SSH: Connection refused





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







1















SSH connection has been working properly, but today unfortunately it stopped.



I had lots of tries to solve it.






linux@mylinux:~$ ssh root@XX.XX.XXX.XXX

ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused



linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -p 8787

ssh: connect to host XX.XX.XXX.XXX port 8787: Connection refused






>>>linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -vvv

OpenSSH_7.4p1 Ubuntu-10, OpenSSL 1.0.2g  1 Mar 2016

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 19: Applying options for *

debug2: resolving "XX.XX.XXX.XXX" port 22

debug2: ssh_connect_direct: needpriv 0

debug1: Connecting to XX.XX.XXX.XXX [XX.XX.XXX.XXX] port 22.

debug1: connect to address XX.XX.XXX.XXX port 22: Connection refused

ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused



ssh - status



>● ssh.service - OpenBSD Secure Shell server

   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)

   Active: active (running) since Sat 2017-11-18 15:42:28 IST; 31min ago

 Main PID: 6940 (sshd)

    Tasks: 1 (limit: 4915)

   CGroup: /system.slice/ssh.service

           └─6940 /usr/sbin/sshd -D


Also, I have removed openssh-sever and reinstalled it, but it can not succeed.



When I try to connect via localhost then it is a success, but on a remote site it is refused.



But I still can not succeed.



Why is my SSH connection refused?



cat /etc/ssh/sshd_config



Host *



*#    $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $



*# This is the sshd server system-wide configuration file.  See

*# sshd_config(5) for more information.



*# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin



*# The strategy used for options in the default sshd_config shipped with

*# OpenSSH is to specify options with their default value where

*# possible, but leave them commented.  Uncommented options override the

*# default value.



*#Port 22

*#AddressFamily any

*#ListenAddress 0.0.0.0

*#ListenAddress ::



*#HostKey /etc/ssh/ssh_host_rsa_key

*#HostKey /etc/ssh/ssh_host_ecdsa_key

*#HostKey /etc/ssh/ssh_host_ed25519_key



*# Ciphers and keying

*#RekeyLimit default none



*# Logging

*#SyslogFacility AUTH

*#LogLevel INFO



*# Authentication:



*#LoginGraceTime 2m

*#PermitRootLogin prohibit-password

*#StrictModes yes

*#MaxAuthTries 6

*#MaxSessions 10



*#PubkeyAuthentication yes



*# Expect .ssh/authorized_keys2 to be disregarded by default in future.

*#AuthorizedKeysFile    .ssh/authorized_keys .ssh/authorized_keys2



*#AuthorizedPrincipalsFile none



*#AuthorizedKeysCommand none

*#AuthorizedKeysCommandUser nobody



*# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

*#HostbasedAuthentication no

*# Change to yes if you don't trust ~/.ssh/known_hosts for

*# HostbasedAuthentication

*#IgnoreUserKnownHosts no

*# Don't read the user's ~/.rhosts and ~/.shosts files

*#IgnoreRhosts yes



*# To disable tunneled clear text passwords, change to no here!

*#PasswordAuthentication yes

*#PermitEmptyPasswords no



*# Change to yes to enable challenge-response passwords (beware issues with

*# some PAM modules and threads)

ChallengeResponseAuthentication no



*# Kerberos options

*#KerberosAuthentication no

*#KerberosOrLocalPasswd yes

*#KerberosTicketCleanup yes

*#KerberosGetAFSToken no



*# GSSAPI options

*#GSSAPIAuthentication no

*#GSSAPICleanupCredentials yes

*#GSSAPIStrictAcceptorCheck yes

*#GSSAPIKeyExchange no



*# Set this to 'yes' to enable PAM authentication, account processing,

*# and session processing. If this is enabled, PAM authentication will

*# be allowed through the ChallengeResponseAuthentication and

*# PasswordAuthentication.  Depending on your PAM configuration,

*# PAM authentication via ChallengeResponseAuthentication may bypass

*# the setting of "PermitRootLogin without-password".

*# If you just want the PAM account and session checks to run without

*# PAM authentication, then enable this but set PasswordAuthentication

*# and ChallengeResponseAuthentication to 'no'.

UsePAM yes



*#AllowAgentForwarding yes

*#AllowTcpForwarding yes

*#GatewayPorts no

X11Forwarding yes

*#X11DisplayOffset 10

*#X11UseLocalhost yes

*#PermitTTY yes

PrintMotd no

*#PrintLastLog yes

*#TCPKeepAlive yes

*#UseLogin no

*#UsePrivilegeSeparation sandbox

*#PermitUserEnvironment no

*#Compression delayed

*#ClientAliveInterval 0

*#ClientAliveCountMax 3

*#UseDNS no

*#PidFile /var/run/sshd.pid

*#MaxStartups 10:30:100

*#PermitTunnel no

*#ChrootDirectory none

*#VersionAddendum none



*# no default banner path

*#Banner none



*# Allow client to pass locale environment variables

AcceptEnv LANG LC_*



*# override default of no subsystems

Subsystem    sftp    /usr/lib/openssh/sftp-server



*# Example of overriding settings on a per-user basis

*#Match User anoncvs

*#    X11Forwarding no

*#    AllowTcpForwarding no

*#    PermitTTY no

*#    ForceCommand cvs server


Here






sudo netstat -tlpena | grep -i "ssh"






tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          25237      1260/sshd

tcp6       0      0 :::22                   :::*                    LISTEN      0          25239      1260/sshd


AND






sudo iptables -S






-P INPUT DROP

-P FORWARD DROP

-P OUTPUT ACCEPT

-N ufw-after-forward

-N ufw-after-input

-N ufw-after-logging-forward

-N ufw-after-logging-input

-N ufw-after-logging-output

-N ufw-after-output

-N ufw-before-forward

-N ufw-before-input

-N ufw-before-logging-forward

-N ufw-before-logging-input

-N ufw-before-logging-output

-N ufw-before-output

-N ufw-logging-allow

-N ufw-logging-deny

-N ufw-not-local

-N ufw-reject-forward

-N ufw-reject-input

-N ufw-reject-output

-N ufw-skip-to-policy-forward

-N ufw-skip-to-policy-input

-N ufw-skip-to-policy-output

-N ufw-track-forward

-N ufw-track-input

-N ufw-track-output

-N ufw-user-forward

-N ufw-user-input

-N ufw-user-limit

-N ufw-user-limit-accept

-N ufw-user-logging-forward

-N ufw-user-logging-input

-N ufw-user-logging-output

-N ufw-user-output

-A INPUT -j ufw-before-logging-input

-A INPUT -j ufw-before-input

-A INPUT -j ufw-after-input

-A INPUT -j ufw-after-logging-input

-A INPUT -j ufw-reject-input

-A INPUT -j ufw-track-input

-A FORWARD -j ufw-before-logging-forward

-A FORWARD -j ufw-before-forward

-A FORWARD -j ufw-after-forward

-A FORWARD -j ufw-after-logging-forward

-A FORWARD -j ufw-reject-forward

-A FORWARD -j ufw-track-forward

-A OUTPUT -j ufw-before-logging-output

-A OUTPUT -j ufw-before-output

-A OUTPUT -j ufw-after-output

-A OUTPUT -j ufw-after-logging-output

-A OUTPUT -j ufw-reject-output

-A OUTPUT -j ufw-track-output

-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input

-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input

-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input

-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input

-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input

-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input

-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input

-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "

-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "

-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A ufw-before-forward -j ufw-user-forward

-A ufw-before-input -i lo -j ACCEPT

-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny

-A ufw-before-input -m conntrack --ctstate INVALID -j DROP

-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT

-A ufw-before-input -j ufw-not-local

-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT

-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT

-A ufw-before-input -j ufw-user-input

-A ufw-before-output -o lo -j ACCEPT

-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A ufw-before-output -j ufw-user-output

-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "

-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN

-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "

-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN

-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN

-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN

-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny

-A ufw-not-local -j DROP

-A ufw-skip-to-policy-forward -j DROP

-A ufw-skip-to-policy-input -j DROP

-A ufw-skip-to-policy-output -j ACCEPT

-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT

-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT

-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT

-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "

-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable

-A ufw-user-limit-accept -j ACCEPT





ssh 17.04







share|improve this question

























  • Is SSH service listening on the ports you're trying to connect? perhaps iptables problem? Are you allowed to log in as root?

    – fugitive
    Nov 18 '17 at 11:02











  • Is there a firewall blocking access? Have you verified that sshd is running on remote end? This is the two most likely answers.

    – vidarlo
    Nov 18 '17 at 11:02











  • lol @vidarlo :)

    – fugitive
    Nov 18 '17 at 11:02











  • @vidarlo yeah there is firewall but i do not there is blocking access or not

    – ketty
    Nov 18 '17 at 11:03






  • 1





    Edit your question with output of iptables -S && netstat -tlpnea , also post your /etc/ssh/sshd_config

    – fugitive
    Nov 18 '17 at 11:04




















1















SSH connection has been working properly, but today unfortunately it stopped.



I had lots of tries to solve it.






linux@mylinux:~$ ssh root@XX.XX.XXX.XXX

ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused



linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -p 8787

ssh: connect to host XX.XX.XXX.XXX port 8787: Connection refused






>>>linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -vvv

OpenSSH_7.4p1 Ubuntu-10, OpenSSL 1.0.2g  1 Mar 2016

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 19: Applying options for *

debug2: resolving "XX.XX.XXX.XXX" port 22

debug2: ssh_connect_direct: needpriv 0

debug1: Connecting to XX.XX.XXX.XXX [XX.XX.XXX.XXX] port 22.

debug1: connect to address XX.XX.XXX.XXX port 22: Connection refused

ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused



ssh - status



>● ssh.service - OpenBSD Secure Shell server

   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)

   Active: active (running) since Sat 2017-11-18 15:42:28 IST; 31min ago

 Main PID: 6940 (sshd)

    Tasks: 1 (limit: 4915)

   CGroup: /system.slice/ssh.service

           └─6940 /usr/sbin/sshd -D


Also, I have removed openssh-sever and reinstalled it, but it can not succeed.



When I try to connect via localhost then it is a success, but on a remote site it is refused.



But I still can not succeed.



Why is my SSH connection refused?



cat /etc/ssh/sshd_config



Host *



*#    $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $



*# This is the sshd server system-wide configuration file.  See

*# sshd_config(5) for more information.



*# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin



*# The strategy used for options in the default sshd_config shipped with

*# OpenSSH is to specify options with their default value where

*# possible, but leave them commented.  Uncommented options override the

*# default value.



*#Port 22

*#AddressFamily any

*#ListenAddress 0.0.0.0

*#ListenAddress ::



*#HostKey /etc/ssh/ssh_host_rsa_key

*#HostKey /etc/ssh/ssh_host_ecdsa_key

*#HostKey /etc/ssh/ssh_host_ed25519_key



*# Ciphers and keying

*#RekeyLimit default none



*# Logging

*#SyslogFacility AUTH

*#LogLevel INFO



*# Authentication:



*#LoginGraceTime 2m

*#PermitRootLogin prohibit-password

*#StrictModes yes

*#MaxAuthTries 6

*#MaxSessions 10



*#PubkeyAuthentication yes



*# Expect .ssh/authorized_keys2 to be disregarded by default in future.

*#AuthorizedKeysFile    .ssh/authorized_keys .ssh/authorized_keys2



*#AuthorizedPrincipalsFile none



*#AuthorizedKeysCommand none

*#AuthorizedKeysCommandUser nobody



*# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

*#HostbasedAuthentication no

*# Change to yes if you don't trust ~/.ssh/known_hosts for

*# HostbasedAuthentication

*#IgnoreUserKnownHosts no

*# Don't read the user's ~/.rhosts and ~/.shosts files

*#IgnoreRhosts yes



*# To disable tunneled clear text passwords, change to no here!

*#PasswordAuthentication yes

*#PermitEmptyPasswords no



*# Change to yes to enable challenge-response passwords (beware issues with

*# some PAM modules and threads)

ChallengeResponseAuthentication no



*# Kerberos options

*#KerberosAuthentication no

*#KerberosOrLocalPasswd yes

*#KerberosTicketCleanup yes

*#KerberosGetAFSToken no



*# GSSAPI options

*#GSSAPIAuthentication no

*#GSSAPICleanupCredentials yes

*#GSSAPIStrictAcceptorCheck yes

*#GSSAPIKeyExchange no



*# Set this to 'yes' to enable PAM authentication, account processing,

*# and session processing. If this is enabled, PAM authentication will

*# be allowed through the ChallengeResponseAuthentication and

*# PasswordAuthentication.  Depending on your PAM configuration,

*# PAM authentication via ChallengeResponseAuthentication may bypass

*# the setting of "PermitRootLogin without-password".

*# If you just want the PAM account and session checks to run without

*# PAM authentication, then enable this but set PasswordAuthentication

*# and ChallengeResponseAuthentication to 'no'.

UsePAM yes



*#AllowAgentForwarding yes

*#AllowTcpForwarding yes

*#GatewayPorts no

X11Forwarding yes

*#X11DisplayOffset 10

*#X11UseLocalhost yes

*#PermitTTY yes

PrintMotd no

*#PrintLastLog yes

*#TCPKeepAlive yes

*#UseLogin no

*#UsePrivilegeSeparation sandbox

*#PermitUserEnvironment no

*#Compression delayed

*#ClientAliveInterval 0

*#ClientAliveCountMax 3

*#UseDNS no

*#PidFile /var/run/sshd.pid

*#MaxStartups 10:30:100

*#PermitTunnel no

*#ChrootDirectory none

*#VersionAddendum none



*# no default banner path

*#Banner none



*# Allow client to pass locale environment variables

AcceptEnv LANG LC_*



*# override default of no subsystems

Subsystem    sftp    /usr/lib/openssh/sftp-server



*# Example of overriding settings on a per-user basis

*#Match User anoncvs

*#    X11Forwarding no

*#    AllowTcpForwarding no

*#    PermitTTY no

*#    ForceCommand cvs server


Here






sudo netstat -tlpena | grep -i "ssh"






tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          25237      1260/sshd

tcp6       0      0 :::22                   :::*                    LISTEN      0          25239      1260/sshd


AND






sudo iptables -S






-P INPUT DROP

-P FORWARD DROP

-P OUTPUT ACCEPT

-N ufw-after-forward

-N ufw-after-input

-N ufw-after-logging-forward

-N ufw-after-logging-input

-N ufw-after-logging-output

-N ufw-after-output

-N ufw-before-forward

-N ufw-before-input

-N ufw-before-logging-forward

-N ufw-before-logging-input

-N ufw-before-logging-output

-N ufw-before-output

-N ufw-logging-allow

-N ufw-logging-deny

-N ufw-not-local

-N ufw-reject-forward

-N ufw-reject-input

-N ufw-reject-output

-N ufw-skip-to-policy-forward

-N ufw-skip-to-policy-input

-N ufw-skip-to-policy-output

-N ufw-track-forward

-N ufw-track-input

-N ufw-track-output

-N ufw-user-forward

-N ufw-user-input

-N ufw-user-limit

-N ufw-user-limit-accept

-N ufw-user-logging-forward

-N ufw-user-logging-input

-N ufw-user-logging-output

-N ufw-user-output

-A INPUT -j ufw-before-logging-input

-A INPUT -j ufw-before-input

-A INPUT -j ufw-after-input

-A INPUT -j ufw-after-logging-input

-A INPUT -j ufw-reject-input

-A INPUT -j ufw-track-input

-A FORWARD -j ufw-before-logging-forward

-A FORWARD -j ufw-before-forward

-A FORWARD -j ufw-after-forward

-A FORWARD -j ufw-after-logging-forward

-A FORWARD -j ufw-reject-forward

-A FORWARD -j ufw-track-forward

-A OUTPUT -j ufw-before-logging-output

-A OUTPUT -j ufw-before-output

-A OUTPUT -j ufw-after-output

-A OUTPUT -j ufw-after-logging-output

-A OUTPUT -j ufw-reject-output

-A OUTPUT -j ufw-track-output

-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input

-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input

-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input

-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input

-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input

-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input

-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input

-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "

-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "

-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A ufw-before-forward -j ufw-user-forward

-A ufw-before-input -i lo -j ACCEPT

-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny

-A ufw-before-input -m conntrack --ctstate INVALID -j DROP

-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT

-A ufw-before-input -j ufw-not-local

-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT

-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT

-A ufw-before-input -j ufw-user-input

-A ufw-before-output -o lo -j ACCEPT

-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A ufw-before-output -j ufw-user-output

-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "

-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN

-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "

-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN

-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN

-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN

-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny

-A ufw-not-local -j DROP

-A ufw-skip-to-policy-forward -j DROP

-A ufw-skip-to-policy-input -j DROP

-A ufw-skip-to-policy-output -j ACCEPT

-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT

-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT

-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT

-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "

-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable

-A ufw-user-limit-accept -j ACCEPT





ssh 17.04







share|improve this question

























  • Is SSH service listening on the ports you're trying to connect? perhaps iptables problem? Are you allowed to log in as root?

    – fugitive
    Nov 18 '17 at 11:02











  • Is there a firewall blocking access? Have you verified that sshd is running on remote end? This is the two most likely answers.

    – vidarlo
    Nov 18 '17 at 11:02











  • lol @vidarlo :)

    – fugitive
    Nov 18 '17 at 11:02











  • @vidarlo yeah there is firewall but i do not there is blocking access or not

    – ketty
    Nov 18 '17 at 11:03






  • 1





    Edit your question with output of iptables -S && netstat -tlpnea , also post your /etc/ssh/sshd_config

    – fugitive
    Nov 18 '17 at 11:04
















1












1








1


1






SSH connection has been working properly, but today unfortunately it stopped.



I had lots of tries to solve it.






linux@mylinux:~$ ssh root@XX.XX.XXX.XXX

ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused



linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -p 8787

ssh: connect to host XX.XX.XXX.XXX port 8787: Connection refused






>>>linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -vvv

OpenSSH_7.4p1 Ubuntu-10, OpenSSL 1.0.2g  1 Mar 2016

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 19: Applying options for *

debug2: resolving "XX.XX.XXX.XXX" port 22

debug2: ssh_connect_direct: needpriv 0

debug1: Connecting to XX.XX.XXX.XXX [XX.XX.XXX.XXX] port 22.

debug1: connect to address XX.XX.XXX.XXX port 22: Connection refused

ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused



ssh - status



>● ssh.service - OpenBSD Secure Shell server

   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)

   Active: active (running) since Sat 2017-11-18 15:42:28 IST; 31min ago

 Main PID: 6940 (sshd)

    Tasks: 1 (limit: 4915)

   CGroup: /system.slice/ssh.service

           └─6940 /usr/sbin/sshd -D


Also, I have removed openssh-sever and reinstalled it, but it can not succeed.



When I try to connect via localhost then it is a success, but on a remote site it is refused.



But I still can not succeed.



Why is my SSH connection refused?



cat /etc/ssh/sshd_config



Host *



*#    $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $



*# This is the sshd server system-wide configuration file.  See

*# sshd_config(5) for more information.



*# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin



*# The strategy used for options in the default sshd_config shipped with

*# OpenSSH is to specify options with their default value where

*# possible, but leave them commented.  Uncommented options override the

*# default value.



*#Port 22

*#AddressFamily any

*#ListenAddress 0.0.0.0

*#ListenAddress ::



*#HostKey /etc/ssh/ssh_host_rsa_key

*#HostKey /etc/ssh/ssh_host_ecdsa_key

*#HostKey /etc/ssh/ssh_host_ed25519_key



*# Ciphers and keying

*#RekeyLimit default none



*# Logging

*#SyslogFacility AUTH

*#LogLevel INFO



*# Authentication:



*#LoginGraceTime 2m

*#PermitRootLogin prohibit-password

*#StrictModes yes

*#MaxAuthTries 6

*#MaxSessions 10



*#PubkeyAuthentication yes



*# Expect .ssh/authorized_keys2 to be disregarded by default in future.

*#AuthorizedKeysFile    .ssh/authorized_keys .ssh/authorized_keys2



*#AuthorizedPrincipalsFile none



*#AuthorizedKeysCommand none

*#AuthorizedKeysCommandUser nobody



*# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

*#HostbasedAuthentication no

*# Change to yes if you don't trust ~/.ssh/known_hosts for

*# HostbasedAuthentication

*#IgnoreUserKnownHosts no

*# Don't read the user's ~/.rhosts and ~/.shosts files

*#IgnoreRhosts yes



*# To disable tunneled clear text passwords, change to no here!

*#PasswordAuthentication yes

*#PermitEmptyPasswords no



*# Change to yes to enable challenge-response passwords (beware issues with

*# some PAM modules and threads)

ChallengeResponseAuthentication no



*# Kerberos options

*#KerberosAuthentication no

*#KerberosOrLocalPasswd yes

*#KerberosTicketCleanup yes

*#KerberosGetAFSToken no



*# GSSAPI options

*#GSSAPIAuthentication no

*#GSSAPICleanupCredentials yes

*#GSSAPIStrictAcceptorCheck yes

*#GSSAPIKeyExchange no



*# Set this to 'yes' to enable PAM authentication, account processing,

*# and session processing. If this is enabled, PAM authentication will

*# be allowed through the ChallengeResponseAuthentication and

*# PasswordAuthentication.  Depending on your PAM configuration,

*# PAM authentication via ChallengeResponseAuthentication may bypass

*# the setting of "PermitRootLogin without-password".

*# If you just want the PAM account and session checks to run without

*# PAM authentication, then enable this but set PasswordAuthentication

*# and ChallengeResponseAuthentication to 'no'.

UsePAM yes



*#AllowAgentForwarding yes

*#AllowTcpForwarding yes

*#GatewayPorts no

X11Forwarding yes

*#X11DisplayOffset 10

*#X11UseLocalhost yes

*#PermitTTY yes

PrintMotd no

*#PrintLastLog yes

*#TCPKeepAlive yes

*#UseLogin no

*#UsePrivilegeSeparation sandbox

*#PermitUserEnvironment no

*#Compression delayed

*#ClientAliveInterval 0

*#ClientAliveCountMax 3

*#UseDNS no

*#PidFile /var/run/sshd.pid

*#MaxStartups 10:30:100

*#PermitTunnel no

*#ChrootDirectory none

*#VersionAddendum none



*# no default banner path

*#Banner none



*# Allow client to pass locale environment variables

AcceptEnv LANG LC_*



*# override default of no subsystems

Subsystem    sftp    /usr/lib/openssh/sftp-server



*# Example of overriding settings on a per-user basis

*#Match User anoncvs

*#    X11Forwarding no

*#    AllowTcpForwarding no

*#    PermitTTY no

*#    ForceCommand cvs server


Here






sudo netstat -tlpena | grep -i "ssh"






tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          25237      1260/sshd

tcp6       0      0 :::22                   :::*                    LISTEN      0          25239      1260/sshd


AND






sudo iptables -S






-P INPUT DROP

-P FORWARD DROP

-P OUTPUT ACCEPT

-N ufw-after-forward

-N ufw-after-input

-N ufw-after-logging-forward

-N ufw-after-logging-input

-N ufw-after-logging-output

-N ufw-after-output

-N ufw-before-forward

-N ufw-before-input

-N ufw-before-logging-forward

-N ufw-before-logging-input

-N ufw-before-logging-output

-N ufw-before-output

-N ufw-logging-allow

-N ufw-logging-deny

-N ufw-not-local

-N ufw-reject-forward

-N ufw-reject-input

-N ufw-reject-output

-N ufw-skip-to-policy-forward

-N ufw-skip-to-policy-input

-N ufw-skip-to-policy-output

-N ufw-track-forward

-N ufw-track-input

-N ufw-track-output

-N ufw-user-forward

-N ufw-user-input

-N ufw-user-limit

-N ufw-user-limit-accept

-N ufw-user-logging-forward

-N ufw-user-logging-input

-N ufw-user-logging-output

-N ufw-user-output

-A INPUT -j ufw-before-logging-input

-A INPUT -j ufw-before-input

-A INPUT -j ufw-after-input

-A INPUT -j ufw-after-logging-input

-A INPUT -j ufw-reject-input

-A INPUT -j ufw-track-input

-A FORWARD -j ufw-before-logging-forward

-A FORWARD -j ufw-before-forward

-A FORWARD -j ufw-after-forward

-A FORWARD -j ufw-after-logging-forward

-A FORWARD -j ufw-reject-forward

-A FORWARD -j ufw-track-forward

-A OUTPUT -j ufw-before-logging-output

-A OUTPUT -j ufw-before-output

-A OUTPUT -j ufw-after-output

-A OUTPUT -j ufw-after-logging-output

-A OUTPUT -j ufw-reject-output

-A OUTPUT -j ufw-track-output

-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input

-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input

-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input

-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input

-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input

-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input

-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input

-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "

-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "

-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A ufw-before-forward -j ufw-user-forward

-A ufw-before-input -i lo -j ACCEPT

-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny

-A ufw-before-input -m conntrack --ctstate INVALID -j DROP

-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT

-A ufw-before-input -j ufw-not-local

-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT

-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT

-A ufw-before-input -j ufw-user-input

-A ufw-before-output -o lo -j ACCEPT

-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A ufw-before-output -j ufw-user-output

-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "

-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN

-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "

-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN

-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN

-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN

-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny

-A ufw-not-local -j DROP

-A ufw-skip-to-policy-forward -j DROP

-A ufw-skip-to-policy-input -j DROP

-A ufw-skip-to-policy-output -j ACCEPT

-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT

-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT

-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT

-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "

-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable

-A ufw-user-limit-accept -j ACCEPT





ssh 17.04







share|improve this question
















SSH connection has been working properly, but today unfortunately it stopped.



I had lots of tries to solve it.






linux@mylinux:~$ ssh root@XX.XX.XXX.XXX

ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused



linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -p 8787

ssh: connect to host XX.XX.XXX.XXX port 8787: Connection refused






>>>linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -vvv

OpenSSH_7.4p1 Ubuntu-10, OpenSSL 1.0.2g  1 Mar 2016

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 19: Applying options for *

debug2: resolving "XX.XX.XXX.XXX" port 22

debug2: ssh_connect_direct: needpriv 0

debug1: Connecting to XX.XX.XXX.XXX [XX.XX.XXX.XXX] port 22.

debug1: connect to address XX.XX.XXX.XXX port 22: Connection refused

ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused



ssh - status



>● ssh.service - OpenBSD Secure Shell server

   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)

   Active: active (running) since Sat 2017-11-18 15:42:28 IST; 31min ago

 Main PID: 6940 (sshd)

    Tasks: 1 (limit: 4915)

   CGroup: /system.slice/ssh.service

           └─6940 /usr/sbin/sshd -D


Also, I have removed openssh-sever and reinstalled it, but it can not succeed.



When I try to connect via localhost then it is a success, but on a remote site it is refused.



But I still can not succeed.



Why is my SSH connection refused?



cat /etc/ssh/sshd_config



Host *



*#    $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $



*# This is the sshd server system-wide configuration file.  See

*# sshd_config(5) for more information.



*# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin



*# The strategy used for options in the default sshd_config shipped with

*# OpenSSH is to specify options with their default value where

*# possible, but leave them commented.  Uncommented options override the

*# default value.



*#Port 22

*#AddressFamily any

*#ListenAddress 0.0.0.0

*#ListenAddress ::



*#HostKey /etc/ssh/ssh_host_rsa_key

*#HostKey /etc/ssh/ssh_host_ecdsa_key

*#HostKey /etc/ssh/ssh_host_ed25519_key



*# Ciphers and keying

*#RekeyLimit default none



*# Logging

*#SyslogFacility AUTH

*#LogLevel INFO



*# Authentication:



*#LoginGraceTime 2m

*#PermitRootLogin prohibit-password

*#StrictModes yes

*#MaxAuthTries 6

*#MaxSessions 10



*#PubkeyAuthentication yes



*# Expect .ssh/authorized_keys2 to be disregarded by default in future.

*#AuthorizedKeysFile    .ssh/authorized_keys .ssh/authorized_keys2



*#AuthorizedPrincipalsFile none



*#AuthorizedKeysCommand none

*#AuthorizedKeysCommandUser nobody



*# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

*#HostbasedAuthentication no

*# Change to yes if you don't trust ~/.ssh/known_hosts for

*# HostbasedAuthentication

*#IgnoreUserKnownHosts no

*# Don't read the user's ~/.rhosts and ~/.shosts files

*#IgnoreRhosts yes



*# To disable tunneled clear text passwords, change to no here!

*#PasswordAuthentication yes

*#PermitEmptyPasswords no



*# Change to yes to enable challenge-response passwords (beware issues with

*# some PAM modules and threads)

ChallengeResponseAuthentication no



*# Kerberos options

*#KerberosAuthentication no

*#KerberosOrLocalPasswd yes

*#KerberosTicketCleanup yes

*#KerberosGetAFSToken no



*# GSSAPI options

*#GSSAPIAuthentication no

*#GSSAPICleanupCredentials yes

*#GSSAPIStrictAcceptorCheck yes

*#GSSAPIKeyExchange no



*# Set this to 'yes' to enable PAM authentication, account processing,

*# and session processing. If this is enabled, PAM authentication will

*# be allowed through the ChallengeResponseAuthentication and

*# PasswordAuthentication.  Depending on your PAM configuration,

*# PAM authentication via ChallengeResponseAuthentication may bypass

*# the setting of "PermitRootLogin without-password".

*# If you just want the PAM account and session checks to run without

*# PAM authentication, then enable this but set PasswordAuthentication

*# and ChallengeResponseAuthentication to 'no'.

UsePAM yes



*#AllowAgentForwarding yes

*#AllowTcpForwarding yes

*#GatewayPorts no

X11Forwarding yes

*#X11DisplayOffset 10

*#X11UseLocalhost yes

*#PermitTTY yes

PrintMotd no

*#PrintLastLog yes

*#TCPKeepAlive yes

*#UseLogin no

*#UsePrivilegeSeparation sandbox

*#PermitUserEnvironment no

*#Compression delayed

*#ClientAliveInterval 0

*#ClientAliveCountMax 3

*#UseDNS no

*#PidFile /var/run/sshd.pid

*#MaxStartups 10:30:100

*#PermitTunnel no

*#ChrootDirectory none

*#VersionAddendum none



*# no default banner path

*#Banner none



*# Allow client to pass locale environment variables

AcceptEnv LANG LC_*



*# override default of no subsystems

Subsystem    sftp    /usr/lib/openssh/sftp-server



*# Example of overriding settings on a per-user basis

*#Match User anoncvs

*#    X11Forwarding no

*#    AllowTcpForwarding no

*#    PermitTTY no

*#    ForceCommand cvs server


Here






sudo netstat -tlpena | grep -i "ssh"






tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          25237      1260/sshd

tcp6       0      0 :::22                   :::*                    LISTEN      0          25239      1260/sshd


AND






sudo iptables -S






-P INPUT DROP

-P FORWARD DROP

-P OUTPUT ACCEPT

-N ufw-after-forward

-N ufw-after-input

-N ufw-after-logging-forward

-N ufw-after-logging-input

-N ufw-after-logging-output

-N ufw-after-output

-N ufw-before-forward

-N ufw-before-input

-N ufw-before-logging-forward

-N ufw-before-logging-input

-N ufw-before-logging-output

-N ufw-before-output

-N ufw-logging-allow

-N ufw-logging-deny

-N ufw-not-local

-N ufw-reject-forward

-N ufw-reject-input

-N ufw-reject-output

-N ufw-skip-to-policy-forward

-N ufw-skip-to-policy-input

-N ufw-skip-to-policy-output

-N ufw-track-forward

-N ufw-track-input

-N ufw-track-output

-N ufw-user-forward

-N ufw-user-input

-N ufw-user-limit

-N ufw-user-limit-accept

-N ufw-user-logging-forward

-N ufw-user-logging-input

-N ufw-user-logging-output

-N ufw-user-output

-A INPUT -j ufw-before-logging-input

-A INPUT -j ufw-before-input

-A INPUT -j ufw-after-input

-A INPUT -j ufw-after-logging-input

-A INPUT -j ufw-reject-input

-A INPUT -j ufw-track-input

-A FORWARD -j ufw-before-logging-forward

-A FORWARD -j ufw-before-forward

-A FORWARD -j ufw-after-forward

-A FORWARD -j ufw-after-logging-forward

-A FORWARD -j ufw-reject-forward

-A FORWARD -j ufw-track-forward

-A OUTPUT -j ufw-before-logging-output

-A OUTPUT -j ufw-before-output

-A OUTPUT -j ufw-after-output

-A OUTPUT -j ufw-after-logging-output

-A OUTPUT -j ufw-reject-output

-A OUTPUT -j ufw-track-output

-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input

-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input

-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input

-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input

-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input

-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input

-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input

-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "

-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "

-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT

-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A ufw-before-forward -j ufw-user-forward

-A ufw-before-input -i lo -j ACCEPT

-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny

-A ufw-before-input -m conntrack --ctstate INVALID -j DROP

-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT

-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT

-A ufw-before-input -j ufw-not-local

-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT

-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT

-A ufw-before-input -j ufw-user-input

-A ufw-before-output -o lo -j ACCEPT

-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A ufw-before-output -j ufw-user-output

-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "

-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN

-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "

-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN

-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN

-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN

-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny

-A ufw-not-local -j DROP

-A ufw-skip-to-policy-forward -j DROP

-A ufw-skip-to-policy-input -j DROP

-A ufw-skip-to-policy-output -j ACCEPT

-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT

-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT

-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT

-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "

-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable

-A ufw-user-limit-accept -j ACCEPT





ssh 17.04




ssh 17.04






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Apr 14 '18 at 7:52









Peter Mortensen

1,03421016




1,03421016










asked Nov 18 '17 at 10:48









kettyketty

617




617













  • Is SSH service listening on the ports you're trying to connect? perhaps iptables problem? Are you allowed to log in as root?

    – fugitive
    Nov 18 '17 at 11:02











  • Is there a firewall blocking access? Have you verified that sshd is running on remote end? This is the two most likely answers.

    – vidarlo
    Nov 18 '17 at 11:02











  • lol @vidarlo :)

    – fugitive
    Nov 18 '17 at 11:02











  • @vidarlo yeah there is firewall but i do not there is blocking access or not

    – ketty
    Nov 18 '17 at 11:03






  • 1





    Edit your question with output of iptables -S && netstat -tlpnea , also post your /etc/ssh/sshd_config

    – fugitive
    Nov 18 '17 at 11:04





















  • Is SSH service listening on the ports you're trying to connect? perhaps iptables problem? Are you allowed to log in as root?

    – fugitive
    Nov 18 '17 at 11:02











  • Is there a firewall blocking access? Have you verified that sshd is running on remote end? This is the two most likely answers.

    – vidarlo
    Nov 18 '17 at 11:02











  • lol @vidarlo :)

    – fugitive
    Nov 18 '17 at 11:02











  • @vidarlo yeah there is firewall but i do not there is blocking access or not

    – ketty
    Nov 18 '17 at 11:03






  • 1





    Edit your question with output of iptables -S && netstat -tlpnea , also post your /etc/ssh/sshd_config

    – fugitive
    Nov 18 '17 at 11:04



















Is SSH service listening on the ports you're trying to connect? perhaps iptables problem? Are you allowed to log in as root?

– fugitive
Nov 18 '17 at 11:02





Is SSH service listening on the ports you're trying to connect? perhaps iptables problem? Are you allowed to log in as root?

– fugitive
Nov 18 '17 at 11:02













Is there a firewall blocking access? Have you verified that sshd is running on remote end? This is the two most likely answers.

– vidarlo
Nov 18 '17 at 11:02





Is there a firewall blocking access? Have you verified that sshd is running on remote end? This is the two most likely answers.

– vidarlo
Nov 18 '17 at 11:02













lol @vidarlo :)

– fugitive
Nov 18 '17 at 11:02





lol @vidarlo :)

– fugitive
Nov 18 '17 at 11:02













@vidarlo yeah there is firewall but i do not there is blocking access or not

– ketty
Nov 18 '17 at 11:03





@vidarlo yeah there is firewall but i do not there is blocking access or not

– ketty
Nov 18 '17 at 11:03




1




1





Edit your question with output of iptables -S && netstat -tlpnea , also post your /etc/ssh/sshd_config

– fugitive
Nov 18 '17 at 11:04







Edit your question with output of iptables -S && netstat -tlpnea , also post your /etc/ssh/sshd_config

– fugitive
Nov 18 '17 at 11:04












1 Answer
1






active

oldest

votes


















0














Edit your sshd config with:



Port 22

PermitRootLogin yes


and restart sshd service. Also, not sure why your lines starts with *, is that a formatting issue?
If there are * on sshd config please do sed -i 's/^*//g' /etc/ssh/sshd_config






share|improve this answer
























  • yeah there is formatting issue so i put "*"

    – ketty
    Nov 18 '17 at 11:29











  • not working!!!!!!again Connection refused

    – ketty
    Nov 18 '17 at 11:30











  • Have you done a restart of sshd to apply changes? Please show output of iptables -S and netstat -tlpena

    – fugitive
    Nov 18 '17 at 11:31











  • yes i do that!!!!!!!!

    – ketty
    Nov 18 '17 at 11:32






  • 4





    PermitRootLogin no would not lead to connectoin refused. Connection refused happens because nothing is listening, or a firewall somewhere in the path stops the connection.

    – vidarlo
    Nov 18 '17 at 11:45












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f977701%2fssh-connection-refused%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














Edit your sshd config with:



Port 22

PermitRootLogin yes


and restart sshd service. Also, not sure why your lines starts with *, is that a formatting issue?
If there are * on sshd config please do sed -i 's/^*//g' /etc/ssh/sshd_config






share|improve this answer
























  • yeah there is formatting issue so i put "*"

    – ketty
    Nov 18 '17 at 11:29











  • not working!!!!!!again Connection refused

    – ketty
    Nov 18 '17 at 11:30











  • Have you done a restart of sshd to apply changes? Please show output of iptables -S and netstat -tlpena

    – fugitive
    Nov 18 '17 at 11:31











  • yes i do that!!!!!!!!

    – ketty
    Nov 18 '17 at 11:32






  • 4





    PermitRootLogin no would not lead to connectoin refused. Connection refused happens because nothing is listening, or a firewall somewhere in the path stops the connection.

    – vidarlo
    Nov 18 '17 at 11:45
















0














Edit your sshd config with:



Port 22

PermitRootLogin yes


and restart sshd service. Also, not sure why your lines starts with *, is that a formatting issue?
If there are * on sshd config please do sed -i 's/^*//g' /etc/ssh/sshd_config






share|improve this answer
























  • yeah there is formatting issue so i put "*"

    – ketty
    Nov 18 '17 at 11:29











  • not working!!!!!!again Connection refused

    – ketty
    Nov 18 '17 at 11:30











  • Have you done a restart of sshd to apply changes? Please show output of iptables -S and netstat -tlpena

    – fugitive
    Nov 18 '17 at 11:31











  • yes i do that!!!!!!!!

    – ketty
    Nov 18 '17 at 11:32






  • 4





    PermitRootLogin no would not lead to connectoin refused. Connection refused happens because nothing is listening, or a firewall somewhere in the path stops the connection.

    – vidarlo
    Nov 18 '17 at 11:45














0












0








0







Edit your sshd config with:



Port 22

PermitRootLogin yes


and restart sshd service. Also, not sure why your lines starts with *, is that a formatting issue?
If there are * on sshd config please do sed -i 's/^*//g' /etc/ssh/sshd_config






share|improve this answer













Edit your sshd config with:



Port 22

PermitRootLogin yes


and restart sshd service. Also, not sure why your lines starts with *, is that a formatting issue?
If there are * on sshd config please do sed -i 's/^*//g' /etc/ssh/sshd_config







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 18 '17 at 11:21









fugitivefugitive

748414




748414













  • yeah there is formatting issue so i put "*"

    – ketty
    Nov 18 '17 at 11:29











  • not working!!!!!!again Connection refused

    – ketty
    Nov 18 '17 at 11:30











  • Have you done a restart of sshd to apply changes? Please show output of iptables -S and netstat -tlpena

    – fugitive
    Nov 18 '17 at 11:31











  • yes i do that!!!!!!!!

    – ketty
    Nov 18 '17 at 11:32






  • 4





    PermitRootLogin no would not lead to connectoin refused. Connection refused happens because nothing is listening, or a firewall somewhere in the path stops the connection.

    – vidarlo
    Nov 18 '17 at 11:45



















  • yeah there is formatting issue so i put "*"

    – ketty
    Nov 18 '17 at 11:29











  • not working!!!!!!again Connection refused

    – ketty
    Nov 18 '17 at 11:30











  • Have you done a restart of sshd to apply changes? Please show output of iptables -S and netstat -tlpena

    – fugitive
    Nov 18 '17 at 11:31











  • yes i do that!!!!!!!!

    – ketty
    Nov 18 '17 at 11:32






  • 4





    PermitRootLogin no would not lead to connectoin refused. Connection refused happens because nothing is listening, or a firewall somewhere in the path stops the connection.

    – vidarlo
    Nov 18 '17 at 11:45

















yeah there is formatting issue so i put "*"

– ketty
Nov 18 '17 at 11:29





yeah there is formatting issue so i put "*"

– ketty
Nov 18 '17 at 11:29













not working!!!!!!again Connection refused

– ketty
Nov 18 '17 at 11:30





not working!!!!!!again Connection refused

– ketty
Nov 18 '17 at 11:30













Have you done a restart of sshd to apply changes? Please show output of iptables -S and netstat -tlpena

– fugitive
Nov 18 '17 at 11:31





Have you done a restart of sshd to apply changes? Please show output of iptables -S and netstat -tlpena

– fugitive
Nov 18 '17 at 11:31













yes i do that!!!!!!!!

– ketty
Nov 18 '17 at 11:32





yes i do that!!!!!!!!

– ketty
Nov 18 '17 at 11:32




4




4





PermitRootLogin no would not lead to connectoin refused. Connection refused happens because nothing is listening, or a firewall somewhere in the path stops the connection.

– vidarlo
Nov 18 '17 at 11:45





PermitRootLogin no would not lead to connectoin refused. Connection refused happens because nothing is listening, or a firewall somewhere in the path stops the connection.

– vidarlo
Nov 18 '17 at 11:45


















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f977701%2fssh-connection-refused%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

數位音樂下載

Image
數位音樂下載 為非以「實體」方式來販賣音樂的相關產品,而使用數位格式如mp3、AAC等文件格式來進行銷售販賣的一种音乐产业形式。著名的數位音樂下載服務商有iTunes Store、RecoChoku、Google Play音乐和微软Zune等。数字音乐下载在二十一世纪初一度风靡全球, [1] [2] 使得传统唱片产业走向衰落,但其自身也在2010年代流媒体音乐服务如Apple Music、Spotify等的挤压下迅速失去市场份额。 [3] [4] 数字音乐下载有便于携带、传播迅速、制作简单成本低等优点,与流媒体音乐相比也能更好保障音乐人权益; [5] 但它同时很可能带来侵犯版权和滥用的情形, [6] 也给音乐产业带来了诸多不利影响。数字音乐下载为音乐人和乐迷提供了更加便捷直接的交流渠道,也一定程度上推动了网络音乐人的出现和独立音乐的迅速发展。 [7] 目录 1 历史 1.1 技术积淀(1987-2000) 1.2 出现与兴起(2000-2004) 1.3 唱片市场的颠覆者(2004-2007) 1.4 巅峰和衰落(2005-2013) 1.5 摇摇欲坠的现状与不可预知的明天(2014至今) 2 主要文件格式 2.1 PCM编码格式 2.1.1 WAV 2.1.2 APE 2.1.3 FLAC 2.2 苹果推出的无损文件格式 2.2.1 AIFF 2.2.2 ALAC 2.3 有损压缩格式 2.3.1 MP3 2.3.2 AAC 3 主要市场 3.1 iTunes Store 3.2 Google Play音乐商店 3.3 亚马逊音乐商店 3.4 部分其他音乐商店 4 影响与评价 4.1 对音乐产业的影响 4.2 对科技行业的影响 4.3 正面评价 4.4 负面评价 4.4.1 侵权问题 4.4.2 经营模式不明晰 4.4.3 不适应移动时代 4.5 文化现象 5 延伸阅读 6 参考资料 历史 苹果iTunes+iPod的软硬件搭配让数字音
Read more

格利澤436b

Image
格利泽436b 太陽系外行星 太陽系外行星列表 艺术家笔下的格利泽436b 母恆星 母恆星 Gliese 436 星座 獅子座 赤經 ( α ) 11 h  42 m  11.0941 s [1] 赤緯 ( δ ) +26° 42′ 23.652″ [1] 距離 33.4 ly (10.2 pc) 光譜類型 M2.5 V [1] 軌道參數 半长轴 ( a ) 0.0291±0.0004 [2] AU 軌道離心率 ( e ) 0.150±0.012 [2] 公轉週期 ( P ) 2.643904±0.000005 [3] d (0.00723849 y) 軌道傾角 ( i ) 85.8 +0.21 −0.25 [3] ° 角距 ( θ ) 2.794 mas 近星點時間 ( T 0 ) 2,451,551.716 ±0.01 JD 半振幅 ( K ) 18.68±0.8 m/s 物理性质 质量 ( m ) 22.2±1.0 [2] M ⊕ 半徑 ( r ) 4.327±0.183 [2] [4] R ⊕ 密度 ( ρ ) 1.51 g cm -3 表面重力 ( g ) 1.18 g 溫度 ( T ) 712±36 [2] K 發現 發現時間 2004 發現者 巴特勒、沃格特、 馬西 et al. 發現方法 徑向速度、凌日法 發現地點 美國加利福尼亞州 發表論文 出版 其他名稱 Ross 905 b, GJ 436 b, [5] LTT 13213 b, GCTP 2704.10 b, LHS 310, AC+27:28217 b, Vyssotsky 616 b, HIP 57087 b, GEN# +9.80120068 b, LP 319-75 b, G 121-7 b, LSPM J1142+2642 b, 1RXS J114211.9+264328 b, ASCC 683818 b, G 147-68 b, UCAC2 41198281 b, BP
Read more

When can things happen in Etherscan, such as the picture below?

Image
2 I don't know why balance of the address is 0. when can this situation? etherscan balances share | improve this question asked yesterday Ru Hi Ru Hi 11 1 New contributor Ru Hi is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct. add a comment  | 
Read more