# Help! SSH problems with new install [SOLVED]

## Punchcutter

[Putting this under networking rather than install subforum because I think it makes more sense]

Help! I just installed a new Gentoo box. There's almost nothing on it yet - fresh install. I want to work on continuing the userland installation from my established laptop, but cannot ssh into the new one. It's definitely talking to the network - I can ssh from the new box to the laptop, but from laptop to new box - no. If I try, I get "connection timed out".  I have installed a firewall (shorewall), but it is not running - I've doubled checked that. Also checked that sshd is running - yes. Maybe the one place where something strange could have happened is in the sshd config, which I have tweaked with my usual settings. But these settings have worked fine for me before.

I wanted to put the sshd configs here for your review, but the only way to do it (I think) is to scp them from the new box to the laptop first. When I tried to do that, the scp appeared to work (like this: scp sshdconf user@laptop:), it asked for my password as usual, but failed to transfer the file, and only printed "Wifi management tool" on the shell as output. WTH?!?!?!?!!!Last edited by Punchcutter on Wed Sep 14, 2016 6:43 am; edited 1 time in total

----------

## Buffoon

Try running client with -v switch.

----------

## Punchcutter

THanks Buffoon... good idea... I have been doing that to debug the ssh part, but forgot this time   :Embarassed: 

Well... the scp verbose log looks pretty normal, I think, and of course I can't copy the whole thing here, but it does contain this line, near the bottom:

 *Quote:*   

> Transferred: sent 1964, received 2852 bytes, in 0.1 seconds

 

But! The size of the file I'm trying to transfer is 3685   :Sad: 

----------

## montik

Are the two machine on the same LAN? Have you tried to check if it's a networking problem, e.g. can you ping from the laptop the other box?

Have you tried a default sshd config, just to see if the problem is in your tweaked conf?

----------

## Buffoon

sshd log in the new box probably will tell the story.

----------

## Punchcutter

OK, I feel silly, but... where do I find the logs for sshd? I've looked in the config file and turned on some stuff, like *Quote:*   

> SyslogFacility AUTH
> 
> LogLevel DEBUG
> 
> 

  restarted, and looked in /var/log/messages and /var/log/syslog, but nothing's coming out there. Also tried LogLevel INFO. Nothin'.

----------

## Punchcutter

OK, here's the sshd config. I used cat filename | ssh laptop "cat > filename" to move it over  :Smile: 

The part of this that I fiddled with are the following settings, which I usually use on my boxen: *Quote:*   

> PasswordAuthentication yes
> 
> PermitEmptyPasswords no
> 
> PermitRootLogin no

 

The rest should be defaults, I believe.

 *Quote:*   

> #	$OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
> 
> # This is the sshd server system-wide configuration file.  See
> 
> # sshd_config(5) for more information.
> ...

 

----------

## Buffoon

It logs to /var/log/messages unless you specify otherwise. You can keep a terminal window open with tail -f /var/log/messages running in it when you attempt remote login.

----------

## freke

 *Punchcutter wrote:*   

> OK, I feel silly, but... where do I find the logs for sshd? I've looked in the config file and turned on some stuff, like *Quote:*   SyslogFacility AUTH
> 
> LogLevel DEBUG
> 
>   restarted, and looked in /var/log/messages and /var/log/syslog, but nothing's coming out there. Also tried LogLevel INFO. Nothin'.

 

Stupid question - you have got a logger installed?

Also wgetpaste is a good util for pasting configs, logs etc. from your linux boxes to ie. bpaste.net.

----------

## Punchcutter

Well, I'm pretty well stumped now. Yes, I have sysklogd installed and added to my default runlevel. But there's nothing in /var/log/messages. I've checked arp -a on the laptop, and arp knows about the new host (MAC addr is correct). It really doesn't look like a network problem, because I can ssh from the new box to the old laptop, just not the other way.

I've got sshd started and added to the default runlevel, but it would SEEM there's nothing listening on port 22, by the way the laptop hangs and connection times out. But it appears there IS something. This is netstat -ln output:

```
Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State      

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     

tcp6       0      0 :::22                   :::*                    LISTEN     

udp        0      0 0.0.0.0:68              0.0.0.0:*                          

Active UNIX domain sockets (only servers)

Proto RefCnt Flags       Type       State         I-Node   Path

unix  2      [ ACC ]     SEQPACKET  LISTENING     12871    /run/udev/control

```

I've tried telnetting in to port 22, but the same timeout thing happens. Is IPv6 interfering with v4 here?? Any more clues about how to proceed with this are much appreciated.

----------

## chiefbag

You should try the following from your laptop to the ip address of the new machine

1: Whats the output of the following, replacing "ip-of-new-machine" with the actual ip address got from the ifconfig command?

```
telnet ip-of-new-machine </dev/null
```

2: Whats the output of the following assuming you have a connection.

```
ssh -v root@"ip-of-new-machine"
```

Most probably your Shorewall is blocking connections if the above fail, so clear down iptables manually.

```
iptables -F
```

----------

## ct85711

 *Quote:*   

> 
> 
> # Authentication:
> 
> #LoginGraceTime 2m
> ...

 

One thing to keep in mind, if that Root login is disabled by default, so trying to log in from root will always be denied, unless you change that.  It is better if you log in with an regular account and from there su into root...

 *Quote:*   

> #Port 22
> 
> #AddressFamily any
> 
> #ListenAddress 0.0.0.0
> ...

 

Another thing you may want to do, is specify what address to listen too (i.e. the pc's ip address), with the ListenAddress line

----------

## Tony0945

 *ct85711 wrote:*   

> Another thing you may want to do, is specify what address to listen too (i.e. the pc's ip address), with the ListenAddress line

 

Just checked my own boxes. Not necessary.  But check you router log to make sure there is no block there.

----------

## Punchcutter

 *chiefbag wrote:*   

> Most probably your Shorewall is blocking connections if the above fail, so clear down iptables manually.
> 
> ```
> iptables -F
> ```
> ...

 Thanks everyone. This was ultimately the clue that led me to the solution. Although iptables -F didn't actually solve the problem, I sorta knew that it HAD to be that something was blocking the connection, even though I thought shorewall was disabled. It turned out there was this other thing, shorewall-init, that was causing trouble. I think this is something fairly new in the shorewall system, as I saw it first on this install. I didn't realize it was running. I found I could give it a "stop" command, and magically, my ssh started being connected. The end.

----------

