Ubuntu – Connection timeout when trying to SSH

ftpsshUbuntu

The other day I tried to connect to my remote server via SSH as i always have. But now when I try to connect it just times out after about 60 seconds. I run

service ssh start

Which tells me that Job is already running: ssh. I then ran

$netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      1972/dovecot        
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      1972/dovecot        
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      2030/mysqld         
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      1972/dovecot        
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      1972/dovecot        
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      2157/perl           
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3028/sshd           
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      2273/master         
tcp6       0      0 :::80                   :::*                    LISTEN      2618/apache2        
tcp6       0      0 :::21                   :::*                    LISTEN      2291/proftpd: (acce 
tcp6       0      0 :::22                   :::*                    LISTEN      3028/sshd

I am able to access subdomains on my site, and FTP, but don't have the ability to SSH or even ping remotely. Any thoughts?

Best Answer

Some ideas:

To exclude a problem at your end (not on the server), run ssh with the -v argument to see what is going on.
telnet <server-ip> 22 will tell you if your connection reaches the server. It should respond with something like SSH-2.0-OpenSSH....
Check the server's log files (e.g. /var/log/auth.log, /var/log/secure) for any sshd-related messages. You should see connection attempts from your remote IP address if the connection reaches the server.
If your connection cannot reach your server's ssh port, this could have different reasons:
- Routing problem (in this case, connections to other ports should no go through, too.)
- External firewall blocking the connection.
- Local firewall (iptables) blocking the connection. Check with iptables -L if you have any rules installed.
- If you have denyhosts or fail2ban installed, then your IP is maybe blacklisted. Check your /etc/hosts.deny and the related log file.

Related Solutions

How to Turn Off FTP for Enhanced Security on Debian

You should know that Windows XP (and probably other versions) has an internal wrapper for FTP connections (the purpose of this is to try to allow PORT command to complete successfully, even behind a firewall or a router).

This wrapper intercepts any connection to any host on port 21, so it can monitor it and try to open the incoming port of a PORT command issued by the client.

This wrapper also has a side effect: as it intercepts any connection to a port 21, it sends a signal that the connection has been established to the software, which will see the connection as established, but the connection is really established only to Windows's internal wrapper.

The wrapper then tries to open the connection to the real host, and if it timeouts, then it sends a signal to the software that the connection has been lost. The software will see the connection as lost.

Summing this up, the software believes a connection has been successfully established, then lost, but no real connection has been established.

So, in your case, what happens: you run nmap. Nmap tries to connect to your server on port 21. Windows's wrapper intercepts the connection. Nmap "thinks" it is connected to your server (but it's only connected to the wrapper), and reports the port as opened.

You can confirm this by typing in a command line:

ftp 4.3.2.1

You'll see: C:>ftp 4.3.2.1

Connected to 4.3.2.1.

Connection closed by foreign host.

You can try any valid IP, ftp will always connect, and disconnect shortly after, whereas it should report "Connection timed out".

I never saw any documentation about this. After many investigation, I discovered this strange behavior, and after more investigation, discovered why it is here.

Well, the conclusion of this (big) answer is that the port 21 of your server is definitely closed, as netstat reports, and nmap is fooled by this behaviour.

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Best Answer

Related Solutions

How to Turn Off FTP for Enhanced Security on Debian

Ssh – How to automate SSH login with password

Related Topic