| Linode Forum https://forum.linode.com/ |
|
| putty ssh timed out https://forum.linode.com/viewtopic.php?f=19&t=9836 |
Page 1 of 2 |
| Author: | Liven [ Fri Mar 01, 2013 11:37 am ] |
| Post subject: | putty ssh timed out |
Hello all, I've met a problem I cannot ssh to my linode server any longer, but don't know why. I have two linode VPS (both on Tokyo site), A and B. I was able to ssh to them with putty with no problems. Today, I found that I cannot ssh to A any longer. But I can still ssh to B with no problem. And I can visit http ports on A with no problem; I can ssh to A from other terminals (such as my mobile phone, or ssh A through ssh B) without any problem. As far as I know, when I ssh to A from my computer, it stuck on SYN_RECV on the VPS. Since I can ssh to A from other terminals, I think the problem should be on my computer (Windows 7 x64). But I can ssh to VPS B from my computer with no problem. I tried to start a VMWare on my computer, and use putty inside it, it could ssh to B as well, but failed on A, too. I guess maybe there is something wrong with my firewall, but don't know the details. Do you have any ideas where should I check? PS: My computer recently experienced some blue screen due to a broken memory stick. And the disk check fixed some errors after that... So I guess anything could be possible if the system is damaged due to the crash... |
|
| Author: | Guspaz [ Fri Mar 01, 2013 1:22 pm ] |
| Post subject: | Re: putty ssh timed out |
Try using LISH? http://library.linode.com/troubleshooti ... node-shell |
|
| Author: | Liven [ Fri Mar 01, 2013 9:49 pm ] |
| Post subject: | Re: putty ssh timed out |
Guspaz wrote: Try using LISH? http://library.linode.com/troubleshooti ... node-shell Hi Guspaz, I tried to connect with LISH, and successed. Though after I connected with the "LISH password", it connected and displayed " nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead." And I input the root account & password again. It connects. It is weird, my computer could ssh to other servers, and my server could accept ssh from other clients, but when I ssh my server with my computer, it fails. I tried other terminal software, and get the same result. While connecting to other ports on my server is OK. As I remember, one day before, I could still connect to my server with ssh. And I didn't do anything afterwards (even didn't shut down my computer nor reboot, and no crash). Do you have any idea why? Thanks! |
|
| Author: | chesty [ Fri Mar 01, 2013 9:56 pm ] |
| Post subject: | Re: putty ssh timed out |
do you have fail2ban installed on the servers? |
|
| Author: | Liven [ Sat Mar 02, 2013 6:34 am ] |
| Post subject: | Re: putty ssh timed out |
chesty wrote: do you have fail2ban installed on the servers? No... I believe not... I didn't do that, and there is no fail2ban entry in man nor in /etc directory. |
|
| Author: | chesty [ Sat Mar 02, 2013 8:44 am ] |
| Post subject: | Re: putty ssh timed out |
well, there're two things you can try that I can think of. on linode run tcpdump -nvi eth0 port 22 (run that from lish with no ssh sessions connected, otherwise you'll get a storm of junk and nothing useful) then try and ssh in and post the output. secondly, turn on debugging on putty, and on linode (using lish) stop sshd and manually run it with sshd -ddd then try and ssh in and post the output. |
|
| Author: | Liven [ Sat Mar 02, 2013 9:42 am ] |
| Post subject: | Re: putty ssh timed out |
chesty wrote: well, there're two things you can try that I can think of. on linode run tcpdump -nvi eth0 port 22 (run that from lish with no ssh sessions connected, otherwise you'll get a storm of junk and nothing useful) then try and ssh in and post the output. secondly, turn on debugging on putty, and on linode (using lish) stop sshd and manually run it with sshd -ddd then try and ssh in and post the output. Hello chesty, Here is my output: device eth0 entered promiscuous mode tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 08:36:32.306416 IP (tos 0x0, ttl 116, id 30348, offset 0, flags [DF], proto TCP (6), length 52) [Client IP].62578 > [Server IP].22: Flags [S], cksum 0x1d29 (correct), seq 3760837357, win 8192, options [mss 1360,nop,wscale 2,nop,nop,sackOK], length 0 08:36:32.306495 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52) [Server IP].22 > [Client IP].62578: Flags [S.], cksum 0x8ad7 (incorrect -> 0x18b7), seq 2733000714, ack 3760837358, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 08:36:33.309001 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52) [Server IP].22 > [Client IP].62578: Flags [S.], cksum 0x8ad7 (incorrect -> 0x18b7), seq 2733000714, ack 3760837358, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 08:36:35.309050 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52) [Server IP].22 > [Client IP].62578: Flags [S.], cksum 0x8ad7 (incorrect -> 0x18b7), seq 2733000714, ack 3760837358, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 08:36:35.310083 IP (tos 0x0, ttl 116, id 31098, offset 0, flags [DF], proto TCP (6), length 52) [Client IP].62578 > [Server IP].22: Flags [S], cksum 0x1d29 (correct), seq 3760837357, win 8192, options [mss 1360,nop,wscale 2,nop,nop,sackOK], length 0 08:36:35.310111 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52) [Server IP].22 > [Client IP].62578: Flags [S.], cksum 0x8ad7 (incorrect -> 0x18b7), seq 2733000714, ack 3760837358, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 08:36:39.308973 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52) [Server IP].22 > [Client IP].62578: Flags [S.], cksum 0x8ad7 (incorrect -> 0x18b7), seq 2733000714, ack 3760837358, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 08:36:41.306117 IP (tos 0x0, ttl 116, id 32517, offset 0, flags [DF], proto TCP (6), length 48) [Client IP].62578 > [Server IP].22: Flags [S], cksum 0x3132 (correct), seq 3760837357, win 8192, options [mss 1360,nop,nop,sackOK], length 0 08:36:41.306172 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52) [Server IP].22 > [Client IP].62578: Flags [S.], cksum 0x8ad7 (incorrect -> 0x18b7), seq 2733000714, ack 3760837358, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 08:36:47.309012 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52) [Server IP].22 > [Client IP].62578: Flags [S.], cksum 0x8ad7 (incorrect -> 0x18b7), seq 2733000714, ack 3760837358, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 08:37:03.508975 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52) [Server IP].22 > [Client IP].62578: Flags [S.], cksum 0x8ad7 (incorrect -> 0x18b7), seq 2733000714, ack 3760837358, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 I cannot understand the meaning, could you help me to check it? Thank you very much! |
|
| Author: | chesty [ Sat Mar 02, 2013 10:04 am ] |
| Post subject: | Re: putty ssh timed out |
it looks like the path from the server to the client is broken. what I'm interpreting from the trace is client syn server syn ack server syn ack server syn ack client syn server syn ack server syn ack client syn server syn ack server syn ack server syn ack the client isn't seeing the servers syn ack, so isn't acking the final leg of the three way hand shake. paste the output from iptables-save also do you have a firewall on the desktop? check that, maybe turn it off for a test ssh there's no quick way to debug this |
|
| Author: | Liven [ Sat Mar 02, 2013 11:11 am ] |
| Post subject: | Re: putty ssh timed out |
chesty wrote: it looks like the path from the server to the client is broken. what I'm interpreting from the trace is client syn server syn ack server syn ack server syn ack client syn server syn ack server syn ack client syn server syn ack server syn ack server syn ack the client isn't seeing the servers syn ack, so isn't acking the final leg of the three way hand shake. paste the output from iptables-save also do you have a firewall on the desktop? check that, maybe turn it off for a test ssh there's no quick way to debug this Yeah, the path from the client to the server seems broken... When I run netstat -an on the server while ssh to it, I can see the the link between the client and the server stuck on SYN_RECV. I have the default Windows 7 firewall on, but didn't see any config that could block a specific IP. (As I mentioned in the OP, I can ssh to other servers or connect to other ports on this server, all without any problems, from the same computer). And I tried to turn the firewall off, the problem persists. Here is the output of iptables-save: Code: # Generated by iptables-save v1.4.8 on Sat Mar 2 10:01:55 2013 I have pptpd installed on the server, and have run "iptables --table nat --append POSTROUTING --out-interface eth0 --jump MASQUERADE" |
|
| Author: | chesty [ Sat Mar 02, 2013 11:30 am ] |
| Post subject: | Re: putty ssh timed out |
are you sshing to the public ip? do you only have one public ip? paste ip ad ip ro maybe try as a test iptables --table nat --delete POSTROUTING --out-interface eth0 --jump MASQUERADE two things, pptp isn't very secure, if you can, use openvpn or ipsec. you should be more specific with your rule, specify a source ip range, and if you can, an in interface (I can't remember if you can on the postrouting nat chain) |
|
| Author: | Liven [ Sat Mar 02, 2013 11:59 am ] |
| Post subject: | Re: putty ssh timed out |
Data containting server IP, forgive me to delete it, for being in such an unsecure environment... |
|
| Author: | sednet [ Sat Mar 02, 2013 6:22 pm ] |
| Post subject: | Re: putty ssh timed out |
Reboot the windows machine? Windows is a hacked together pile of mess on the inside and does stupid things like this every so often. |
|
| Author: | Liven [ Sun Mar 03, 2013 9:49 pm ] |
| Post subject: | Re: putty ssh timed out |
At a second check, I found that I could not ssh to the server with a different computer and a different IP, either. Since I cannot connect the server with 2 computers (both Windows 7), I think my original thought that the problem is on the client side should be wrong. These 2 computers could ssh to the server very well several days ago. The interesting thing is I can still ssh to the server with my mobile phone (Android, via ConnnectBot app); and I can still visit the other ports of the server (I tried ftp, http, vpn) from all the clients mentioned above. |
|
| Author: | chesty [ Sun Mar 03, 2013 10:06 pm ] |
| Post subject: | Re: putty ssh timed out |
are the two computers on the same LAN or behind the same firewall? something else to try, add a line to /etc/ssh/sshd_config Port 222 and restart sshd and see if you can connect to 222 You're allowed to have multiple Port lines, so you can leave the original in place |
|
| Author: | Liven [ Sun Mar 03, 2013 10:54 pm ] |
| Post subject: | Re: putty ssh timed out |
chesty wrote: are the two computers on the same LAN or behind the same firewall? something else to try, add a line to /etc/ssh/sshd_config Port 222 and restart sshd and see if you can connect to 222 You're allowed to have multiple Port lines, so you can leave the original in place Yeah, changing the port helps. But I'm still curious about why connecting to the default port fails. It seems not the problem with my client, nor the problem with the server. Can I conclude that the problem is with my ISP? |
|
| Page 1 of 2 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|