Unable to ssh from private IP

I'm unable to ssh my linode. ping works from my PC. I can ssh from linux tools online such as serfish console. I think, it has something to do with my iptables.

-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT

Do you see any issue in this?

8 Replies

Hey @viswanath660 - at first glance, I'm not seeing anything glaring about the particular firewall string you posted. I'm not an iptables expert, but you'll want to make sure that there are no other rules in place that would close port 22 listed after this one - it could invalidate/cancel out the rule as it's written. That said, if you're having trouble connecting to your Linode via SSH, there are a couple things you can try.

Use nmap to double check if port 22 is open and accepting connections (this should be open since you mentioned you can connect from another source):

nmap -p 22 172.105.59.199

A good output here would include something like this:

PORT   STATE SERVICE
22/tcp open  ssh

Via this other Community post regarding troubleshooting SSH, you can run a verbose SSH attempt to see where things are breaking down. This will help isolate where the issue is lying:

ssh -vvv <user>@<IP address>

Also, when you say that you're trying to connect from a private IP, could you be more specific? Are you connecting from within a VPN? From a home network? If you're able to connect from one source but not another, there may be a networking and/or permissions issue related to the other source.

Lastly, so that you have it available to you, here is a link to our guide on using iptables:

Control Network Traffic with iptables

Hopefully this helps point you in the right direction!

ssh via lish is also not working.

C:\personal\OpenSSH-Win64>ssh -t viswanath660@lish-mumbai1.linode.com ubuntu-ap-west
ssh: connect to host lish-mumbai1.linode.com port 22: Connection timed out

C:\personal\OpenSSH-Win64>ssh -vvv -t viswanath660@lish-mumbai1.linode.com ubuntu-ap-west
OpenSSH_for_Windows_8.1p1, LibreSSL 2.9.2
debug3: Failed to open file:C:/Users/valikonda/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolving "lish-mumbai1.linode.com" port 22
debug2: ssh_connect_direct
debug1: Connecting to lish-mumbai1.linode.com [172.105.33.50] port 22.
debug3: finish_connect - ERROR: async io completed with error: 10060, io:000001CF167F5C00
debug1: connect to address 172.105.33.50 port 22: Connection timed out
ssh: connect to host lish-mumbai1.linode.com port 22: Connection timed out

C:\personal\OpenSSH-Win64>

C:\personal\OpenSSH-Win64>
C:\personal\OpenSSH-Win64>ssh -vvv -t viswa@172.105.59.199
OpenSSH_for_Windows_8.1p1, LibreSSL 2.9.2
debug3: Failed to open file:C:/Users/valikonda/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 172.105.59.199 is address
debug2: ssh_connect_direct
debug1: Connecting to 172.105.59.199 [172.105.59.199] port 22.
debug3: finish_connect - ERROR: async io completed with error: 10060, io:000001CF71A62660
debug1: connect to address 172.105.59.199 port 22: Connection timed out
ssh: connect to host 172.105.59.199 port 22: Connection timed out

C:\personal\OpenSSH-Win64>

This used to work some 2 months ago.

viswa@localhost:~$ nmap -p 22 172.105.59.199

Starting Nmap 7.60 ( https://nmap.org ) at 2020-04-17 14:41 UTC
Nmap scan report for li2095-199.members.linode.com (172.105.59.199)
Host is up (0.00060s latency).

PORT STATE SERVICE
22/tcp open ssh

Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds
viswa@localhost:~$

I can connect to both 172.105.33.50 and lish-mumbai1.linode.com.

The fact you cannot connect to Lish via SSH suggests SSH is blocked outbound on your connection.

But, I am able to connect to other servers from my laptop. May be, it is the firewall that is blocking some connections.

But, I am able to connect to other servers from my laptop. May be, it is the firewall that is blocking some connections.

I think this may be true for something local to your connection.

LISH goes direct to your server's console - it bypasses all networking, so it is not affected by your IPTables rules.

Like I said, I can connect perfectly fine to 172.105.33.50 and lish-mumbai1.linode.com from here - which points to something local to your connection.

/var/log/auth.log is not showing the connect request from my IP, even when I tried to access my lish server.

This used to work sometime ago.

It isn’t your Lish server - it is a gateway server in the data centre that anyone can connect to.

It does not access your server via networking, so you won’t see any IP address in the log files.

It’s not outside the realms of possibility that your ISP has implemented a block on port 22, it’s not a port used for “typical” internet use.

Have you tried connecting to Lish on one of the alternate ports - 443 or 2200?

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct