2

This is all within a LAN. My server can be pinged. I can run php apps on my server from within the LAN.

I have installed openssh-server. I tried the command:

ps aux

and it shows the:

process listed as /usr/sbin/sshd -D

However, when I try the command:

netstat -tulpn

the PID/Program name column is blank (I mean it has a hyphen).

Honestly, I don't understand this area too well.

But the strange thing is that SSH used to work but it suddenly stopped. I'd really love to have some help on resolving this.

EDIT:

I Just realised that I cannot even run php apps via a browser. But localhost in the URI works with the default index.html page.

MORE INFO:

Just for the record, I never changed any iptables settings. Only after I got stuck with this problem that I did iptables -F.

I've even tried reinstalling ssh a couple of times but I do get the feeling that the entries in iptables are causing this problem as I learnt from the comments of below.

If I turn off the firewall with ufw disable, ssh localhost works.

Now when I try accessing this server from another PC, I get a pretty big error message like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @   
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS
POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be
eavesdropping on you right now (man-in-the-middle attack)! It is also
possible that a host key has just been changed. The fingerprint for
the ECDSA key sent by the remote host is
d4:........4:e9:75:06:61. Please contact your
system administrator. Add correct host key in
/home/khalid/.ssh/known_hosts to get rid of this message. Offending
ECDSA key in /home/khalid/.ssh/known_hosts:1   remove with: ssh-keygen
-f "/home/khalid/.ssh/known_hosts" -R 192.168.1.6 ECDSA host key for 192.168.X.X has changed and you have requested strict checking. Host key verification failed.

and there's no connection.

belacqua
  • 23,120
itsols
  • 1,140
  • Please explain "ssh localhost won't work either". What is the exact error message you get? What do the logs say (/var/log/syslog, /var/log/auth.log) about that time? Oh, and please just edit the question, rather than posting EDIT: at the end. We can see and compare previous versions. :) – gertvdijk Jan 24 '13 at 09:17
  • on the server, trying ssh localhost goes into a kind of 'freeze' mode or 'deadloop'. I did not wait long as I get a similar delay when trying from a workstation. – itsols Jan 24 '13 at 09:18
  • "goes into a kind of 'freeze' mode or 'deadloop'." This is not a specific description of your issue. Please explain exactly what happens. Are you being asked for a password? How long are you waiting? What happens when you add the -vvv option to ssh? – gertvdijk Jan 24 '13 at 09:19
  • Sorry if I wasn't specific... I'm waiting for ssh localhost to respomd. In the mean time, I see there are entries in the syslog to show something like [UFW BLOCK] IN=eth1 OUT= MAC =.... SRC=$ so I get the feeling that I'm being blocked. Maybe I'm wrong – itsols Jan 24 '13 at 09:23
  • It took about a minute to fail on the ssh localhost command. The output is ssh: connect to host localhost port 22: Connection timed out. – itsols Jan 24 '13 at 09:25
  • Please edit your question with these details. Comments are not meant to deal with these kind of ouptut. And it is very relevant as it shows you're running a firewall: UFW. It blocks the connections by dropping packets and let clients time out. Here is a short introduction on how to allow connections with your firewall. Please also include the output of sudo ufw status in your question. – gertvdijk Jan 24 '13 at 09:25
  • Can you check that you haven't given two different machines the same IP address by accident? – Robie Basak Jan 24 '13 at 09:59
  • @RobieBasak each computer has a different (static) ip4 but some have dynamic ipv6 – itsols Jan 24 '13 at 10:08

2 Answers2

2

PID/Program name is blank because you are not running as root, try,

sudo netstat -tupln

You can ssh localhost to check if the sshd is working. Check the firewall afterward.

EDIT:

After looking into the syslog I realised that the server was blocking inputs from eth1. So what I did was use 

sudo ufw allow 22

and accept inputs from this port.

I don't know why it worked before and stopped. And this is the first time I enabled this port to get ssh working. But this did the trick.

Many thanks to neo and gertvdijk for the inputs.

Tom Brossman
  • 13,111
neo
  • 219
  • 2
  • 6
  • you are correct.Thanks for the answer. Using sudo makes a difference. So I see that ssh is running. But ssh localhost won't work either. What should I do? – itsols Jan 24 '13 at 09:06
  • @itsols I've rejected your edit on this answer. Please post your steps towards the solution as a different answer (answering your own question). – gertvdijk Jan 24 '13 at 10:47
  • a proper way would be itsols answer your own question, and accept the answer – neo Jan 24 '13 at 10:49
1

I did not think it was necessary to post my own answer since it was a few steps based on the comments from @gertvdijk and @neo. Anyway, here it is a complete answer.

Many thanks to neo and gertvdijk for their inputs. Here's what I did to get it working:

  1. Checked the file /var/log/syslog using this command:

    sud editor /var/log/syslog

  2. Identified the entries that apparently suggested that incoming traffic on the LAN's ethernet card was blocked. The following is NOT the exact entry but it should give someone an idea:

    [UFW BLOCK] IN=eth1 OUT= MAC =.... SRC=$

    So if you have similar entries, you're blocked. In my case, eth1 connects to my LAN and eth0 to the Internet. The STRANGE thing though, is that I had never enabled or disabled the firewall. So I'm stumped as to how this could have happened.

  3. Any way, I used sudo ufw allow 22 to allow inputs from this port.

I don't know why it worked before and suddenly stopped. But these steps did the trick.

Once again, thanks for all the support!

itsols
  • 1,140