# Port 22 connection refused

## satimis

Hi folks,

I have 2 linux PCs, PC1 running RH9 and PC2 running Gentoo respectily.  Both of them have sshd starting at boot.

PC2-Gentoo can connect X-server of PC1-RH9.  But PC1-Rh9 could NOT connect PC2-Gentoo

PC1-RH9  IP:192.168.0.1

PC2-Gentoo  IP:192.168.0.2

# ssh -X root@192.168.0.2

# ssh -l root 192.168.0.2

ssh: connect to host 192.168.0.2 port 22: Connection refused

# export DISPLAY=192.168.0.2:0.0

# konqueror

konqueror: cannot connect to X server 192.168.0.2:0.0

# /usr/X11R6/bin/xhost 192.168.0.2

/usr/X11R6/bin/xhost:  unable to open display "192.168.0.2:0.0"

Ping is OK

# ping -c 3 192.168.0.2

PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.

64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.552 ms

64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.217 ms

64 bytes from 192.168.0.2: icmp_seq=3 ttl=64 time=0.226 ms

--- 192.168.0.2 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2012ms

rtt min/avg/max/mdev = 0.217/0.331/0.552/0.157 ms

Port 22 seems permanently locked

/et/ssh/ssh_config  of both PCs has following entry

Host *

	ForwardX11 yes

Kindly advise how to fix this problem

Thanks

B.R.

satimis

----------

## tam1138

First, make sure sshd is running on the Gentoo box:

```
$ ps auxww | grep [s]shd
```

should return something pointful.

Then, make sure it's listening on port 22:

```
# netstat -tlp
```

You should see a line that says "*:ssh" under the Local Address heading.

Assuming both tests passed, I would install nmap on the RedHat machine and make sure the Gentoo box is accepting connections on port 22:

```
# nmap -sT 192.168.0.2
```

You should see a line "22/tcp open ssh".

If all that is working, something is on crack.  If one of the checks fails, detail how it failed and we'll go from there.

----------

## satimis

 *tam1138 wrote:*   

> First, make sure sshd is running on the Gentoo box:
> 
> ```
> $ ps auxww | grep [s]shd
> ```
> ...

 

Hi,

Thanks for your advice.

# ps auxww | grep sshd

root      2155  0.1  0.3  2868 1348 ?        S    14:10   0:00 /usr/sbin/sshd

root      2330  0.0  0.1  1436  448 pts/0    S    14:12   0:00 grep sshd

# ps auxww | grep ssh

root      2155  0.1  0.3  2868 1348 ?        S    14:10   0:00 /usr/sbin/sshd

root      2332  0.0  0.1  1436  448 pts/0    S    14:12   0:00 grep ssh

# netstat -tlp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp        0      0 *:6000                  *:*                     LISTEN      2191/X

tcp        0      0 *:ssh                   *:*                     LISTEN      2155/sshd

":ssh" under *

Continued

On PC-1-RH9 box

# nmap -sT 192.168.0.2

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )

sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.0.2, 16) => Operation not permitted

All 1601 scanned ports on  (192.168.0.2) are: closed

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

# ssh -l root 192.168.0.2

ssh: connect to host 192.168.0.2 port 22: Connection refused

Would it be  iptables  on PC2-Gentoo box stop it?

B.R.

satimis

----------

## tam1138

 *satimis wrote:*   

> Would it be iptables on PC2-Gentoo box stop it?

 

Precisely.  Because netstat shows that sshd is in fact listening on port 22 and the nmap from another machine shows no response on port 22, this means a firewall is in the way.  This is because programs can open all the ports they want for listening and hence netstat reports them, but because the firewall prevents the packets from arriving at the appropriate program, nmap doesn't show anything.

My experience with iptables is sorely lacking, I'm not sure how much help I will be from here.  Perhaps the output of "/sbin/iptables --list" would be enlightening?

----------

## satimis

 *tam1138 wrote:*   

>  *satimis wrote:*   Would it be iptables on PC2-Gentoo box stop it? 
> 
> Precisely.  Because netstat shows that sshd is in fact listening on port 22 and the nmap from another machine shows no response on port 22, this means a firewall is in the way.  This is because programs can open all the ports they want for listening and hence netstat reports them, but because the firewall prevents the packets from arriving at the appropriate program, nmap doesn't show anything.
> 
> My experience with iptables is sorely lacking, I'm not sure how much help I will be from here.  Perhaps the output of "/sbin/iptables --list" would be enlightening?

 

Hi,

# /sbin/iptables --list

modprobe: Can't locate module ip_tables

iptables v1.2.8: can't initialize iptables table `filter': iptables who? (do you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

# iptables -F

modprobe: Can't locate module ip_tables

iptables v1.2.8: can't initialize iptables table `filter': iptables who? (do you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

Iptables seems not running

B.R.

satimis

----------

## tam1138

 *satimis wrote:*   

> Iptables seems not running

 

That is odd.  I would grovel through your system logs to see if anything pops out as suspicious.  Assuming you installed metalog as recommended by the Gentoo install instructions, you want to look at /var/log/everything/* and /var/log/sshd/*.

----------

## satimis

 *tam1138 wrote:*   

>  *satimis wrote:*   Iptables seems not running 
> 
> That is odd.  I would grovel through your system logs to see if anything pops out as suspicious.  Assuming you installed metalog as recommended by the Gentoo install instructions, you want to look at /var/log/everything/* and /var/log/sshd/*.

 

Hi,

Finally I discover the cause of the problem but still there are some minor problems remained unsolved.

PC1-RH9 box

==========

Recently I am testing Shorewall 1.4.7 on this box so that there are 2 firewalls, Shorewall and Iptables, running on the same box but without conflict.  I have configured Shorewall 1.4.7 including IP masquerading leaving Iptables untouched as default firewall eversince the intallation of RH9.

After stopping Iptables

# /etc/init.d/iptables stop

Then PC1-RH9 box, both as ROOT and USER, can connect both ROOT's and USER's X-server of PC2-Gentoo box.

PC2-Gentoo box

============

This box also has 2 NICs

eth0    connected to broadband via ADSL modem when it works as standalone workstation.  At time of testing SSH there is no connection

eth1    connected to PC1-RH9 box

If I add 'adsl-start' in /etc/conf.d/local.start, this box can't connect X-server of PC1-RH9 box (however login to PC1-RH9 box being possible).  I have to remove it from /etc/conf.d/local.start.  In the recent test I added it to reconfirm this discovery.

Now another minor problem popup after removing 'adsl-start' at finish of the aforesaid reconfirmation.  As ROOT PC1-Gentoo box can't connect X-server of PC1-RH9 box (login being possible)

# ssh -l root 192.168.0.1

root@192.168.0.1's password:

Warning: No xauth data; using fake authentication data for X11 forwarding.

Last login: Sun Nov  9 16:53:10 2003 from 192.168.0.2

# konqueror

Xlib: connection to "localhost:11.0" refused by server

Xlib: Invalid MIT-MAGIC-COOKIE-1 key

konqueror: cannot connect to X server localhost:11.0

# kedit

Xlib: connection to "localhost:11.0" refused by server

Xlib: Invalid MIT-MAGIC-COOKIE-1 key

kedit: cannot connect to X server localhost:11.0

But as USER PC2-Gentoo box can connect X-server of PC1-RH9 box.

My new questions are;

1) How to configure Iptables so that it can coexist with Shorewall without affecting SSH

2) How to solve the remaining problem in PC2-Gentoo box as mentioned above

Thanks in advance.

B.R. 

satimis

----------

