
> >
> > Why is this a routing issue on the Gentoo box?
> >
> > Certainly I could have a routing issue on ALL machines I suppose. I
> > set all machines up the same way, or as close as I could with scripts
> > all being a bit different, and some boxes are fixed IP and one box was
> > DHCP from the router. But why should disabling iptables on an FC2 box
> > have 'fixed' a routing issue on a Gentoo box?
> >
> > Thanks!
> > Mark
> 
> Mark, Rick may not be aware that you fixed it by turning off IPTABLES
> on the FC2 box(es).  That is true, is it not?
> 

Yes, that is true. Gentoo doesn't use IPTABLES by default, so I've
never used it on that distribution. (It also doesn't automatically
enable any input ports by default either, so telnet, etc. don't work
unless you turn it on.)

I'd be happy to post any info that would help folks understand the
setup better. To my mind FC2 seemed to be acting like it just didn't
want to accept connections. sshd didn't run by default so I turned
that on and could see the sshd process running, but I couldn't
connect.

I did get a couple of messages in the security logs about something
failing to bind to port 22 since the port was in use. I was unclear
from the messages what this was - my external machines ssh'ing in, or
me trying to start sshd and failing, or something else entirely.

For clarity I did not edit any service files or scripts. I just loaded
FC2 on a clean hard disk on two machines and got this problem.

thanks,
Mark