Sunday, January 10, 2010

Troubleshooting Skill - ssh: connect to host 10.0.0.1 port 22: Connection timed out lost connection

Could be:
a) You're not running sshd on Box A.
b) You're running a firewall somewhere that is blocking inbound port 22 to Box A.

On Box A run:
lsof -i :22

You should see (among other things) a line like the following showing it is LISTENing for connections. If not you may need to start your sshd or at least verify /etc/xinetd.d has it started.
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 1781 root 3u IPv6 4892 TCP *:ssh (LISTEN)

If above is running you can try "telnet 22" to see if this times out as well. If so it would indicate something isn't allowing connections even though you're LISTENing for them.

Possible culprits:
iptables (or some other firewall software) on Box A. If iptables you can run "service iptables stop" then test it. If it works you know it was iptables. You'd then need to figure out a rule to allow port 22 from Box B OR leave iptables off. (You should make a rule. Command to restart iptables is "service iptables start". Turn it off just to see if it is the problem.)

SELinux on Box A. SELinux is a new NSA sponsored security sort of like a firewall on steroids and it is a huge pain for most people. Most people just disable it.

A physical switch/firewall between Box A and Box B that prevents port 22 traffic to Box A. For this you'd have to get a Network person involved if you're not the one who administers these. Typically between floors in buildings there are "VLANS" that do this kind of blocking.


I haven't used Firestarter but I gather from other comments I've seen that it is just a GUI front end for iptables. Since you can configure iptables from command line the answer would be yes.

"iptables -L" will list your current rules from command line.

In UNIX/Linux almost everything can be done from the command line even if it is sometimes easier to do from GUI. (Some GUI utilities even have logging modes that will show you the command line they're running behind the scenes.) This is mainly to allow for scripting tasks. I've been doing UNIX for so long it often doesn't even occur to me to look for a GUI solution even on the systems where I have KDE or Gnome running.

Referring from:
http://www.linuxquestions.org/questions/linux-server-73/ssh-connection-to-host-port-22-connection-timed-out-lost-connection-537110/
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)