techxplore blog
18Aug

Error ssh: connect to host port 22: Connection refused

Have you ever encountered trying to connect remotely to an old Red Hat Linux release 7.3 (Valhalla) server via SSH, but is bugged by the error:

ssh: connect to host 192.168.110.110 port 22: Connection refused.

Well it seems like it pertains to IP tables of the server as the primary suspect.

I checked the IP tables service and it is not even started.

$ sudo /etc/init.d/iptables status
Table: mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Table: nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
$

Anyway, I added some entries to allow connection from client IP, then started IP tables service.

$ sudo /etc/init.d/iptables start
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying iptables firewall rules: [ OK ]
[ OK ]
$

I tested again SSH from the client computer but the error now changed:

$sudo ssh techexplore@192.168.110.110
ssh: connect to host 192.168.110.110 port 22: Connection refused
$

I tested SSH with the option -v for more output on the error and it shows:

$sudo ssh -v techexplore@192.168.110.110
OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.110.110 [192.168.110.110 ] port 22.
debug1: connect to address 192.168.110.110 port 22: Connection refused
ssh: connect to host 192.168.110.110 port 22: Connection refused
$

I tried also using telnet from the client computer but the error is the same:

$sudo telnet 192.168.110.110 22
Trying 192.168.110.110…
telnet: Unable to connect to remote host: Connection refused

This definitely is not caused by IP tables service as the error is thrown whether the service is up or down. The next thing to check is the security based on Linux system itself. There’s a simple access control language Linux that is based on client (host name/address, user name), and server (process name, host name/address) patterns. This is done by settings found in /etc/hosts.allow.

$sudo vi /etc/hosts.allow

This opened the file and it shows below: sshd access from limited client computer:

#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the ‘/usr/sbin/tcpd’ server.
#

~
~

Checked the client IP address:

$sudo ifconfig
eth0 Link encap:Ethernet HWaddr -.-.-.-
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5346421 errors:0 dropped:19312 overruns:0 frame:0
TX packets:1235181 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2082590684 (1.9 GiB) TX bytes:219577341 (209.4 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:369252 errors:0 dropped:0 overruns:0 frame:0
TX packets:369252 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:968658293 (923.7 MiB) TX bytes:968658293 (923.7 MiB)

tap100i0 Link encap:Ethernet HWaddr -.-.-.-
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:3005498 errors:0 dropped:0 overruns:0 frame:0
TX packets:7270485 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1420176662 (1.3 GiB) TX bytes:2221103471 (2.0 GiB)

vmbr0 Link encap:Ethernet HWaddr -.-.-.-
inet addr:192.168.200.200 Bcast:192.168.200.255 Mask:255.255.255.0
inet6 addr: -.-.-.- Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3038626 errors:0 dropped:0 overruns:0 frame:0
TX packets:2310358 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1328586130 (1.2 GiB) TX bytes:249736614 (238.1 MiB)

$

The client IP address is 192.168.200.200, then add this to the /etc/hosts.allow file.

$sudo vi /etc/hosts.allow

Edit the file, add on the last line and save:

#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the ‘/usr/sbin/tcpd’ server.
#

# SSH access only from selected computers
sshd: 192.168.200.200

~
~

Changes will not work until restarting the SSHD service.

Restart the sshd service with the following:

$sudo /etc/init.d/sshd reload

After restart ssh from client machine worked.

 

Leave a Reply