Not able to ssh to another computer, but can ping it?

  • Unable to ssh to another computer but can ping it? Not sure what I am missing?
    Using a Netgear router

    bash-3.2$ ifconfig
    lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
            inet6 ::1 prefixlen 128 
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
            inet 127.0.0.1 netmask 0xff000000 
    gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
    stf0: flags=0<> mtu 1280
    en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
            ether xx:xx:xx:xx:xx:xx 
            media: autoselect (none)
            status: inactive
    en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
            ether xx:xx:xx:xx:xx:xx 
            inet6 xxxx::xxxx:xxxx:xxxx:xxxxxx prefixlen 64 scopeid 0x5 
            inet 10.0.0.3 netmask 0xffffff00 broadcast 10.0.0.255
            media: autoselect
            status: active
    fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
            lladdr xx:xx:xx:xx:xx:xx:xx:xx 
            media: autoselect <full-duplex>
            status: inactive
    bash-3.2$ ssh [email protected]
    ssh: connect to host 10.0.0.4 port 22: Connection refused
    bash-3.2$ ssh -p 5900 [email protected]
    ssh: connect to host 10.0.0.4 port 5900: Connection refused
    bash-3.2$ ping 10.0.0.3
    PING 10.0.0.3 (10.0.0.3): 56 data bytes
    64 bytes from 10.0.0.3: icmp_seq=0 ttl=64 time=0.046 ms
    64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=0.079 ms
    64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.078 ms
    64 bytes from 10.0.0.3: icmp_seq=3 ttl=64 time=0.077 ms
    64 bytes from 10.0.0.3: icmp_seq=4 ttl=64 time=0.079 ms
    64 bytes from 10.0.0.3: icmp_seq=5 ttl=64 time=0.081 ms
    64 bytes from 10.0.0.3: icmp_seq=6 ttl=64 time=0.078 ms
    ^C
    --- 10.0.0.3 ping statistics ---
    7 packets transmitted, 7 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 0.046/0.074/0.081/0.011 ms
    bash-3.2$ ping 10.0.0.4
    PING 10.0.0.4 (10.0.0.4): 56 data bytes
    64 bytes from 10.0.0.4: icmp_seq=0 ttl=64 time=2.667 ms
    64 bytes from 10.0.0.4: icmp_seq=1 ttl=64 time=2.675 ms
    64 bytes from 10.0.0.4: icmp_seq=2 ttl=64 time=2.969 ms
    64 bytes from 10.0.0.4: icmp_seq=3 ttl=64 time=2.663 ms
    64 bytes from 10.0.0.4: icmp_seq=4 ttl=64 time=2.723 ms
    ^C
    --- 10.0.0.4 ping statistics ---
    5 packets transmitted, 5 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 2.663/2.739/2.969/0.117 ms
    bash-3.2$ 
    
  • The server is either not running sshd (and hence not listening on port 22) or has a firewall blocking port 22 (the default ssh port), or in incredibly rare cases running ssh on some other port (which is almost certainly not the case).

    First check to make sure sshd is installed (using debian examples)

    sudo apt-get install openssh-server
    

    And if so, is it running:

    ps -ef | grep sshd
    

    then check to see if it is listening to port 22

    sudo netstat -nlp | grep :22
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      946/sshd
    tcp6       0      0 :::22                   :::*                    LISTEN      946/sshd
    

    then check your firewall rules (this varies significantly, so I'll show a debian/ubuntu/etc example):

    sudo ufw status
    
    sudo ufw show listening
    tcp:
      22 * (sshd)
      24224 * (ruby)
    tcp6:
      22 * (sshd)
      8080 * (java)
    udp:
      123 10.X.Y.Z (ntpd)
      123 * (ntpd)
      18649 * (dhclient)
      24224 * (ruby)
      34131 * (ruby)
      60001 10.87.43.24 (mosh-server)
      68 * (dhclient)
    udp6:
      123 fe80::1031:AAAA:BBBB:CCCC (ntpd)
      123 * (ntpd)
      48573 * (dhclient)
    

    If ufw shows it as closed then run (again a debian/ubuntu example)

    sudo ufw allow 22
    

    FWIW, it's somewhat common to have external-facing machines run SSH on a different port to mitigate attack surface

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM