I have a VM installed with some custom disk image (CentOS) from work, and I can't SSH into the VM.
Here are some things I've tried:
[VM]$ ssh root@localhost
Password:
Great, ssh is working with the loopback.
But when I try from the host machine:
~/VirtualBox VMs% ssh -v -v -v root@192.168.56.1
OpenSSH_5.9p1, OpenSSL 0.9.8y 5 Feb 2013
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.56.1 [192.168.56.1] port 22.
debug1: connect to address 192.168.56.1 port 22: Connection refused
ssh: connect to host 192.168.56.1 port 22: Connection refused
Nada. Ping works though.
on the VM, /etc/hosts.allow:
ssh:ALL:allow
sshd:ALL:allow
nothing in hosts.deny
EDIT:
I've also done:
service iptables save
service iptables stop
chkconfig iptables off
EDIT:
I'm also seeing this message on the VM in /var/log/secure
But I can ssh just fine from the VM to the VM, so this isn't the issue, right?
EDIT:
[VM]$ lsof -i :22
And I have, in /etc/ssh/sshd_config
PermitRootLogin yes
And cannot login with a separate username.
EDIT:
netstat -pant |grep :22
and netstat -ntp |grep :22
I think maybe this also points towards the IPv6 solution?
EDIT:
Existing config for
vi /etc/sysctl.conf
New config for
vi /etc/sysctl.conf
I then ran the commands:
sysctl -w net.ipv6.conf.default.disable_ipv6=1
sysctl -w net.ipv6.conf.all.disable_ipv6=1
chkconfig ip6tables off
service sshd restart
init 6
Aaaaaaand, still nothing. But after a restart, it looks like ipv6 isn't disabled. I'm getting the same error message.
And lsof -i :22
is still saying type IPv6:
EDIT: Going further down the IPv6 rabbit hole.
http://ubuntu-tutorials.com/2008/01/12/disabling-ssh-connections-on-ipv6/
It says to remove the commented line with #ListenAddress ::
, which seems fishy, cause it's already commented out. So I did, and nothing.
However, the next section has a useful tidbit:
AddressFamily inet # IPv4 only
When I add this line to /etc/ssh/sshd_config
and do a couple consecutive restarts, I now see that my address binding error has stopped appearing in /var/log/secure
and the output of lsof -i :22
now shows a type of IPv4!
Progress!! But unfortunately I still cannot connect. I tried rebooting the VM, opening new shell windows just in case there was some state left hanging around. Still the same answer.
~% ssh -vvv root@192.168.56.1
OpenSSH_5.9p1, OpenSSL 0.9.8y 5 Feb 2013
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.56.1 [192.168.56.1] port 22.
debug1: connect to address 192.168.56.1 port 22: Connection refused
ssh: connect to host 192.168.56.1 port 22: Connection refused
EDIT:
ok, so i got arp-scan and am trying to find IP conflicts, but now i'm even more confused.
ifconfig shows that vboxnet0, which is the host-only adapter, has an IP of 192.168.56.1. That's where I got that IP to begin with.
[local]~root# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 7c:d1:c3:e8:b0:e9
inet6 fe80::7ed1:c3ff:fee8:b0e9%en0 prefixlen 64 scopeid 0x4
inet 10.6.12.46 netmask 0xfffffe00 broadcast 10.6.13.255
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0e:d1:c3:e8:b0:e9
media: autoselect
status: inactive
vboxnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:00
inet 192.168.56.1 netmask 0xffffff00 broadcast 192.168.56.255
vboxnet1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:01
inet 192.168.57.1 netmask 0xffffff00 broadcast 192.168.57.255
But arp-scan -l
gives only domains starting with 10.6.*.*
So I guess it's looking at en0? So I tried
arp-scan -I vboxnet0 -l
mba-108-on-03:~ root# arp-scan -I vboxnet0 -l
Interface: vboxnet0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.56.100 08:00:27:bc:ed:2f CADMUS COMPUTER SYSTEMS
512 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8: 256 hosts scanned in 1.301 seconds (196.77 hosts/sec). 1 responded
Why is it now .100? #confused
vboxnet1 has nothing
mba-108-on-03:~ root# arp-scan -I vboxnet1 -l
Interface: vboxnet1, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
512 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8: 256 hosts scanned in 1.302 seconds (196.62 hosts/sec). 0 responded
All of the other interfaces don't work with arp-scan.
So let's show duplicates on the en0 interface:
mba-108-on-03:~ root# arp-scan -I en0 -l |grep DUP
10.6.12.68 84:8e:0c:75:5b:f4 (Unknown) (DUP: 2)
10.6.12.64 ac:cf:5c:42:24:47 (Unknown) (DUP: 2)
10.6.12.76 88:53:95:6e:6a:af (Unknown) (DUP: 2)
These numbers don't correspond to anything meaningful for me. Going to try a reboot, then the IPv6 suggestion.
EDIT:
The VM is a VirtualBox.
Adapter 1: NAT
Adapter 2: Host-only Adapter, 'vboxnet0'
Any ideas?
Best Answer
Ok, here's how it finally came together:
One of my coworkers recalled that the disk image "might not have a second interface enabled." Since the VBox is set up with NAT as adapter one and Host-only as adapter two, you need to have eth0 and eth1 set up on the disk image. We did not.
To do this:
ifconfig |less
does not have both eth0 and eth1 listed.cd /etc/sysconfig/network-scripts/
cp ifcfg-eth0 ifcfg-eth1
cp ifcfg-eth0.bak ifcfg-eth1.bak
HWaddr
and change eth0 to eth1ifup eth1
ifconfig
and take theinet addr
of eth1, which was a different IP for me. I'm now working with 192.168.56.101.ssh root@192.168.56.101
None of the edits in the question above were actually my problem, but it's all good debug info!!
Cheers,
Ken