Anyone else with ssh problems after updating?

Hello,

Today, as usual, I ssh’ed to another computer and updated their packages (urpmi --wget --auto-update). Given the installation of new nvidia proprietary drivers, I reboot the computer.

After that, I can no longer ssh from one computer to the other. Both computers have sshd.socked active and listening. I turned the rooter off and on with no help.

Did anybody else experimented this? Is there a reason for that?

Thanks

During boot, many errors on samba, probably related to connections. However, Network seems ok, internet is ok, …

What happens exactly? Could you give an example of session?

There’s no much to say. In command line, I do,

$ ssh 192.168.0.100 (or whatelse is the address of the other computer)

and I only get,

connection refused

or

there's no route to ...

As I said earlier, Network is fine, internet is ok.

Ah! The problem is the same no matter if I change the computers.

Well, today everything is working fine again. No changes, all that happened is the complete turn off of everything.

Sorry for the false alarm, just would like to know what happened here.

Two different messages that might lead to two different kind of issues.
In the second case, I suspect a misconfiguration of your router. But the exact description of your network is needed to get a clue.
Anyway, if it works now that’s good.

And, the problem is back again!

I can access the rooter (192.168.0.1) and verify the IP of the other computer. Using the right IP ssh returns,

ssh: connect to host 192.168.0.100 port 22: No route to host

SSh seems to be working to connect to the very computer I’m using but not to connect to the other computer.

As an additional information, a ping to the other machine returns,

PING 192.168.0.100 (192.168.0.100) 56(84) bytes of data.
From 192.168.0.100 icmp_seq=1 Destination Host Prohibited

Also nmap gives,

$ nmap -Pn 192.168.0.100

Starting Nmap 7.40 ( https://nmap.org ) at 2017-06-08 23:02 -03
Stats: 0:00:32 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 49.30% done; ETC: 23:03 (0:00:34 remaining)
Stats: 0:00:33 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 50.40% done; ETC: 23:03 (0:00:32 remaining)
Stats: 0:00:48 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 77.55% done; ETC: 23:03 (0:00:14 remaining)
Stats: 0:00:49 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 80.15% done; ETC: 23:03 (0:00:12 remaining)
Stats: 0:00:50 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 80.85% done; ETC: 23:03 (0:00:12 remaining)
Stats: 0:00:51 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 83.30% done; ETC: 23:03 (0:00:10 remaining)
Nmap scan report for 192.168.0.100
Host is up (0.87s latency).
All 1000 scanned ports on 192.168.0.100 are filtered

Nmap done: 1 IP address (1 host up) scanned in 60.52 seconds

The problem continues …Could it be a modem/router problem?

Few (or none) clues to follow! From googling around, I changed permissions of
ssh_host_ed25519_key to 600 (at /etc/ssh). No help. If this problem has nothing to do with the rooter (I turned it off an on) it certainly was caused by some recent system update. However, since this problem appeared and disappeared, although for just one day, without a reasonable explanation, I tend to think that my rooter has problems.

It could help, anyway, if I could do something else for diagnosing the problem but I don’t know what.

Ok: what are the IP addresses of the ssh client, the router and the ssh server?

I didn’t reserve IP’s for other clients than the printer, the router is (always) 192.168.0.1, the server is between 192.168.0.100 and 192.168.0.102, the client usually gets 192.168.0.103 to 192.168.0.106. Now, the server is 192.168.0.100 and the client has 192.168.0.106. Access to the router is allowed from the server and the client. The list of DHCP clients is

ID Client name MAC address IP Renewing time
1 pc-central 00-22-4D-A7-2C-2D 192.168.0.100 01:47:51
2 Unknown 1C-C6-3C-48-33-DB 192.168.0.101 01:17:10
3 pc-local 74-2F-68-A9-59-8E 192.168.0.105 01:57:29
4 pc-local C0-4A-00-1D-C1-D7 192.168.0.102 01:59:19

That might be the cause of the message: no route to ...
You need to know the exact ip of the server when you launch
ssh 192.168.0.xxx
So let’s say the server’s ip is 192.168.0.100, what is the output of
ssh 192.168.0.100
?
(adjust the ip accordingly to the actual server’s ip)
If the message no route to ... occurs, what’s the output of:
ping 192.168.0.100
?
Normally the same kind of message should be displayed.
In that case, you should check the real server’s ip.
If the server gives an answer, that could mean that the port isn’t the default (22). In that case you should check the setting Port in the server’s /etc/ssh/sshd_config

If the message connection refused appears, then you should check the content of /etc/ssh/sshd_config in the server, especially the settings of:
ListenAddress and Port

I had this problem as well. It turned out it was a firewalld issues. Try running systemctl stop firewalld and see if ssh starts working. The default zone was empty so I set it to public but the permanent rule was set to allow ssh and the runtime was not allowing it. After making sure sshd was running and restarting firewalld things started working. I does fail again after some time.

JCLVanier and CLB,

Well, I usually know what is the current server’s address. Anyway, if I’m wrong, I try the next IP.

Now, server is 192.168.0.100 and

$ ssh 192.168.0.100
ssh: connect to host 192.168.0.100 port 22: No route to host

Ping gives,

$ ping 192.168.0.100
PING 192.168.0.100 (192.168.0.100) 56(84) bytes of data.
From 192.168.0.100 icmp_seq=3 Destination Host Prohibited
From 192.168.0.100 icmp_seq=4 Destination Host Prohibited
From 192.168.0.100 icmp_seq=5 Destination Host Prohibited
^C
--- 192.168.0.100 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4032ms

If I understood correctly, CLB succeeded in recovering ssh services but it failed again after some time.
I’m tending to think it may be some kind of hardware problem because I also had a similar experience here when I reset the router, in the next few minutes (seconds?) ssh was working and then stopped again.

I’ll test another router soon.

thanks you both

Login at the server, I could take a look a sshd_config. It looks commented:

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

Yes, that’s the default value: listening any address at port 22.
If there is no firewall server side, you might have to look into the router’s settings. It might disallow the communications between local hosts, only enabling the output to the Internet.
But, since sometimes it works, you’d better to try with another router if you can get one.

Did you try doing a systemctl stop firewalld on 192.168.0.100 and trying to ssh in from another machine? I was seeing the exact same two error messages and the cause was the firewall on the machine I was trying to ssh into.

Mine is a two way connection problem. Two hosts: pc-central (usually the server) and pc-local(my laptop). I cannot connect from each other via ssh. Thus, I think I should change firewalld configurations although everything was Ok with this very firewalld a couple of weeks ago, before a certain update.

I still have an old router that I used to test for hardware problems. I got no connection at all at my laptop, neither internet nor ssh with this old router.

I also took my chances with om-control-center=>firewall but I don’t know much about everything.

Many thanks anyway

I guess I’m still without any clue.