ssh: Connection refused when access remotely

Question

I recently installed ssh server openssh-server in my fedora 16. I added my friend user account to my sshuser list. When my friend tried to connect my server computer via ssh using following command

ssh sudip@192.168.1.123

then it shows following error

ssh: connect to host 192.168.1.123 port 22: Connection refused

but when i tried locally from my machine the server was connected.

root@localhost /]# ssh sudip@192.168.1.123
sudip@192.168.1.123's password: 
Last login: Tue Feb 26 13:24:42 2013 from localhost.localdomain
[sudip@localhost ~]$

Also, my firewall is allowing SSH and SHH is running on port 22. So how can i troubleshoot the error??

thank you in advance.

EDIT: I already started sshd using service sshd restart

EDIT2: output of: iptables -n -L -v

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
46970   23M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
   11   616 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
  133  8552 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
 2328  343K REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 59145 packets, 7665K bytes)
 pkts bytes target     prot opt in     out     source               destination

Edit 3: result of traceroute 192.168.1.123

traceroute to 192.168.1.123 (192.168.1.123), 30 hops max, 60 byte packets
 1  192.168.50.1 (192.168.50.1)  0.828 ms  0.805 ms  0.818 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

The workstation also uses fedora 16

From where does your friend connect? Out of the same building/network? — Sven, Feb 26 '13 at 07:55
he is on the same network. The ping command ping 192.168.1.123 works fine. — Bibek Subedi, Feb 26 '13 at 07:57
Can we also see the contents of `/etc/hosts.allow` and `/etc/hosts.deny`? — MadHatter, Feb 26 '13 at 08:10
You can `iptables -Z INPUT` to drop the counters. Then try to `ssh sudip@192.168.1.123` from work station. Then take a look at `iptables -n -L -v`. There should be some digits (not zero) on the line "0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22" — gevial, Feb 26 '13 at 08:36
@slimsuperhero there is not such digits. Instead there is zero — Bibek Subedi, Feb 26 '13 at 09:12
Show me please `traceroute 192.168.1.123` from your work station. BTW, what OS are you running on the work station? — gevial, Feb 26 '13 at 09:22
There is at least one router (192.168.50.1) between the work station and server. So, besides your server's `iptables` rules, it could be other rules on routers which could drop your packets. You could try `tcpdump -i ethX port 22` on your server and try to ssh to it from work station to see if any packets goes in (don't forget to replace ethX with actual name of the world-looking iface). However, without complete understaning of your network topology, it's hard to tell. — gevial, Feb 26 '13 at 09:42
Can you ping your ssh server from your friend's workstation? `ping 192.168.1.123` — Huygens, Feb 26 '13 at 09:54

score 7 · Answer 1 · answered Feb 26 '13 at 08:26

7

The Connection Refused message generally means that nothing is listening on that ipaddress:port. Check to see that sshd is listening on your 192.168.1.123:22

netstat -tnlp | grep :22
tcp        0      0 0.0.0.0:22          0.0.0.0:*           LISTEN      6809/sshd
tcp        0      0 :::22               :::*                LISTEN      6809/sshd

The above output is indicating that sshd is listening on all available ipv4 and ipv6 interfaces. If yours is different then you should check the ListenAddress directives in your sshd_config file.

answered Feb 26 '13 at 08:26

user9517

115,471
20
215
297

Since it's possible to connect from another client, that's unlikely to be the issue. – Jenny D Feb 26 '13 at 08:28
@JennyD: The OP says `locally from my machine` which suggests that the connection will have been via lo. – user9517 Feb 26 '13 at 08:31
I checked it is listening on 192.168.1.123:22 – Bibek Subedi Feb 26 '13 at 09:04
Hmm this is interesting `netstat -tnlp` gives me an empty response. The sshd server is running according to `ps aux | grep sshd`. I tried with a socket server too, it was able to access localhost, but connection refused by using the local ip. The machine does not have firewall installed, so I have no clue what is wrong. Telnet gives me connection refused too. – inf3rno Feb 07 '16 at 16:03

floodpants · Accepted Answer · 2013-02-26T08:08:35.857

2

You can use ssh -vvv user@192.x.x.x to get debug info on the connection. If -vvv is too much info you can use -vv or -v for less detailed debug info.

On the remote server, you should be able to see some info in /var/log/message or /var/log/syslog also.

A combo of those 2 things should point you in the right direction.

edited Feb 26 '13 at 08:08

answered Feb 26 '13 at 07:57

floodpants

326
1
2
7

score 1 · Answer 3 · answered Feb 26 '13 at 10:57

1

Executing ssh -vv sudip@192.168.1.123 will show you the detailed info of the SSH connetion. Also you can try "telnet 192.168.1.123 22" (telnet hostname port) in order to verify whether port 22 is listening.

answered Feb 26 '13 at 10:57

Karthikeyan

11
1

ssh: Connection refused when access remotely

3 Answers3