Linux – ping works but ssh fails

machine1 IP: 172.30.11.119
machine2 IP: 172.30.11.120
machine3 IP: 172.30.11.121
machine4 IP: 172.30.11.122

Note:
These machines are connected to LAN.

I have configured the static IP for Ethernet interface of each machine as in above in /etc/network/interfaces file in order to persist the IP even after system reboot.

I have set the default gateway as 172.30.11.97 in machine 4 (in order to reach it from user desktop via putty connection manager)

allow-hotplug eth0
 iface eth0 inet static
      address 172.30.11.122
      netmask 255.255.255.0
      gateway 172.30.11.97

But in other 3 machines I didn't set the default gateway as done for 122. Instead I tried policy routing in those 3 machines like below in the "interfaces" and "rt_table" file:

 echo "1 policy_gw" >> /etc/iproute/rt_table
    In /etc/iproute/rt_table:
      1 policy_gw

In /etc/network/interfaces:

      allow-hotplug eth0
      iface eth0 inet static
              address 172.30.11.121
              netmask 255.255.255.0

      post-up ip rule add dev eth0 table policy_gw
      post-up ip route add default via 172.30.11.97 dev etho src 172.30.11.121/24 table policy_gw

Done like that for 120/119 machines. Now I can reach these machines directly via putty.

Problem faced: I am able to ping every machine in this LAN from some other machine in the same LAN. But ssh is failing with the error port 22: no route to host

Suppose if I am in machine 121 : ssh 172.30.11.120 is throwing the above error.

default gateway is a cisco system router/switch.They are blocking
ports for SSH,telnet protocols but not ICMP.

Routing table of machine 122:

root@debian:~# route -n                                       
Kernel IP routing table 
Destination  Gateway      Genmask       Flags   Metric Ref Use Iface 
0.0.0.0      172.30.11.97 0.0.0.0       UG       0      0   0  eth1 
172.30.11.0  0.0.0.0      255.255.255.0 U        0      0   0  eth1

Contents of ssh_config file:

Host *
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no

Best Answer

Does you hosts located in the same physical network?

"no route to host" - it seems to be an icmp answer from your router, your can test it with network analyzer. It seems your ssh traffic goes via router, despite hosts are located in the same network, maybe your policy_gw table have higher priority, than builtin table local. Router refuses to forward it (but in the same time it allows icmp somehow) or it really have no route to destination. See your router's tables or correct your policy routing for your hosts talk directly, as they should.

Best Answer

Related Solutions

Networking – Use Specific Interface for Outbound Connections on Ubuntu 9.04

Linux – Ubuntu can resolve DNS but cant PING our Download

Related Topic