1

I'm trying to ssh to my Server. The SSH service is active when i check it with 

sudo service ssh status

Also when i do netstat -nat | grep 22 i get 

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 xx.xx.xx.xx:22       xx.xx.xx.xx:54197    ESTABLISHED
tcp6       0      0 :::22                   :::*                    LISTEN

I'm running following command on my Terminal: 

ssh root@xx.xx.xx.xx

and i get following error 

ssh: connect to host xx.xx.xx.xx port 22: Connection timed out

I also limited the access to my server via iptables. When i enter iptables -L i get following lines: 

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  x.x.x.x              anywhere
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             x.x.x.x              
ACCEPT     all  --  anywhere             x.x.x.x              
ACCEPT     all  --  anywhere             x.x.x.x              
ACCEPT     all  --  anywhere             x.x.x.x              
ACCEPT     all  --  anywhere             x.x.x.x              
ACCEPT     all  --  anywhere             x.x.x.x              
ACCEPT     all  --  anywhere             x.x.x.x              
ACCEPT     all  --  anywhere             x.x.x.x              
ACCEPT     all  --  anywhere             x.x.x.x              
ACCEPT     all  --  anywhere             x.x.x.x              
ACCEPT     all  --  anywhere             x.x.x.x              
ACCEPT     all  --  anywhere             x.x.x.x              
ACCEPT     all  --  anywhere             x.x.x.x              
ACCEPT     all  --  anywhere             x.x.x.x              
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:ssh
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

I have absolutly no clue how i can fix this issue. Can anyone help me?

Kind regards, Kevin

Stark Toni
  • 11
  • Are you run ssh root@xx.xx.xx.xx from the local machine or from remote machine? Maybe there is a firewall and you need to open port 22 in it. – pa4080 Jul 20 '17 at 07:53
  • 1
    Can you connect to your ssh from your target machine via ssh root@localhost? – Ziazis Jul 20 '17 at 07:53
  • @pa4080 i run the command from my local machine. Dumb question: how can i open the firewall on port 22? You mean the Firewall on the Server right? – Stark Toni Jul 20 '17 at 08:00
  • @Ziazis no that not possible. I get following message: connect to host localhost port 22: Connection timed out

    I also have to say i settup up some iptables so that the server is only accessible from my IP-Adress

     – Stark Toni Jul 20 '17 at 08:00
  • 1
    Are those public addresses unless they are, there is no reason for you to hide them. However we need to see those rules you set up since those seem to cause your timeout. – Ziazis Jul 20 '17 at 08:02
  • With Iptables: sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT or with UFW: sudo ufw limit 22. The limit rule is better, and if you want to implement it through iptables directly check this answer. – pa4080 Jul 20 '17 at 08:07
  • i allready run that command sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT. But the command sudo ufw limit 22 does not work.

    I runned those command on those answer. But still no connection from my local pc possible ...

     – Stark Toni Jul 20 '17 at 08:14
  • The first rule from the INPUT chain, blocks your input connections :) – pa4080 Jul 20 '17 at 08:15
  • Modify the above command in this way: sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPT where -I will insert the rule at the top of the chain, unlike -A which appends rules to the end of the chain. – pa4080 Jul 20 '17 at 08:21
  • It is strange because there is no other DROP rules. Have you changed the SSH port in /etc/ssh/sshd_config? – pa4080 Jul 20 '17 at 08:25
  • i now modified my iptable and it looks like -> see post above

    Yeah in /etc/ssh/sshd_config the port is configured 22

     – Stark Toni Jul 20 '17 at 08:28
  • i also changed the port with an other and tried it. But it didn't worked. Then i reversed i to the old port – Stark Toni Jul 20 '17 at 08:33
  • im also failing to ping the server ... :/ – Stark Toni Jul 20 '17 at 08:36
  • Sorry but I do not have other ideas. If I were you, I would flush my iptables (iptables -F) to clarify if this is the problem. Also I would carefully reading this and this topic about iptables configuration. Btw UFW is nice iptables manager. – pa4080 Jul 20 '17 at 08:38

1 Answers1

1

It may be the case that you do not have the "PermitRootLogin" setting in your SSH config file set to accept connections using the root account. In the config file (mine is /etc/ssh/sshd_config), this setting is "no" by default (for security reasons). Try connecting using another user account with SSH access, or try changing PermitRootLogin to "yes" and see what happens.

Darrell
  • 11
  • 1
    If this is the case the error message will be something about failed authentication. – pa4080 Jul 20 '17 at 07:58
  • it is allready set to yes – Stark Toni Jul 20 '17 at 08:01
  • Aha, I knew it seemed too simple (I had a similar issue once). IP tables can make life pretty terrible, as well. In my (admittedly limited) experience, this kind of problem usually stems from using the wrong IP address on accident or IP tables not being told to explicitly allow connections from specified IP addresses. – Darrell Jul 20 '17 at 08:11
  • You the thing is with iptables i limited access to certain ip's. They can now reach the server through the browser. But they can't make a ssh connection. I think the IP must be correct because they are able to access the Site via the Server. Only the SSH isn't working – Stark Toni Jul 20 '17 at 08:16