SSH: Connection refused





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







1















SSH connection has been working properly, but today unfortunately it stopped.



I had lots of tries to solve it.






linux@mylinux:~$ ssh root@XX.XX.XXX.XXX

ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused



linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -p 8787

ssh: connect to host XX.XX.XXX.XXX port 8787: Connection refused






>>>linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -vvv
OpenSSH_7.4p1 Ubuntu-10, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "XX.XX.XXX.XXX" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to XX.XX.XXX.XXX [XX.XX.XXX.XXX] port 22.
debug1: connect to address XX.XX.XXX.XXX port 22: Connection refused
ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused

ssh - status

>● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2017-11-18 15:42:28 IST; 31min ago
Main PID: 6940 (sshd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/ssh.service
└─6940 /usr/sbin/sshd -D


Also, I have removed openssh-sever and reinstalled it, but it can not succeed.



When I try to connect via localhost then it is a success, but on a remote site it is refused.



But I still can not succeed.



Why is my SSH connection refused?



cat /etc/ssh/sshd_config

Host *

*# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

*# This is the sshd server system-wide configuration file. See
*# sshd_config(5) for more information.

*# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

*# The strategy used for options in the default sshd_config shipped with
*# OpenSSH is to specify options with their default value where
*# possible, but leave them commented. Uncommented options override the
*# default value.

*#Port 22
*#AddressFamily any
*#ListenAddress 0.0.0.0
*#ListenAddress ::

*#HostKey /etc/ssh/ssh_host_rsa_key
*#HostKey /etc/ssh/ssh_host_ecdsa_key
*#HostKey /etc/ssh/ssh_host_ed25519_key

*# Ciphers and keying
*#RekeyLimit default none

*# Logging
*#SyslogFacility AUTH
*#LogLevel INFO

*# Authentication:

*#LoginGraceTime 2m
*#PermitRootLogin prohibit-password
*#StrictModes yes
*#MaxAuthTries 6
*#MaxSessions 10

*#PubkeyAuthentication yes

*# Expect .ssh/authorized_keys2 to be disregarded by default in future.
*#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

*#AuthorizedPrincipalsFile none

*#AuthorizedKeysCommand none
*#AuthorizedKeysCommandUser nobody

*# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
*#HostbasedAuthentication no
*# Change to yes if you don't trust ~/.ssh/known_hosts for
*# HostbasedAuthentication
*#IgnoreUserKnownHosts no
*# Don't read the user's ~/.rhosts and ~/.shosts files
*#IgnoreRhosts yes

*# To disable tunneled clear text passwords, change to no here!
*#PasswordAuthentication yes
*#PermitEmptyPasswords no

*# Change to yes to enable challenge-response passwords (beware issues with
*# some PAM modules and threads)
ChallengeResponseAuthentication no

*# Kerberos options
*#KerberosAuthentication no
*#KerberosOrLocalPasswd yes
*#KerberosTicketCleanup yes
*#KerberosGetAFSToken no

*# GSSAPI options
*#GSSAPIAuthentication no
*#GSSAPICleanupCredentials yes
*#GSSAPIStrictAcceptorCheck yes
*#GSSAPIKeyExchange no

*# Set this to 'yes' to enable PAM authentication, account processing,
*# and session processing. If this is enabled, PAM authentication will
*# be allowed through the ChallengeResponseAuthentication and
*# PasswordAuthentication. Depending on your PAM configuration,
*# PAM authentication via ChallengeResponseAuthentication may bypass
*# the setting of "PermitRootLogin without-password".
*# If you just want the PAM account and session checks to run without
*# PAM authentication, then enable this but set PasswordAuthentication
*# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

*#AllowAgentForwarding yes
*#AllowTcpForwarding yes
*#GatewayPorts no
X11Forwarding yes
*#X11DisplayOffset 10
*#X11UseLocalhost yes
*#PermitTTY yes
PrintMotd no
*#PrintLastLog yes
*#TCPKeepAlive yes
*#UseLogin no
*#UsePrivilegeSeparation sandbox
*#PermitUserEnvironment no
*#Compression delayed
*#ClientAliveInterval 0
*#ClientAliveCountMax 3
*#UseDNS no
*#PidFile /var/run/sshd.pid
*#MaxStartups 10:30:100
*#PermitTunnel no
*#ChrootDirectory none
*#VersionAddendum none

*# no default banner path
*#Banner none

*# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

*# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server

*# Example of overriding settings on a per-user basis
*#Match User anoncvs
*# X11Forwarding no
*# AllowTcpForwarding no
*# PermitTTY no
*# ForceCommand cvs server


Here






sudo netstat -tlpena | grep -i "ssh"






tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          25237      1260/sshd
tcp6 0 0 :::22 :::* LISTEN 0 25239 1260/sshd


AND






sudo iptables -S






-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT









share|improve this question

























  • Is SSH service listening on the ports you're trying to connect? perhaps iptables problem? Are you allowed to log in as root?

    – fugitive
    Nov 18 '17 at 11:02











  • Is there a firewall blocking access? Have you verified that sshd is running on remote end? This is the two most likely answers.

    – vidarlo
    Nov 18 '17 at 11:02











  • lol @vidarlo :)

    – fugitive
    Nov 18 '17 at 11:02











  • @vidarlo yeah there is firewall but i do not there is blocking access or not

    – ketty
    Nov 18 '17 at 11:03






  • 1





    Edit your question with output of iptables -S && netstat -tlpnea , also post your /etc/ssh/sshd_config

    – fugitive
    Nov 18 '17 at 11:04




















1















SSH connection has been working properly, but today unfortunately it stopped.



I had lots of tries to solve it.






linux@mylinux:~$ ssh root@XX.XX.XXX.XXX

ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused



linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -p 8787

ssh: connect to host XX.XX.XXX.XXX port 8787: Connection refused






>>>linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -vvv
OpenSSH_7.4p1 Ubuntu-10, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "XX.XX.XXX.XXX" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to XX.XX.XXX.XXX [XX.XX.XXX.XXX] port 22.
debug1: connect to address XX.XX.XXX.XXX port 22: Connection refused
ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused

ssh - status

>● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2017-11-18 15:42:28 IST; 31min ago
Main PID: 6940 (sshd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/ssh.service
└─6940 /usr/sbin/sshd -D


Also, I have removed openssh-sever and reinstalled it, but it can not succeed.



When I try to connect via localhost then it is a success, but on a remote site it is refused.



But I still can not succeed.



Why is my SSH connection refused?



cat /etc/ssh/sshd_config

Host *

*# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

*# This is the sshd server system-wide configuration file. See
*# sshd_config(5) for more information.

*# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

*# The strategy used for options in the default sshd_config shipped with
*# OpenSSH is to specify options with their default value where
*# possible, but leave them commented. Uncommented options override the
*# default value.

*#Port 22
*#AddressFamily any
*#ListenAddress 0.0.0.0
*#ListenAddress ::

*#HostKey /etc/ssh/ssh_host_rsa_key
*#HostKey /etc/ssh/ssh_host_ecdsa_key
*#HostKey /etc/ssh/ssh_host_ed25519_key

*# Ciphers and keying
*#RekeyLimit default none

*# Logging
*#SyslogFacility AUTH
*#LogLevel INFO

*# Authentication:

*#LoginGraceTime 2m
*#PermitRootLogin prohibit-password
*#StrictModes yes
*#MaxAuthTries 6
*#MaxSessions 10

*#PubkeyAuthentication yes

*# Expect .ssh/authorized_keys2 to be disregarded by default in future.
*#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

*#AuthorizedPrincipalsFile none

*#AuthorizedKeysCommand none
*#AuthorizedKeysCommandUser nobody

*# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
*#HostbasedAuthentication no
*# Change to yes if you don't trust ~/.ssh/known_hosts for
*# HostbasedAuthentication
*#IgnoreUserKnownHosts no
*# Don't read the user's ~/.rhosts and ~/.shosts files
*#IgnoreRhosts yes

*# To disable tunneled clear text passwords, change to no here!
*#PasswordAuthentication yes
*#PermitEmptyPasswords no

*# Change to yes to enable challenge-response passwords (beware issues with
*# some PAM modules and threads)
ChallengeResponseAuthentication no

*# Kerberos options
*#KerberosAuthentication no
*#KerberosOrLocalPasswd yes
*#KerberosTicketCleanup yes
*#KerberosGetAFSToken no

*# GSSAPI options
*#GSSAPIAuthentication no
*#GSSAPICleanupCredentials yes
*#GSSAPIStrictAcceptorCheck yes
*#GSSAPIKeyExchange no

*# Set this to 'yes' to enable PAM authentication, account processing,
*# and session processing. If this is enabled, PAM authentication will
*# be allowed through the ChallengeResponseAuthentication and
*# PasswordAuthentication. Depending on your PAM configuration,
*# PAM authentication via ChallengeResponseAuthentication may bypass
*# the setting of "PermitRootLogin without-password".
*# If you just want the PAM account and session checks to run without
*# PAM authentication, then enable this but set PasswordAuthentication
*# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

*#AllowAgentForwarding yes
*#AllowTcpForwarding yes
*#GatewayPorts no
X11Forwarding yes
*#X11DisplayOffset 10
*#X11UseLocalhost yes
*#PermitTTY yes
PrintMotd no
*#PrintLastLog yes
*#TCPKeepAlive yes
*#UseLogin no
*#UsePrivilegeSeparation sandbox
*#PermitUserEnvironment no
*#Compression delayed
*#ClientAliveInterval 0
*#ClientAliveCountMax 3
*#UseDNS no
*#PidFile /var/run/sshd.pid
*#MaxStartups 10:30:100
*#PermitTunnel no
*#ChrootDirectory none
*#VersionAddendum none

*# no default banner path
*#Banner none

*# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

*# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server

*# Example of overriding settings on a per-user basis
*#Match User anoncvs
*# X11Forwarding no
*# AllowTcpForwarding no
*# PermitTTY no
*# ForceCommand cvs server


Here






sudo netstat -tlpena | grep -i "ssh"






tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          25237      1260/sshd
tcp6 0 0 :::22 :::* LISTEN 0 25239 1260/sshd


AND






sudo iptables -S






-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT









share|improve this question

























  • Is SSH service listening on the ports you're trying to connect? perhaps iptables problem? Are you allowed to log in as root?

    – fugitive
    Nov 18 '17 at 11:02











  • Is there a firewall blocking access? Have you verified that sshd is running on remote end? This is the two most likely answers.

    – vidarlo
    Nov 18 '17 at 11:02











  • lol @vidarlo :)

    – fugitive
    Nov 18 '17 at 11:02











  • @vidarlo yeah there is firewall but i do not there is blocking access or not

    – ketty
    Nov 18 '17 at 11:03






  • 1





    Edit your question with output of iptables -S && netstat -tlpnea , also post your /etc/ssh/sshd_config

    – fugitive
    Nov 18 '17 at 11:04
















1












1








1


1






SSH connection has been working properly, but today unfortunately it stopped.



I had lots of tries to solve it.






linux@mylinux:~$ ssh root@XX.XX.XXX.XXX

ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused



linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -p 8787

ssh: connect to host XX.XX.XXX.XXX port 8787: Connection refused






>>>linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -vvv
OpenSSH_7.4p1 Ubuntu-10, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "XX.XX.XXX.XXX" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to XX.XX.XXX.XXX [XX.XX.XXX.XXX] port 22.
debug1: connect to address XX.XX.XXX.XXX port 22: Connection refused
ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused

ssh - status

>● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2017-11-18 15:42:28 IST; 31min ago
Main PID: 6940 (sshd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/ssh.service
└─6940 /usr/sbin/sshd -D


Also, I have removed openssh-sever and reinstalled it, but it can not succeed.



When I try to connect via localhost then it is a success, but on a remote site it is refused.



But I still can not succeed.



Why is my SSH connection refused?



cat /etc/ssh/sshd_config

Host *

*# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

*# This is the sshd server system-wide configuration file. See
*# sshd_config(5) for more information.

*# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

*# The strategy used for options in the default sshd_config shipped with
*# OpenSSH is to specify options with their default value where
*# possible, but leave them commented. Uncommented options override the
*# default value.

*#Port 22
*#AddressFamily any
*#ListenAddress 0.0.0.0
*#ListenAddress ::

*#HostKey /etc/ssh/ssh_host_rsa_key
*#HostKey /etc/ssh/ssh_host_ecdsa_key
*#HostKey /etc/ssh/ssh_host_ed25519_key

*# Ciphers and keying
*#RekeyLimit default none

*# Logging
*#SyslogFacility AUTH
*#LogLevel INFO

*# Authentication:

*#LoginGraceTime 2m
*#PermitRootLogin prohibit-password
*#StrictModes yes
*#MaxAuthTries 6
*#MaxSessions 10

*#PubkeyAuthentication yes

*# Expect .ssh/authorized_keys2 to be disregarded by default in future.
*#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

*#AuthorizedPrincipalsFile none

*#AuthorizedKeysCommand none
*#AuthorizedKeysCommandUser nobody

*# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
*#HostbasedAuthentication no
*# Change to yes if you don't trust ~/.ssh/known_hosts for
*# HostbasedAuthentication
*#IgnoreUserKnownHosts no
*# Don't read the user's ~/.rhosts and ~/.shosts files
*#IgnoreRhosts yes

*# To disable tunneled clear text passwords, change to no here!
*#PasswordAuthentication yes
*#PermitEmptyPasswords no

*# Change to yes to enable challenge-response passwords (beware issues with
*# some PAM modules and threads)
ChallengeResponseAuthentication no

*# Kerberos options
*#KerberosAuthentication no
*#KerberosOrLocalPasswd yes
*#KerberosTicketCleanup yes
*#KerberosGetAFSToken no

*# GSSAPI options
*#GSSAPIAuthentication no
*#GSSAPICleanupCredentials yes
*#GSSAPIStrictAcceptorCheck yes
*#GSSAPIKeyExchange no

*# Set this to 'yes' to enable PAM authentication, account processing,
*# and session processing. If this is enabled, PAM authentication will
*# be allowed through the ChallengeResponseAuthentication and
*# PasswordAuthentication. Depending on your PAM configuration,
*# PAM authentication via ChallengeResponseAuthentication may bypass
*# the setting of "PermitRootLogin without-password".
*# If you just want the PAM account and session checks to run without
*# PAM authentication, then enable this but set PasswordAuthentication
*# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

*#AllowAgentForwarding yes
*#AllowTcpForwarding yes
*#GatewayPorts no
X11Forwarding yes
*#X11DisplayOffset 10
*#X11UseLocalhost yes
*#PermitTTY yes
PrintMotd no
*#PrintLastLog yes
*#TCPKeepAlive yes
*#UseLogin no
*#UsePrivilegeSeparation sandbox
*#PermitUserEnvironment no
*#Compression delayed
*#ClientAliveInterval 0
*#ClientAliveCountMax 3
*#UseDNS no
*#PidFile /var/run/sshd.pid
*#MaxStartups 10:30:100
*#PermitTunnel no
*#ChrootDirectory none
*#VersionAddendum none

*# no default banner path
*#Banner none

*# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

*# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server

*# Example of overriding settings on a per-user basis
*#Match User anoncvs
*# X11Forwarding no
*# AllowTcpForwarding no
*# PermitTTY no
*# ForceCommand cvs server


Here






sudo netstat -tlpena | grep -i "ssh"






tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          25237      1260/sshd
tcp6 0 0 :::22 :::* LISTEN 0 25239 1260/sshd


AND






sudo iptables -S






-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT









share|improve this question
















SSH connection has been working properly, but today unfortunately it stopped.



I had lots of tries to solve it.






linux@mylinux:~$ ssh root@XX.XX.XXX.XXX

ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused



linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -p 8787

ssh: connect to host XX.XX.XXX.XXX port 8787: Connection refused






>>>linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -vvv
OpenSSH_7.4p1 Ubuntu-10, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "XX.XX.XXX.XXX" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to XX.XX.XXX.XXX [XX.XX.XXX.XXX] port 22.
debug1: connect to address XX.XX.XXX.XXX port 22: Connection refused
ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused

ssh - status

>● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2017-11-18 15:42:28 IST; 31min ago
Main PID: 6940 (sshd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/ssh.service
└─6940 /usr/sbin/sshd -D


Also, I have removed openssh-sever and reinstalled it, but it can not succeed.



When I try to connect via localhost then it is a success, but on a remote site it is refused.



But I still can not succeed.



Why is my SSH connection refused?



cat /etc/ssh/sshd_config

Host *

*# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

*# This is the sshd server system-wide configuration file. See
*# sshd_config(5) for more information.

*# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

*# The strategy used for options in the default sshd_config shipped with
*# OpenSSH is to specify options with their default value where
*# possible, but leave them commented. Uncommented options override the
*# default value.

*#Port 22
*#AddressFamily any
*#ListenAddress 0.0.0.0
*#ListenAddress ::

*#HostKey /etc/ssh/ssh_host_rsa_key
*#HostKey /etc/ssh/ssh_host_ecdsa_key
*#HostKey /etc/ssh/ssh_host_ed25519_key

*# Ciphers and keying
*#RekeyLimit default none

*# Logging
*#SyslogFacility AUTH
*#LogLevel INFO

*# Authentication:

*#LoginGraceTime 2m
*#PermitRootLogin prohibit-password
*#StrictModes yes
*#MaxAuthTries 6
*#MaxSessions 10

*#PubkeyAuthentication yes

*# Expect .ssh/authorized_keys2 to be disregarded by default in future.
*#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

*#AuthorizedPrincipalsFile none

*#AuthorizedKeysCommand none
*#AuthorizedKeysCommandUser nobody

*# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
*#HostbasedAuthentication no
*# Change to yes if you don't trust ~/.ssh/known_hosts for
*# HostbasedAuthentication
*#IgnoreUserKnownHosts no
*# Don't read the user's ~/.rhosts and ~/.shosts files
*#IgnoreRhosts yes

*# To disable tunneled clear text passwords, change to no here!
*#PasswordAuthentication yes
*#PermitEmptyPasswords no

*# Change to yes to enable challenge-response passwords (beware issues with
*# some PAM modules and threads)
ChallengeResponseAuthentication no

*# Kerberos options
*#KerberosAuthentication no
*#KerberosOrLocalPasswd yes
*#KerberosTicketCleanup yes
*#KerberosGetAFSToken no

*# GSSAPI options
*#GSSAPIAuthentication no
*#GSSAPICleanupCredentials yes
*#GSSAPIStrictAcceptorCheck yes
*#GSSAPIKeyExchange no

*# Set this to 'yes' to enable PAM authentication, account processing,
*# and session processing. If this is enabled, PAM authentication will
*# be allowed through the ChallengeResponseAuthentication and
*# PasswordAuthentication. Depending on your PAM configuration,
*# PAM authentication via ChallengeResponseAuthentication may bypass
*# the setting of "PermitRootLogin without-password".
*# If you just want the PAM account and session checks to run without
*# PAM authentication, then enable this but set PasswordAuthentication
*# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

*#AllowAgentForwarding yes
*#AllowTcpForwarding yes
*#GatewayPorts no
X11Forwarding yes
*#X11DisplayOffset 10
*#X11UseLocalhost yes
*#PermitTTY yes
PrintMotd no
*#PrintLastLog yes
*#TCPKeepAlive yes
*#UseLogin no
*#UsePrivilegeSeparation sandbox
*#PermitUserEnvironment no
*#Compression delayed
*#ClientAliveInterval 0
*#ClientAliveCountMax 3
*#UseDNS no
*#PidFile /var/run/sshd.pid
*#MaxStartups 10:30:100
*#PermitTunnel no
*#ChrootDirectory none
*#VersionAddendum none

*# no default banner path
*#Banner none

*# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

*# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server

*# Example of overriding settings on a per-user basis
*#Match User anoncvs
*# X11Forwarding no
*# AllowTcpForwarding no
*# PermitTTY no
*# ForceCommand cvs server


Here






sudo netstat -tlpena | grep -i "ssh"






tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          25237      1260/sshd
tcp6 0 0 :::22 :::* LISTEN 0 25239 1260/sshd


AND






sudo iptables -S






-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT






ssh 17.04






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Apr 14 '18 at 7:52









Peter Mortensen

1,03421016




1,03421016










asked Nov 18 '17 at 10:48









kettyketty

617




617













  • Is SSH service listening on the ports you're trying to connect? perhaps iptables problem? Are you allowed to log in as root?

    – fugitive
    Nov 18 '17 at 11:02











  • Is there a firewall blocking access? Have you verified that sshd is running on remote end? This is the two most likely answers.

    – vidarlo
    Nov 18 '17 at 11:02











  • lol @vidarlo :)

    – fugitive
    Nov 18 '17 at 11:02











  • @vidarlo yeah there is firewall but i do not there is blocking access or not

    – ketty
    Nov 18 '17 at 11:03






  • 1





    Edit your question with output of iptables -S && netstat -tlpnea , also post your /etc/ssh/sshd_config

    – fugitive
    Nov 18 '17 at 11:04





















  • Is SSH service listening on the ports you're trying to connect? perhaps iptables problem? Are you allowed to log in as root?

    – fugitive
    Nov 18 '17 at 11:02











  • Is there a firewall blocking access? Have you verified that sshd is running on remote end? This is the two most likely answers.

    – vidarlo
    Nov 18 '17 at 11:02











  • lol @vidarlo :)

    – fugitive
    Nov 18 '17 at 11:02











  • @vidarlo yeah there is firewall but i do not there is blocking access or not

    – ketty
    Nov 18 '17 at 11:03






  • 1





    Edit your question with output of iptables -S && netstat -tlpnea , also post your /etc/ssh/sshd_config

    – fugitive
    Nov 18 '17 at 11:04



















Is SSH service listening on the ports you're trying to connect? perhaps iptables problem? Are you allowed to log in as root?

– fugitive
Nov 18 '17 at 11:02





Is SSH service listening on the ports you're trying to connect? perhaps iptables problem? Are you allowed to log in as root?

– fugitive
Nov 18 '17 at 11:02













Is there a firewall blocking access? Have you verified that sshd is running on remote end? This is the two most likely answers.

– vidarlo
Nov 18 '17 at 11:02





Is there a firewall blocking access? Have you verified that sshd is running on remote end? This is the two most likely answers.

– vidarlo
Nov 18 '17 at 11:02













lol @vidarlo :)

– fugitive
Nov 18 '17 at 11:02





lol @vidarlo :)

– fugitive
Nov 18 '17 at 11:02













@vidarlo yeah there is firewall but i do not there is blocking access or not

– ketty
Nov 18 '17 at 11:03





@vidarlo yeah there is firewall but i do not there is blocking access or not

– ketty
Nov 18 '17 at 11:03




1




1





Edit your question with output of iptables -S && netstat -tlpnea , also post your /etc/ssh/sshd_config

– fugitive
Nov 18 '17 at 11:04







Edit your question with output of iptables -S && netstat -tlpnea , also post your /etc/ssh/sshd_config

– fugitive
Nov 18 '17 at 11:04












1 Answer
1






active

oldest

votes


















0














Edit your sshd config with:



Port 22
PermitRootLogin yes


and restart sshd service. Also, not sure why your lines starts with *, is that a formatting issue?
If there are * on sshd config please do sed -i 's/^*//g' /etc/ssh/sshd_config






share|improve this answer
























  • yeah there is formatting issue so i put "*"

    – ketty
    Nov 18 '17 at 11:29











  • not working!!!!!!again Connection refused

    – ketty
    Nov 18 '17 at 11:30











  • Have you done a restart of sshd to apply changes? Please show output of iptables -S and netstat -tlpena

    – fugitive
    Nov 18 '17 at 11:31











  • yes i do that!!!!!!!!

    – ketty
    Nov 18 '17 at 11:32






  • 4





    PermitRootLogin no would not lead to connectoin refused. Connection refused happens because nothing is listening, or a firewall somewhere in the path stops the connection.

    – vidarlo
    Nov 18 '17 at 11:45












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f977701%2fssh-connection-refused%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














Edit your sshd config with:



Port 22
PermitRootLogin yes


and restart sshd service. Also, not sure why your lines starts with *, is that a formatting issue?
If there are * on sshd config please do sed -i 's/^*//g' /etc/ssh/sshd_config






share|improve this answer
























  • yeah there is formatting issue so i put "*"

    – ketty
    Nov 18 '17 at 11:29











  • not working!!!!!!again Connection refused

    – ketty
    Nov 18 '17 at 11:30











  • Have you done a restart of sshd to apply changes? Please show output of iptables -S and netstat -tlpena

    – fugitive
    Nov 18 '17 at 11:31











  • yes i do that!!!!!!!!

    – ketty
    Nov 18 '17 at 11:32






  • 4





    PermitRootLogin no would not lead to connectoin refused. Connection refused happens because nothing is listening, or a firewall somewhere in the path stops the connection.

    – vidarlo
    Nov 18 '17 at 11:45
















0














Edit your sshd config with:



Port 22
PermitRootLogin yes


and restart sshd service. Also, not sure why your lines starts with *, is that a formatting issue?
If there are * on sshd config please do sed -i 's/^*//g' /etc/ssh/sshd_config






share|improve this answer
























  • yeah there is formatting issue so i put "*"

    – ketty
    Nov 18 '17 at 11:29











  • not working!!!!!!again Connection refused

    – ketty
    Nov 18 '17 at 11:30











  • Have you done a restart of sshd to apply changes? Please show output of iptables -S and netstat -tlpena

    – fugitive
    Nov 18 '17 at 11:31











  • yes i do that!!!!!!!!

    – ketty
    Nov 18 '17 at 11:32






  • 4





    PermitRootLogin no would not lead to connectoin refused. Connection refused happens because nothing is listening, or a firewall somewhere in the path stops the connection.

    – vidarlo
    Nov 18 '17 at 11:45














0












0








0







Edit your sshd config with:



Port 22
PermitRootLogin yes


and restart sshd service. Also, not sure why your lines starts with *, is that a formatting issue?
If there are * on sshd config please do sed -i 's/^*//g' /etc/ssh/sshd_config






share|improve this answer













Edit your sshd config with:



Port 22
PermitRootLogin yes


and restart sshd service. Also, not sure why your lines starts with *, is that a formatting issue?
If there are * on sshd config please do sed -i 's/^*//g' /etc/ssh/sshd_config







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 18 '17 at 11:21









fugitivefugitive

748414




748414













  • yeah there is formatting issue so i put "*"

    – ketty
    Nov 18 '17 at 11:29











  • not working!!!!!!again Connection refused

    – ketty
    Nov 18 '17 at 11:30











  • Have you done a restart of sshd to apply changes? Please show output of iptables -S and netstat -tlpena

    – fugitive
    Nov 18 '17 at 11:31











  • yes i do that!!!!!!!!

    – ketty
    Nov 18 '17 at 11:32






  • 4





    PermitRootLogin no would not lead to connectoin refused. Connection refused happens because nothing is listening, or a firewall somewhere in the path stops the connection.

    – vidarlo
    Nov 18 '17 at 11:45



















  • yeah there is formatting issue so i put "*"

    – ketty
    Nov 18 '17 at 11:29











  • not working!!!!!!again Connection refused

    – ketty
    Nov 18 '17 at 11:30











  • Have you done a restart of sshd to apply changes? Please show output of iptables -S and netstat -tlpena

    – fugitive
    Nov 18 '17 at 11:31











  • yes i do that!!!!!!!!

    – ketty
    Nov 18 '17 at 11:32






  • 4





    PermitRootLogin no would not lead to connectoin refused. Connection refused happens because nothing is listening, or a firewall somewhere in the path stops the connection.

    – vidarlo
    Nov 18 '17 at 11:45

















yeah there is formatting issue so i put "*"

– ketty
Nov 18 '17 at 11:29





yeah there is formatting issue so i put "*"

– ketty
Nov 18 '17 at 11:29













not working!!!!!!again Connection refused

– ketty
Nov 18 '17 at 11:30





not working!!!!!!again Connection refused

– ketty
Nov 18 '17 at 11:30













Have you done a restart of sshd to apply changes? Please show output of iptables -S and netstat -tlpena

– fugitive
Nov 18 '17 at 11:31





Have you done a restart of sshd to apply changes? Please show output of iptables -S and netstat -tlpena

– fugitive
Nov 18 '17 at 11:31













yes i do that!!!!!!!!

– ketty
Nov 18 '17 at 11:32





yes i do that!!!!!!!!

– ketty
Nov 18 '17 at 11:32




4




4





PermitRootLogin no would not lead to connectoin refused. Connection refused happens because nothing is listening, or a firewall somewhere in the path stops the connection.

– vidarlo
Nov 18 '17 at 11:45





PermitRootLogin no would not lead to connectoin refused. Connection refused happens because nothing is listening, or a firewall somewhere in the path stops the connection.

– vidarlo
Nov 18 '17 at 11:45


















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f977701%2fssh-connection-refused%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

數位音樂下載

When can things happen in Etherscan, such as the picture below?

格利澤436b