[SOLVED] ssh: connect to host my.ip.address port 22: Connection refused

Issues related to configuring your network
aaroncoding
Posts: 8
Joined: 2020/01/17 14:44:36

[SOLVED] ssh: connect to host my.ip.address port 22: Connection refused

Post by aaroncoding » 2020/01/17 14:56:57

I have been happily using ssh + vim + tmux for about a month on this particular linode vps, but today I tried to login and got the infamous:

Code: Select all

 ssh: connect to host my.ip.address port 22: Connection refused
I have tried:
- logging in from linode web console (works fine!)
- logging in from another computer (gets the same error)
- log into a different user on the vps (same error)
- reboot the vps and try again (same error)
- `systemctl stop` nginx, firewalld, and nftables, then try again (same error)
- `systemctl status sshd` shows it active and running.

also checked processes

Code: Select all

    [aaron@dev ssh]$ ps -ax | grep ssh
    731 ?        Ss     0:00 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,ca
    6402 ttyS0    R+     0:00 grep --color=auto ssh
Last edited by aaroncoding on 2020/01/18 18:50:37, edited 1 time in total.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: ssh: connect to host my.ip.address port 22: Connection refused

Post by TrevorH » 2020/01/17 15:57:47

And is your VPS ip address still the same as it was? Is the firewall configured to allow port 22?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: ssh: connect to host my.ip.address port 22: Connection refused

Post by hunter86_bg » 2020/01/17 17:48:35

If you have any access to the VPS:
1. Check if anything is reaching your VPS (I guess you have some console):

Code: Select all

 tcpdump -i any port  22
2. Run ssh from your personal pc:

Code: Select all

timeout -s  9 20 ssh user@vps
3. Paste the output of the tcpdump (that was running on the VPS)

aaroncoding
Posts: 8
Joined: 2020/01/17 14:44:36

Re: ssh: connect to host my.ip.address port 22: Connection refused

Post by aaroncoding » 2020/01/18 01:50:55

Thanks for the responses! :)

Yes it is still the same ip address.

@hunter86_bg the tcpdump output was:

Code: Select all

listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
01:46:20.847950 IP d66-183-61-216.bchsia.telus.net.54468 > li613-32.members.lin0
01:46:20.848066 IP li613-32.members.linode.com.ssh > d66-183-61-216.bchsia.telu0
01:46:21.430541 IP d66-183-61-216.bchsia.telus.net.54468 > li613-32.members.lin0
01:46:21.430666 IP li613-32.members.linode.com.ssh > d66-183-61-216.bchsia.telu0
01:46:22.013461 IP d66-183-61-216.bchsia.telus.net.54468 > li613-32.members.lin0
01:46:22.013579 IP li613-32.members.linode.com.ssh > d66-183-61-216.bchsia.telu0
01:46:22.597188 IP d66-183-61-216.bchsia.telus.net.54468 > li613-32.members.lin0
01:46:22.597316 IP li613-32.members.linode.com.ssh > d66-183-61-216.bchsia.telu0
01:46:23.181193 IP d66-183-61-216.bchsia.telus.net.54468 > li613-32.members.lin0
01:46:23.181316 IP li613-32.members.linode.com.ssh > d66-183-61-216.bchsia.telu0

aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: ssh: connect to host my.ip.address port 22: Connection refused

Post by aks » 2020/01/18 05:43:32

The "Connection refused" strongly suggests one of four things:
1. The daemon is not listening on the active interface (i.e.: it's not running, or it's not listening on the IP address you are using).
2. You're getting an ICMP denied message (which won't show up in your tcpdump). Usually if a firewall is blocking and not answering due to (IMO misguided) idea of not answering as an attempt to prevent firewalking, you just time out.
3. A mismatch (or no agreed) protocols exists between the client and server.
4. Something is mis-labeled (or a se boolean is switch on that was off by default), and SELinux is stopping the connection.

You could use telnet (or any line based TCP protocol) to validate the connectivity, as in telnet to the server on that port, if you connect, then it's not networking.
Running ssh -vvvv can help with determining if there's a kex or the like mismatch - also logs server side can help.
Setting se to permissive and attempting the connection would eliminate SELinux.

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: ssh: connect to host my.ip.address port 22: Connection refused

Post by hunter86_bg » 2020/01/18 08:04:09

1. DNS resolves your FQDN
2. Seems that traffic is arriving and going back
3. Check if linode have some kind of firewall, that you have to open, as per the tcpdump the system responds.

As aks has mentioned , there could be a mimatch between client and server.
Run

Code: Select all

ssh -vvvv user@vps 

aaroncoding
Posts: 8
Joined: 2020/01/17 14:44:36

Re: ssh: connect to host my.ip.address port 22: Connection refused

Post by aaroncoding » 2020/01/18 17:24:48

Oh this is interesting! I've never used telnet, so maybe I'm doing it wrong, but it gives me almost the same error as ssh!

Code: Select all

> telnet 162.216.18.32                                                                           
Trying 162.216.18.32...                                                                                                
telnet: Unable to connect to remote host: Connection refused
> telnet 162.216.18.32 22
Trying 162.216.18.32...                                                                                                
telnet: Unable to connect to remote host: Connection refused
Ok I tried

Code: Select all

setenforce 0
same error.

Code: Select all

> ssh -vvv aaron@162.216.18.32                                                                  
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017                                                             
debug1: Reading configuration data /home/aaron/.ssh/config                                                              
debug1: Reading configuration data /etc/ssh/ssh_config                                                                  
debug1: /etc/ssh/ssh_config line 19: Applying options for *                                                             
debug2: resolving "162.216.18.32" port 22                                                                               
debug2: ssh_connect_direct: needpriv 0                                                                                  
debug1: Connecting to 162.216.18.32 [162.216.18.32] port 22.                                                            
debug1: connect to address 162.216.18.32 port 22: Connection refused                                                    
ssh: connect to host 162.216.18.32 port 22: Connection refused 
I'm pretty sure daemon is running because:

Code: Select all

> sudo systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset>
   Active: active (running) since Fri 2020-01-17 02:12:12 UTC; 1 day 14h ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 6458 (sshd)
    Tasks: 1 (limit: 5067)
   Memory: 1.1M
   CGroup: /system.slice/sshd.service
           └─6458 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-p>

Jan 17 02:12:12 vp_dev systemd[1]: Starting OpenSSH server daemon...
Jan 17 02:12:12 vp_dev sshd[6458]: Server listening on :: port 22.
Jan 17 02:12:12 vp_dev systemd[1]: Started OpenSSH server daemon.
I can't find anything about a firewall specific to linode.
I tried doing this with firewalld stopped and it made no difference.

It happens pretty much instantly, so I doubt it's a timeout.

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: ssh: connect to host my.ip.address port 22: Connection refused

Post by hunter86_bg » 2020/01/18 17:37:39

I think I saw your problem :)
It says listening on ':: port 22' which is ipv6.

Here is the output from one of the systems I have :

Code: Select all

[root@system ~]# sshd  -T |  grep listen
listenaddress [::]:22
listenaddress 0.0.0.0:22
[root@system ~]#
What is the output of 'sshd -T | grep listen' ?

Edit:
Check the ports your ssh daemon is listening via:

Code: Select all

netstat -tulpena | grep LISTEN | grep  ':22'

aaroncoding
Posts: 8
Joined: 2020/01/17 14:44:36

Re: ssh: connect to host my.ip.address port 22: Connection refused

Post by aaroncoding » 2020/01/18 17:51:55

I get this

Code: Select all

> sshd -T | grep listen
listenaddress [::]:22
permitlisten any

aaroncoding
Posts: 8
Joined: 2020/01/17 14:44:36

Re: ssh: connect to host my.ip.address port 22: Connection refused

Post by aaroncoding » 2020/01/18 17:58:12

You were right!

Code: Select all

> netstat -tulpena | grep LISTEN | grep ':22'
tcp6       0      0 :::22                   :::*                    LISTEN
How would I fix it though? I'm way out of my depths at this point :shock:

Post Reply