I'm trying to connect my ubuntu host to a fedora laptop via ssh in order to share files over ethernet. I have openssh server started on fedora (via service sshd start) and I already executed the command iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT in order to allow incoming ssh connections. Moreover the IPv4 address on the server is set by ifconfig enp2s0f0 192.168.10.10 netmask 255.255.255.0 up. But whenever I type ssh -A -Y 192.168.10.10 or ssh -4 192.168.10.10; I get always an error message showing "ssh: connect to host 192.168.10.10 port 22: Connection refused", even after having the firewall disabled using service iptables stop.
iptables -n -L -v output on fedora shows:
Chain INPUT (policy ACCEPT 11652 packets, 2859K bytes) pkts bytes
target prot opt in out source destinationChain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes
target prot opt in out source destinationChain OUTPUT (policy ACCEPT 11759 packets, 1665K bytes) pkts bytes
target prot opt in out source destination
iptables -n -L -v output on ubuntu shows:
Chain INPUT (policy ACCEPT 210K packets, 16M bytes) pkts bytes target prot opt source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt source destination
Chain OUTPUT (policy ACCEPT 209K packets, 15M bytes) pkts bytes target prot opt source destination
service sshd status gives me:
Redirecting to /bin/systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled)
Active: active (running) since Mon 2016-09-26 23:54:59 CET; 2min 49s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 9465 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 9474 (sshd)
CGroup: /system.slice/sshd.service
└─9474 /usr/sbin/sshd
Sep 26 23:54:59 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...
Sep 26 23:54:59 localhost.localdomain systemd[1]: sshd.service: PID file /var/run/sshd.pid not readable (yet?) after start: No such file or directory
Sep 26 23:54:59 localhost.localdomain sshd[9474]: Server listening on 0.0.0.0 port 22.
Sep 26 23:54:59 localhost.localdomain sshd[9474]: Server listening on :: port 22.
Sep 26 23:54:59 localhost.localdomain systemd[1]: Started OpenSSH server daemon.
Hint: Some lines were ellipsized, use -l to show in full.
the output of ss --tcp --listening -n -p is:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 5 192.168.122.1:53 *:* users:(("dnsmasq",pid=1260,fd=6))
LISTEN 0 128 *:22 *:* users:(("sshd",pid=9474,fd=3))
LISTEN 0 5 127.0.0.1:631 *:* users:(("cupsd",pid=2021,fd=12))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=9474,fd=4))
LISTEN 0 5 ::1:631 :::* users:(("cupsd",pid=2021,fd=11))
LISTEN 0 2 ::ffff:127.0.0.1:33311 :::* users:(("java",pid=3312,fd=16))
the output of the command ps -ef|grep sshd shows:
root 9474 1 0 Sep26 ? 00:00:00 /usr/sbin/sshd
root 9891 2624 0 00:11 pts/0 00:00:00 grep --color=auto sshd
this is the content of /etc/ssh/ssh_config:
# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Ciphers and keying
#RekeyLimit default none
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
# problems.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
The logs generated (fedora machine) after starting sshd are:
Sep 26 21:56:16 localhost.localdomain polkitd[987]: Registered Authentication Agent for unix-process:5657:2312980 (system bus name :1.112 [/usr/bin/pk
Sep 26 21:56:16 localhost.localdomain systemd[1]: Started OpenSSH Server Key Generation.
Sep 26 21:56:16 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...
Sep 26 21:56:16 localhost.localdomain sshd[5706]: Server listening on 0.0.0.0 port 22.
Sep 26 21:56:16 localhost.localdomain sshd[5706]: Server listening on :: port 22.
Sep 26 21:56:16 localhost.localdomain systemd[1]: Started OpenSSH server daemon.
Sep 26 21:56:16 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ss
Sep 26 21:56:17 localhost.localdomain polkitd[987]: Unregistered Authentication Agent for unix-process:5657:2312980 (system bus name :1.112, object pa
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <warn> (enp2s0f0): DHCPv4 request timed out.
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): DHCPv4 state changed unknown -> timeout
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): canceled DHCP transaction, DHCP client pid 5645
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): DHCPv4 state changed timeout -> done
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): device state change: ip-config -> failed (reason 'ip-config-unavailabl
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> NetworkManager state is now CONNECTED_LOCAL
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <warn> (enp2s0f0): Activation: failed for connection 'Profile 1'
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): device state change: failed -> disconnected (reason 'none') [120 30 0]
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): device state change: failed -> disconnected (reason 'none') [120 30 0]
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> connectivity: check for uri 'http://fedoraproject.org/static/hotspot.txt' failed w
Sep 26 21:56:29 localhost.localdomain avahi-daemon[893]: Withdrawing address record for fe80::2289:84ff:fe77:4b2a on enp2s0f0.
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> Auto-activating connection 'Profile 1'.
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): Activation: starting connection 'Profile 1' (565f53a4-6355-4307-86f1-2
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> NetworkManager state is now CONNECTING
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): device state change: prepare -> config (reason 'none') [40 50 0]
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): device state change: config -> ip-config (reason 'none') [50 70 0]
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> Activation (enp2s0f0) Beginning DHCPv4 transaction (timeout in 45 seconds)
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> dhclient started with pid 5924
Sep 26 21:56:29 localhost.localdomain dhclient[5924]: DHCPREQUEST on enp2s0f0 to 255.255.255.255 port 67 (xid=0x9b66907b)
Sep 26 21:56:31 localhost.localdomain avahi-daemon[893]: Registering new address record for fe80::2289:84ff:fe77:4b2a on enp2s0f0.*.
ps -ef | grep sshd on fedora gives the following output:
root 3471 1 0 17:46 ? 00:00:00 /usr/sbin/sshd
root 4164 3105 0 17:59 pts/0 00:00:00 grep --color=auto sshd
executing ip a within the server, gives the following output:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 20:89:84:77:4b:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.10.10/24 scope global enp2s0f0
valid_lft forever preferred_lft forever
inet6 fe80::2289:84ff:fe77:4b2a/64 scope link
valid_lft forever preferred_lft forever
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether bc:85:56:70:1b:57 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.103/24 brd 192.168.1.255 scope global dynamic wlp3s0
valid_lft 84531sec preferred_lft 84531sec
inet6 fe80::be85:56ff:fe70:1b57/64 scope link
valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:73:5a:6c brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:73:5a:6c brd ff:ff:ff:ff:ff:ff
executing route -n within the server, gives the following output:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 enp2s0f0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
executing sudo route -n within the ubuntu client machine, gives the following output:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.10.1 0.0.0.0 UG 100 0 0 enp14s0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp14s0
192.168.10.0 0.0.0.0 255.255.255.0 U 100 0 0 enp14s0
ip a on client machine:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp14s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 70:5a:b6:bf:fc:e6 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.10/24 brd 192.168.10.255 scope global enp14s0
valid_lft forever preferred_lft forever
inet6 fe80::ff27:c6bb:9a72:6d2/64 scope link
valid_lft forever preferred_lft forever
3: wlp20s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 70:f1:a1:69:c4:24 brd ff:ff:ff:ff:ff:ff
ip r on client machine:
default via 192.168.10.1 dev enp14s0 proto static metric 100
169.254.0.0/16 dev enp14s0 scope link metric 1000
192.168.10.0/24 dev enp14s0 proto kernel scope link src 192.168.10.10 metric 100
arping -I enp14s0 192.168.10.10 on client machine, got stuck at:
ARPING 192.168.10.10 from 192.168.10.10 enp14s0
output of sudo tcpdump -n -i any port 22:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
01:09:28.363302 IP 192.168.10.10.58906 > 192.168.10.10.22: Flags [S], seq 506055200, win 43690, options [mss 65495,sackOK,TS val 33913 ecr 0,nop,wscale 7], length 0
01:09:28.363357 IP 192.168.10.10.58906 > 192.168.10.10.22: Flags [R.], seq 0, ack 506055201, win 0, length 0
01:09:28.354895 IP 192.168.10.10.58906 > 192.168.10.10.22: Flags [S], seq 2349767060, win 43690, options [mss 65495,sackOK,TS val 34911 ecr 0,nop,wscale 7], length 0
01:09:28.354948 IP 192.168.10.10.22 > 192.168.10.10.58908: Flags [R.], seq 0, ack 2349767061, win 0, length 0
Does anyone have any idea?
Your help will be much appreciated.
Best Answer
I am assuming you want to connect to the
enp2s0f0interface of the server (all other interfaces (except loopback) areDOWN).From the logs you can see that DHCP requests on that interface are timing out. From the output of
ip ayou can see that the interface only has an IPv6 link-local address.You should either fix DHCP or manually assign an IPv4 address to the interface (
ip addr add x.x.x.x/24 dev enp2s0f0). Alternatively you can use IPv6.EDIT: More questions:
ip a,ip r, andiptables-saveoutput on the client?iptables-saveoutput on the server? Note thatiptables -vnLdoesn't print all the rules.ping 192.168.10.10)arping -I eth0 192.168.10.10) do you get a reply? is the MAC address in the reply correct? (it should be20:89:84:77:4b:2a).tcpdump -n -i any port 22) and try ssh-ing in what does tcpdump output?EDIT 2: Your client and server should have different IP addresses. Make the client 192.168.10.9 and the server 192.168.10.10.