Machine A and B are trying to connect to machine C.
A gets there. When I do ssh -v ip, I get:
OpenSSH_5.1p1, OpenSSL 0.9.8j-fips 07 Jan 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to C.server.ip.addy [C.server.ip.addy] port 22.
debug1: fd 3 clearing O_NONBLOCK
Then there is more debugging that's not important.
B can't get there. When I do ssh -v ip, I get:
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to C.server.ip.addy [C.server.ip.addy] port 22.
debug1: connect to address C.server.ip.addy port 22: Connection timed out
ssh: connect to host C.server.ip.addy port 22: Connection timed out
The line that is never reached is:
debug1: fd 3 clearing O_NONBLOCK
What would cause this? Please help!
One possible cause may be a Firewall misconfiguration (A=>C on port 443 allowed, B=>C = denied).
In any case, if you have access to the C machine, put a packet sniffer like WireShark and check if the packets originating from B are actually reaching the machine.
I can think of several things that could cause this.
A firewall between B->C could block the connection. Are these machines on the same subnet? Is there a firewall? Such a rule would likely allow you to connect C->B. You can pull your files in this direction using scp. Something like
C$ scp user#B:/path/to/file /local/path/to/file
A tcpwrapper rule may have a similar effect. Do you have a rule in /etc/hosts.deny that blocks SSH from machine B? Check the man pages for hosts.allow and hosts.deny for info on changing tcpwrapper rules.
You should use nmap to check which ports are open and accessible from B and A. Something like the following should give you some good info. If port 22 is open from A but not B then one of the above is likely blocking it.
nmap -T4 -A -P0 -p0-65535 C
Related
My centOS target machine has two network cards. nic0 is connected to a modem: I can ssh from Raspberry Pi4 to the centOS target using the external address of the modem (with the help of port forwarding on the modem.)
nic1 is connected to my local network. But when I try to ssh using the local address I get a timeout, like this:
OpenSSH_7.9p1 Raspbian-10+deb10u2+rpt1, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.8.2 [192.168.8.2] port 22.
debug1: Connection established.
debug1: identity file /home/pi/.ssh/id_rsa type 0
debug1: identity file /home/pi/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u2+rpt1
ssh_exchange_identification: read: Connection timed out
ssh to local address has been working fine for many months - just suddenly stopped working. I looked the /var/log/secure and did not see any activity when tring to ssh to the local address. I am not aware of any recent system changes to the target machine.
Any ideas?
I have created a Virtual Machine with multipass, I am trying to connect to this instance over ssh, with the command:
ssh -vvv -i back_key ubuntu#10.136.38.199
At first, I tried to connect to my instance from a Github Action, but I got a timeout error, I thought that it may have been a Github issue.
But with a second computer, I couldn't connect to the VM either.
The error I got:
ubuntu#laptop-number2:~$ ssh -vvv -i back_key ubuntu#10.136.38.199
OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 10.136.38.199 is address
debug2: ssh_connect_direct
debug1: Connecting to 10.136.38.199 [10.136.38.199] port 22.
debug1: connect to address 10.136.38.199 port 22: Resource temporarily unavailable
ssh: connect to host 10.136.38.199 port 22: Resource temporarily unavailable
Wheither it's from Github Action or from a second computer, I can't connect to the multipass instance over ssh.
But, I can connect to instance with the host computer.
I thought it may be a Firewall issue, so I disabled it with:
sudo systemctl stop ufw
I did this in the VM and the host machine, then I restarted ssh inside the instance.
The reason: I got those issues was the network I was working on. The ssh port for the server couldn't be reached.
I knew that by using nmap:
nmap -Pn -p 22 <IP_OF_SERVER>
The result was: The port is filtered.
Working with a mobile network didn't solve it either, since my ISP block this port. The solution was using the network from my house for the ssh server.
So I've managed to cut off the branch I was standing on so to speak. I was connected to a server and I ran sudo pkill where the PID was a process I thought I wanted to kill and and I think I killed the ssh process that was listening on port 22.
Here is what happens when I try to connect now:
<computer>:~ <user>$ ssh -p 22 -v <user>#<ipaddress>
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: /etc/ssh/ssh_config line 51: Applying options for *
debug1: Connecting to <ipaddress> [<ipaddress>] port 22.
debug1: connect to address <ipaddress> port 22: Connection refused
ssh: connect to host <ipaddress> port 22: Connection refused
Is there anyway I can connect via SSH? Or am I out of luck until I can login to the machine itself and restart the SSH server?
Try first a curl -v telnet:<user>#<ipaddress>:22
If it does not display a "Connected" message... there is no listener on port 22, which means the SSH daemon has been terminated.
You would then indeed wait for the opportunity to log on again, and restoart the SSH daemon.
I am trying to connect to AWS EC2 server from local system using SSH. It is connecting to instance when Security group Inbound permission for SSH is given as connect from anywhere. But whenever it is given specific IP address, it is giving Connection closed by remote host . I'm getting following error while connecting.
sudo ssh -vvv -i {$pemfile} ubuntu#{domain_name}
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to {HOST_NAME HERE} port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug3: Incorrect RSA1 identifier
debug3: Could not load "{KEY_PATH HERE}" as a RSA1 public key
debug1: identity file {KEY_PATH HERE} type -1
debug1: identity file {KEY_PATH HERE} type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
ssh_exchange_identification: Connection closed by remote host
Are you giving your IP correct? You might be using IP you get from something like http://formyip.com/ and what EC2 instance is getting might be different one.
Try following:
Change setting to: Allow all IP
SSH into your instance
See the logs at /var/log/auth.log (not very sure about this logfile location)
Identify your IP for last successful login attempt (which might or might not be same as you got from above website)
Use IP from logs (if different) in security group settings
TRY AGAIN :D
I didn't look into details but restarting the instance solved my problem simply.
Open your instance link in aws web interface and go to the "connect" tab, there shows the SSH connection information, make sure you are following it correctly.
My problem was using ec2-user as username instead ubuntu#ec2-my-ip.aws.com
So I'm on my local machine, and I'm sshing into a google compute server.
From this google compute server, I'm trying to establish an ssh tunnel to a third party server ($host) using the following command:
ssh username#$host -L 3306:127.0.0.1:3306 -N
And after hanging for 20-30 seconds, I get:
ssh: connect to host $host port 22: Connection timed out
I can use the exact same command on my local machinet to the third party server and it works fine.
I've killed anything using the 3306 port on the google compute server.
I've opened port 22 and 3306 on the google server through the interface (through I can't tell if this applies to outbound connections also).
Not sure where to go from here, any help would be appreciated.
Edit1: The google server can successfully ping the third party server.
Edit2: Just tried it from the company server, it doesn't work there either. Both he google-compute and the company server are linux (Deb Wee and Ubuntu respectively) and the local machine is windows. The fact that I'm sshing into them shouldn't make a difference should it?
Edit3: Changed the default SSH port on the google server to 22222 and connected to it using that instead. Trying to connect to third party now with:
sudo ssh -p 22 username#$host -L 3306:127.0.0.1:3306 -N -v -v -v
Debug output is:
OpenSSH_6.6.1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to $host [$host] port 22.
And after that it just hangs.
Debug output on local machine using same command is is:
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug2: ssh_connect: needpriv 0
debug1: Connecting to $host [$host] port 22.
debug1: Connection established.
*other junk*
Turns out the third party server had ssh blocked from anywhere outside Australia
-_-