I have one host which I am struggling to allow remote access to – each time I try and connect I get connection refused.
On the target, I have checked the port is open:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 47081/sshd
and in sshd_config I have setup both allowed users and match permitrootlogin:
AllowUsers root@1.2.3.4
PermitRootLogin no
Match Address 1.2.3.4
PermitRootLogin yes
When I try to connect from 1.2.3.4 I get connection refused using:
ssh -vv root@5.6.7.8 -p 2222
Response:
# ssh -vv root@5.6.7.8 -p 2222
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 5.6.7.8 [5.6.7.8] port 2222.
debug1: connect to address 5.6.7.8 port 2222: Connection refused
ssh: connect to host 5.6.7.8 port 2222: Connection refused
There is nothing in /var/log/secure or /var/log/messages on 5.6.7.8 to indicate a reason why it is being refused
SELinux is disabled and CSF is disabled with no other firewalls in between.
I can connect from my desktop to 5.6.7.8:2222 without any issues but not from another host (I have tried 2 different remote hosts) – what am I missing?
Best Answer
Run tcpdump or tshark on the server and try to connect from 1.2.3.4.
Do you see a SYN from 1.2.3.4 followed by an ICMP packet back to 1.2.3.4? Then the problem is on the server.
Do you see no SYN in the capture? Then something in the path is blocking the SYN, or something on 1.2.3.4.