SSH can't connect
Rick Sewill
rsewill at gmail.com
Sun Oct 3 00:13:03 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/02/2010 11:32 AM, Jim wrote:
> Wether I run NX (nomachine) or SSH I get the same error message, no
> matter what host I try to connect to.
>
> And on the host servers SSHd is running.
> And so is the Client box.
>
> Running NX
> Error message: ssh: connect to host 70.236.39.98 port 22: Connection
> timed out
>
> Running $ ssh jim at 70.236.39.98
> ErrorMessage: ssh: connect to host 70.236.39.98 port 22: Connection
> timed out
>
My concern about security makes me worry about asking too much about the
host, 70.236.39.98
Unfortunately, a little more information about the host, 70.236.39.98,
might help.
Is it a dedicated always on the Internet host, or a "dial-up" host?
I note, when I do,
host -a 70.236.39.98
I get
;; ANSWER SECTION:
98.39.236.70.in-addr.arpa. 6995 IN PTR
ppp-70-236-39-98.dsl.ipltin.ameritech.net.
- From the answer, is the host, 70.236.39.98, using PPP and is the host
always on the Internet, or only on the Internet when 70.236.39.98 has
outgoing traffic?
I also think I cannot get very close to the host when I do,
traceroute -n 70.236.39.98
I shouldn't be surprised that I cannot ping 70.236.39.98
A number of firewalls don't respond to ping.
Another, completely orthogonal possibility, is to ask about the ISP.
Perhaps the ISP, Ameritech, is restricting ports?
A number of ISPs restrict email ports (port 25).
I haven't heard of ISP restricting ssh ports (port 22), but need to ask.
Do you have access to iptables on 70.236.39.98?
There is a way to see the "count" of the number of packets each iptable
rule handles.
I think, as root, one does iptables -L -v -n
The "-v" verbose option causes counts to be shown.
Please see "man iptables"
If we believe the problem is iptables on 70.236.39.98, we should see a
count for the iptables rule that is blocking the traffic increase.
I would discourage one from showing their iptables rules willy-nilly.
Please sanitize security information shown in open forums.
People will argue, if the rules are correct, it doesn't matter if they
are shown. I will counter by asking when does anyone, and I include
myself in this list of people who are very imperfect, have the rules
"perfectly" correct.
I suspect the packet isn't even getting to 70.236.39.98...but don't know
where, or why, the packet is getting dropped.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkynyo4ACgkQyc8Kn0p/AZSiRACgk7ObVoG/t1SOQCu6ZK5ul46w
zjMAoI5SkD2AD27YCn5ymMmQPpimlLbJ
=8D2u
-----END PGP SIGNATURE-----
More information about the users
mailing list