# networking issues and ssh

## green_buddy

Hi all...

I'm not sure really what the problem is, but I know it's not working like it should!  :Wink:   Gentoo's installed and working, atleast as far as I can tell.  X is up and Gnome's on the Desktop... that's neither here nor there, but offers evidence as to why I think Gentoo's working.  :Very Happy: 

OpenSSH was emerged and I did an rc-update to get the sshd daemon running.

The machine is running behind a linksys firewall/router and has an ip-address of 192.168.1.101 set from doing a dhcp request to the router with internal address 192.168.1.1.

The issue is this... I can ssh to localhost 

```
ssh localhost
```

 just fine...  but when I try to ssh to either the machine's ip address or the hostname via either:

```
ssh 192.168.1.101
```

or

```
ssh <hostname>
```

I get the following message:

ssh: connect to host 192.168.1.101 port 22: Connection refused.

I can ping the machine from itself and other machines inside the LAN.  Anyone know what's up here?   :Confused: 

-green

----------

## cyfred

Do you get the same error from other LAN clients?

Do you have any firewall software installed?

----------

## spanommers

i would guess it's your router (you say that 192.168.1.101 is the ip of the router?). the two addresses that don't work are those of your router, so maybe your router hasn't mapped port 22 over to your computer. i think on a linksys (sorry, i use a piece-of-junk dlink), you open your router's ip in a web browser, and the default user/pass is /admin (no username).

otherwise, i'd check the sshd config to make sure it's not refusing ip's besides localhost.

----------

## green_buddy

Ok... so this is interesting.  I emerged nmap, 'cause it just didn't make sense that I could ssh to localhost (and 127.0.0.1), but not to the actual ip address of my machine (192.168.1.101).  I mean, I don't think I'm that much of a rookie!  :Wink: 

So I ran nmap on localhost (127.0.0.1) and got the following results:

```
bash-2.05b$ nmap localhost

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )

Interesting ports on localhost (127.0.0.1):

(The 1600 ports scanned but not shown below are in state: closed)

Port       State       Service

22/tcp     open        ssh

Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

```

And then I ran nmap on 192.168.1.101 and got something different:

```
bash-2.05b$ nmap 192.168.1.101

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )

Interesting ports on [i]hostname[/i] (192.168.1.101):

(The 1585 ports scanned but not shown below are in state: closed)

Port       State       Service

7/tcp      open        echo                    

9/tcp      open        discard                 

13/tcp     open        daytime                 

17/tcp     open        qotd                    

19/tcp     open        chargen                 

21/tcp     open        ftp                     

25/tcp     open        smtp                    

135/tcp    open        loc-srv                 

139/tcp    open        netbios-ssn             

445/tcp    open        microsoft-ds            

1025/tcp   open        NFS-or-IIS              

1026/tcp   open        LSA-or-nterm            

1027/tcp   open        IIS                     

1029/tcp   open        ms-lsa                  

2105/tcp   open        eklogin                 

3372/tcp   open        msdtc                   

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
```

Now does that make any sense?  There's gotta be somewhere that that stuff gets setup?  Where is that?  I'd also like to close some of those other ports that I had no idea were opened up!  :Twisted Evil: 

So confused!?!   :Confused: 

-green

----------

## krusty_ar

are you sure that you are connecting to the same machine?

maybe there's another pc with the same ip or some weird routing is taking place.

anyway, shame on you for running IIS on linux!!!  :Laughing: 

----------

## Sven Vermeulen

Perhaps you are not running ssh on that particular IP? Check your sshd_config settings to see what IPs it should bind.

Check the result using netstat, fuser or lsof.

----------

## green_buddy

Yeah seriously... how the hell did the IIS port get opened up?  I mean...  IIS is one of the main reasons I'm moving away from everything that is MS... they're security problems and inattention thereto scares me.  But how did these ports get opened?  How can I close them?  How do I open the ones that I want opened?  Does anyone know where this is controlled?

Please... please... please...   :Evil or Very Mad: 

-green

----------

## Praxxus

Make sure everything is in synch:

 Your host name in /etc/hostname

Your IP address from "/sbin/ifconfig"

The IP address/hostname combo in /etc/hosts

It almost sounds like you have the wrong information in /etc/hosts, so when you attempt to connect to 

192.168.1.101 it is resolving to a different machine.

Let us know how that all goes.  If that's not it, we'll move on.[/list]

----------

## EnsignRicki

I am having a similar problem.  My linksys router has an internel IP address of 192.168.0.1 and my linux machine has a static IP address 192.168.0.3.  I have setup the router to forward port 22 to 192.168.0.3.  However if I am on my school's UNIX machine and attempt to telnet to port 22 of my machine this is what I get:

```

username@machinename [3:13:12pm] {~}>   telnet <IP Address> 22

Trying <IP Address>...

telnet: Unable to connect to remote host: Connection refused

```

Now I have also setup the router to forward port 3389 to 192.168.0.3.  This is what I get when I try to telnet to port 3389 of my machine from my school machine:

```

username@machinename [3:15:52pm] {~}>   telnet <IP Address> 3389

Trying <IP Address>...

Connected to <IP Address>.

Escape character is '^]'.

```

Now here's the funny thing.  You would think that if I disabled port forwading for both ports 22 and 3389 that I would get the same error message when attempting to telnet to them.  However that is not the case.  This is what happens after disabling forwarding for port 22:

```

username@machinename [3:20:10pm] {~}>   telnet <IP Address> 22

Trying <IP Address>...

telnet: Unable to connect to remote host: Connection refused

```

Now this is what happens after disabling forwarding for port 3389:

```

username@machinename [3:25:00pm] {~}>   telnet <IP Address> 3389

Trying <IP Address>...

Connected to <IP Address>.

Escape character is '^]'.

Connection closed by foreign host.

```

Any idea what's going on?

Oh and if you're curious why I am forwarding port 3389 the truth of the matter is my linux machine is dual booting with Windows XP.  Port 3389 is the port I need to open in order to be able to use the Remote Desktop feature of XP.

----------

## cyfred

Sounds like you have some firewalling system on your router that is blocking any priveledged ports 0 - 1024, and allowing access to any non priveledged ports > 1024 ... 

Check your router firewall settings.

You need to be able to access port 22 on the router to have it forwarded to your machine.

----------

## charlieg

I hate to assume absolute ignorance, but did you try:

```
# /etc/init.d/sshd start
```

And did you check the sshd configuration?  (/etc/ssh/sshd_config)

I only suggest this because the following sounds not quite right, in that rc-update only adds it to a specified run-level:

 *green_buddy wrote:*   

> OpenSSH was emerged and I did an rc-update to get the sshd daemon running.

 

----------

## charlieg

 *EnsignRicki wrote:*   

> I am having a similar problem.  My linksys router...
> 
> [snip]
> 
> Any idea what's going on?

 

Sounds to be like your linksys router isn't being made aware of the changes.  Are you sure you don't have to hit a 'reload rules' option somewhere after configuration?  IIRC our routers (at my office) don't do live configuration, and needed a nudge to get into gear.

 *EnsignRicki wrote:*   

> Oh and if you're curious why I am forwarding port 3389 the truth of the matter is my linux machine is dual booting with Windows XP.  Port 3389 is the port I need to open in order to be able to use the Remote Desktop feature of XP.

 

 :Confused:  Ewwwwwwwwww....   :Wink: 

----------

## green sun

 *Quote:*   

> if I am on my school's UNIX machine and attempt to telnet to port 22 of my machine

 

Or your school is blocking priviliged ports.. 

You may want to give the Linksys a hard reboot & check that the change has been saved.. I love this cheap networking equipment, but remember that it doesn't have the feature of the big ($$$) boys... sometimes you gotta give it a little kick in the butt...

----------

