Why can I ping a server but not connect via SSH? [closed] - ssh

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
When I ping my server, it responds:
user#localhost:~$ ping my.server
PING my.server (111.111.111.11) 56(84) bytes of data.
64 bytes from my.server (111.111.111.11): icmp_req=1 ttl=42 time=38.4 ms
64 bytes from my.server (111.111.111.11): icmp_req=2 ttl=42 time=50.0 ms
64 bytes from my.server (111.111.111.11): icmp_req=3 ttl=42 time=58.6 ms
^C
--- my.server ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 38.419/49.037/58.637/8.287 ms
but when I try to ssh (something that I always do, and have been doing for the past few hours on the same connection), it hangs:
user#localhost:~$ ssh my.server
http://speedtest.net says that my connection has 1.5 Mbps download and 0.4 Mbps upload speed.
Is there a reason that ssh hangs?
Results from suggestions provided in answers
from #nsfyn55
user#localhost:~$ telnetmy.server 22
Trying 111.111.111.11...
Connected to my.server
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
Connection closed by foreign host.
from #vahid:
user#localhost:~$ nc -v -w 1 111.111.111.111 -z 22
nc: timeout cannot be negative

ping (ICMP protocol) and ssh are two different protocols.
It could be that ssh service is not running or not installed
firewall restriction (local to server like iptables or even sshd config lock down ) or (external firewall that protects incomming traffic to network hosting 111.111.111.111)
First check is to see if ssh port is up
nc -v -w 1 111.111.111.111 -z 22
if it succeeds then ssh should communicate if not then it will never work until restriction is lifted or ssh is started

Find out two pieces of information
Whats the hostname or IP of the target ssh server
What port is the ssh daemon listening on (default is port 22)
$> telnet <hostname or ip> <port>
Assuming the daemon is up and running and listening on that port it should etablish a telnet session. Likely causes:
The ssh daemon is not running
The host is blocking the target port with its software firewall
Some intermediate network device is blocking or filtering the target port
The ssh daemon is listening on a non standard port
A TCP wrapper is configured and is filtering out your source host

On the server, try:
netstat -an
and look to see if tcp port 22 is opened (use findstr in Windows or grep in Unix).

Related

I'm not able anymore to acces via ssh

For a project, I need to access the faculty server
Remotely through ssh after connecting the faculty VPN with my credentials.
Before,I log in quietly until recently with:
ssh my_name_user#147.163.26.244
it appeared to enter the password and entering the credentials I accessed the server (actually a virtual machine mounted on the server for me).
Now with the command above nothing happens and after waiting a bit I get:
ssh: connect to host 147.163.26.244 port 22: Connection timed out
What may have happened?
Yesterday I changed my password to access University services (mandatory after 3 months for security reasons). After doing so I had to change that new password in the VPN configurations and I was able to have access to the VPN and also to the server, until this all ok. From today at 13.00 this problem occurs.
Does anyone have any idea what this is all about?
(I'm on Ubuntu. The server(the virtual machine is a Lubuntu system))
Thanks for your attention.
Update:
The command
ping 147.163.26.244
gives me:
PING 147.163.26.244 (147.163.26.244) 56(84) bytes of data.
and
telnet 147.163.26.244 22
gives:
Trying 147.163.26.244...
and it remain running. What can I deduce?
As ssh shows connection timeout its nothing to do with your credentials. It hasn't go to the authentication level but failing before that itself.
First of all check if the IP is accessible from you machine using Ping (hoping ICMP should be allowed by the Firewall).
ping server_ip
If it shows not accessible- then make sure there is a route for the IP/IP subnet of the server IP through the vpn tunnel. You can do it by using route/netstat
example
netstat -nr | grep "147.163"
If route is not present you may have to add a route for this IP through the VPN tunnel. You can find the "route add.." or "ip route add ... " commands for this from google depending on your machine platform.
If the Ping shows the IP is pinging, we need to make sure the ssh service is running on the port 22. Just do a telnet and check
telnet <server_ip> 22
if the connection shows UP, in your case which shouldn't show UP btw :)as you got a timeout already. Then problem can be
(1) ssh service not running
(2) any firewall blocking your connection
You may have to get in touch with the ADMIN in that case.
===== Update =========
I guess your ping itself is failing.
Ping should show it is getting response.
example :
XXXXXXX$ ping 216.58.217.174
PING 216.58.217.174 (216.58.217.174): 56 data bytes
64 bytes from 216.58.217.174: icmp_seq=0 ttl=43 time=273.068 ms
64 bytes from 216.58.217.174: icmp_seq=1 ttl=43 time=317.405 ms
64 bytes from 216.58.217.174: icmp_seq=2 ttl=43 time=361.682 ms
64 bytes from 216.58.217.174: icmp_seq=3 ttl=43 time=266.436 ms
Check for the routes in your machine using route or netstat.
Possibilities :
server is down
Proper route is not present for the IP/subnet of the ssh server through VPN tunnel

Cant SSH over IPSEC

I am in AWS and i have two VPCS between virgina and oregon and I am trying to SSH from either region.
My rules allow everything needed and I can ping
Virgina
IPSEC-Machine 10.10.1.47
Host-Machine-V 10.10.4.125
Oregon
IPSEC-Machine 10.20.0.97
Host-Machine-O 10.20.1.190
I can ping between regions
[ec2-user#ip-10-20-0-97 ~]$ ping 10.10.1.47
PING 10.10.1.47 (10.10.1.47) 56(84) bytes of data.
64 bytes from 10.10.1.47: icmp_seq=1 ttl=64 time=60.5 ms
--- 10.10.1.47 ping statistics ---
2 packets transmitted, 1 received, 50% packet loss, time 1002ms
rtt min/avg/max/mdev = 60.560/60.560/60.560/0.000 ms
SSH seems to work
[ec2-user#ip-10-10-1-47 ~]$ nc -v -w 1 10.20.1.190 -z 22
Connection to 10.20.1.190 22 port [tcp/ssh] succeeded!
[ec2-user#ip-10-10-1-47 ~]$
But when on 10.10.1.47 and I type ssh 10.20.1.190 it just hangs and I get nothing. The keys are all correct but even if I get a permission denied at this point I would be happy.
I'm not really sure what could be causing this, but here are a few things to try:
Use the EC2 hostname to connect - it's possible that something in the addressing is causing problems between the regions. My only guess at the moment is that the IP address is actually someone else's server in the Virginia region, and not your server in Oregon.
Run the nmap portscanner to ensure that the port is open. I saw that you used netcat, but a proper portscan may help.
Run ssh -vvv to get verbose output, this may give you some information to figure out what the problem is.

Cannot access remote application over my vpn

I am running a java application on a remote server that opens port 7462 for a telnet connection to issue simple commands. I have established a VPN connection (using openvpn) between my local machine and the remote server, but cannot telnet from my local machine to port 7462. The IP address of my vpn server is 10.8.0.1. I am also running postfix on my remote server and am able to telnet to port 25 without any issues. The following commands yield the below results:
On my local machine:
$ telnet 10.8.0.1 25
Trying 10.8.0.1...
Connected to 10.8.0.1.
Escape character is '^]'.
220 xxxxx.com ESMTP Postfix (Debian/GNU)
quit
221 2.0.0 Bye
Connection closed by foreign host.
$ telnet 10.8.0.1 7462
Trying 10.8.0.1...
Connected to 10.8.0.1.
Escape character is '^]'.
Connection closed by foreign host.
$
On the remote server:
$ netstat -plnt | grep -P "7462|25"
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
tcp 0 0 10.8.0.1:7462 0.0.0.0:* LISTEN 6463/java
tcp6 0 0 :::25 :::* LISTEN -
$ telnet 10.8.0.1 7462
Trying 10.8.0.1...
Connected to 10.8.0.1.
Escape character is '^]'.
exit
OK Goodbye
Connection closed by foreign host.
An iptables -L command on both the local and remote machine show that I have no firewall rules established and I have not specifically configured any routes.
I can't figure out why I can connect to the remote server's port 25 from my local machine, but not port 7462. From the remote server though I can connect to port 7462 using the 10.8.0.1 IP address. I'd be happy to provide any additional information and thanks in advance for you help
-Nathan
I figured out my problem. The application was limiting the IP addresses that could connect on the 7462 port and it was a configuration item that needed to be set (default was just localhost). I feel a little silly for such a simple answer, but thanks for the suggestions!
I figured out my problem. The application was limiting the IP addresses that could connect on the 7462 port and it was an (obscure) configuration item that needed to be set (default was just localhost). I feel a little silly for such a simple answer, but thanks for the suggestions!

apache and httpd running but I can't see my website [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have installed apache on my server however I can not browse my website through my server's IP. the setup of the apache is a single account server under /var/www/htdocs/.
Is there anything else I need to do to be able to see the account via my server's IP?
There are several possibilities.
firewall, iptables configuration
apache listen address / port
More information is needed about your configuration. What distro are you using? Can you connect via 127.0.0.1?
If the issue is with the firewall/iptables, you can add the following lines to /etc/sysconfig/iptables:
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
(Second line is only needed for https)
Make sure this is above any lines that would globally restrict access, like the following:
-A INPUT -j REJECT --reject-with icmp-host-prohibited
Tested on CentOS 6.3
And finally
service iptables restart
Did you restart the server after you changed the config file?
Can you telnet to the server from a different machine?
Can you telnet to the server from the server itself?
telnet <ip address> 80
telnet localhost 80

How to ssh to a remote server behind multiple firewalls? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
Here is my situation
I could access Server A from my home laptop via ssh.
Server B is only accessible from Server A via ssh.
Server C is only accessible from Server B via ssh.
Is there anyway that I could configure my .ssh/config so that I could ssh to Server C directly from my laptop ? I need this because I need regularly transfer files from Server C back to my laptop. I'm using 'scp' but go through this ssh hierarchy manually is too painful. I'm wondering whether there's a more straight-forward to do this via the magic of ssh.
You want to set up SSH tunnels to to allow SSH like this:
A => B
B => C
Here's an example of how to setup the tunnel to B through A on Linux:
ssh -f myusername#hostA -N -L 4444:hostB:22
Then, you should be able to ssh to port 4444 on hostA, and have that forwarded to port 22 (where SSH commonly runs) on hostB. After running the above command, try this:
ssh -p 4444 hostA
That should connect you to hostB. You may have to change ports for this to work, if port 4444 on hostA is already being used you'll have to pick a different port. Assuming that this works, you can use the same command with different hostnames to set up the tunnel from B => C:
ssh -f myusername#hostA -N -L 4444:hostB:4444
ssh -f myusername#hostB -N -L 4444:hostC:22
This is also useful if you want to set up a SOCKS proxy for web browsing. I do this so that my web traffic looks like it's coming from my university, so that I can use online access to scientific journals.
References:
Tunneling protocol
Breaking firewalls with OpenSSH and Putty
How to create an SSH tunnel using Putty, and then use that tunnel as a Firefox SOCKS proxy