Ubuntu
openssh package

cannot connect to server with ssh, firewall setting is correct

Asked by Bob McGowan

I have a system running Ubuntu Studio(Ubuntu 12.04.1 LTS) with kernel 3.2.0-23-lowlatency.

I've set the firewall using gufw, 'ufw status' says:

---
Status: active

To Action From
-- ------ ----
22 ALLOW Anywhere
22 ALLOW Anywhere (v6)
---

I believe this should be all I need to do to gain access using ssh from other systems, but I'm getting 'connection refused' when I try.

I don't know if this would be a bug or if there's other configuration I need to do?

Thanks for the help,

Bob

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu openssh Edit question
Assignee:
No assignee Edit question
Solved by:
Bob McGowan
Solved:
Last query:
Last reply:
Revision history for this message
Subin Hutton (djlynux) said : 		#1

please provide me the following details

1. lsb_release -a
2. dpkg -l | grep -i ssh
3. netstat -anp | grep :22

Revision history for this message
Bob McGowan (bob-bnlmcgowan) said : 		#2

Hi, Subin,

Thank you ;) 'netstat' and 'dpkg' were the 'give away' programs.

The system I was working on has had an ssh server installed for so long, I guess I forgot it isn't installed by default ;(

Installing the Openssh server package fixed it, of course.

Bob

Revision history for this message
gourav garg (gouravgargg) said : 		#3

I am facing the same issue, Ia m using VPS in OpenVZ , Initially my ufw was not configuring , but i made changes
as per below link http://blog.bodhizazen.net/linux/how-to-use-ufw-in-openvz-templates/ and execute script
###########START SCRIPT###############################
#!/bin/bash
sed '/A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input/s/^/#/' /etc/ufw/after.rules > ~/temp
cp temp /etc/ufw/after.rules
sed '/-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN/s/^/#/' /etc/ufw/before.rules > ~/temp
cp temp /etc/ufw/before.rules
sed '/-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN/s/^/#/' /etc/ufw/before.rules > ~/temp
cp temp /etc/ufw/before.rules
sed '/-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN/s/^/#/' /etc/ufw/before.rules > ~/temp
cp temp /etc/ufw/before.rules
rm -f /sbin/modprobe
ln -s /bin/true /sbin/modprobe
rm -f /sbin/sysctl
ln -s /bin/true /sbin/sysctl
apt-get -y purge rsyslog
apt-get install -y syslog-ng
echo start on startup >> /etc/init/ufw.conf
echo #console output >> /etc/init/ufw.conf
sed '/IPV6=yes/s/yes/no/' /etc/default/ufw > ~/temp
cp temp /etc/default/ufw
rm ~/temp
######################END SCRIPT###################################
and
http://syamsul.net/2012/08/09/what-to-do-about-syslog-ng-error-setting-capabilities-capability-management-disabled-erroroperation-not-permitted/

root@iniz:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.2 LTS
Release: 12.04
Codename: precise
root@iniz:~# dpkg -l | grep -i ssh
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSSH RSA and DSA keys
ii openssh-client 1:5.9p1-5ubuntu1 secure shell (SSH) client, for secure access to remote machines
ii openssh-server 1:5.9p1-5ubuntu1 secure shell (SSH) server, for secure access from remote machines
root@iniz:~# netstat -anp | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 377/sshd
tcp 0 48 176.56.235.145:22 123.201.114.239:44361 ESTABLISHED 966/2
tcp 0 0 176.56.235.145:22 123.201.114.239:44364 ESTABLISHED 990/3
tcp6 0 0 :::22 :::* LISTEN 377/sshd
root@iniz:~#

ping is working fine e.g ping IP -p22

Revision history for this message
gourav garg (gouravgargg) said : 		#4

I gave you result as per required by you . Please reply as soon as possible.

Revision history for this message
gourav garg (gouravgargg) said : 		#5

root@iniz:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@iniz:~# ufw status
Status: active

To Action From
-- ------ ----
22 ALLOW Anywhere
80 ALLOW Anywhere

root@iniz:~#