I have a new laptop running Mint 14, and I want to scp files from my old Ubuntu Natty Narwhal laptop before I retire it. I've installed openssh-server on the new box and made a couple of changes to sshd_config; details below.
Both machines are connected to the same router which otherwise isn't doing anything, and both have their wireless turned off, so it doesn't interfere with anything. The Mint box, let's call it mint14server, is running gufw, but that's turned off too.
The problem: when I try to ssh to mint14server from my old Natty box, let's call it nattyclient, it times out. But I'm able to ping mint14server, and I'm able to ssh to its IP address from itself. I can't telnet to port 22 from nattyclient, and a traceroute only shows asterisks.
I've included as much diagnostic info as I can think of, and what I've seen asked for in other posts, below. Can anyone suggest what to try next? Any way to find out whether it's an OS issue or a router issue?
mint14server (a Lenovo T430s):
Here are the network details, a successful local session, and my /etc/ssh/sshd_config:
Code: Select all
mint14server:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 3c:97:0e:59:ea:8d
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: [blah] Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:52141 errors:0 dropped:0 overruns:0 frame:0
TX packets:93781 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7579768 (7.5 MB) TX bytes:8954948 (8.9 MB)
Interrupt:20 Memory:d2500000-d2520000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: [blah] Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:87510 errors:0 dropped:0 overruns:0 frame:0
TX packets:87510 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8340701 (8.3 MB) TX bytes:8340701 (8.3 MB)
usb0 Link encap:Ethernet HWaddr 02:15:e0:ec:01:00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
mint14server:~$ sudo restart ssh
ssh start/running, process 26151
mint14server:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 [blah]
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 3c:97:0e:59:ea:8d brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
inet6 [blah] scope link
valid_lft forever preferred_lft forever
4: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether 24:77:03:d8:aa:6c brd ff:ff:ff:ff:ff:ff
16: usb0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 02:15:e0:ec:01:00 brd ff:ff:ff:ff:ff:ff
mint14server:~$ ip r
default via 192.168.1.254 dev eth0 proto static
169.254.0.0/16 dev eth0 scope link metric 1000
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1 metric 1
mint14server:~$ ssh mikz@192.168.1.1
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
ECDSA key fingerprint is [blah].
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.1' (ECDSA) to the list of known hosts.
mikz@192.168.1.1's password:
Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-17-generic x86_64)
Welcome to Linux Mint
* Documentation: http://www.linuxmint.com
mikz@mint14server ~ $ exit
logout
Connection to 192.168.1.1 closed.
mint14server:~$ cat /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
# following line turned off by mikz 27/04/2013
PermitRootLogin no
StrictModes yes
# following line inserted by mikz 27/04/2013
AllowUsers mikz
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
Here are the network details, and some attempts to connect to the above server:
Code: Select all
nattyclient:~$ sudo restart network-manager
[sudo] password for mikz:
network-manager start/running, process 986
nattyclient:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:d3:3b:af:16
inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: [blah] Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:53348 errors:0 dropped:0 overruns:0 frame:0
TX packets:53796 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8135585 (8.1 MB) TX bytes:4989385 (4.9 MB)
Interrupt:16 Memory:ee000000-ee020000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: [blah] Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:495719 errors:0 dropped:0 overruns:0 frame:0
TX packets:495719 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:42285435 (42.2 MB) TX bytes:42285435 (42.2 MB)
nattyclient:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 [blah] scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:16:d3:3b:af:16 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.3/24 brd 192.168.1.255 scope global eth0
inet6 [blah] scope link
valid_lft forever preferred_lft forever
3: irda0: <NOARP> mtu 2048 qdisc noop state DOWN qlen 8
link/irda 00:00:00:00 brd ff:ff:ff:ff
4: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether 00:13:02:10:bf:1f brd ff:ff:ff:ff:ff:ff
nattyclient:~$ ip r
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.3 metric 1
169.254.0.0/16 dev eth0 scope link metric 1000
default via 192.168.1.254 dev eth0 proto static
nattyclient:~$ ssh mikz@192.168.1.1
ssh: connect to host 192.168.1.1 port 22: Connection timed out
nattyclient:~$ telnet 192.168.1.1 22
Trying 192.168.1.1...
telnet: Unable to connect to remote host: Connection timed out
nattyclient:~$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=0.653 ms
64 bytes from 192.168.1.1: icmp_req=2 ttl=64 time=0.414 ms
64 bytes from 192.168.1.1: icmp_req=3 ttl=64 time=0.425 ms
^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.414/0.497/0.653/0.111 ms
nattyclient:~$ traceroute 192.168.1.1
traceroute to 192.168.1.1 (192.168.1.1), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
nattyclient:~$
I disabled the wifi, and each machine is connected by an Ethernet cable. I've added port 22 in Configuration → Virtual Server → Port Mapping: the internal and external port ar 22, the internal IP address is 192.168.1.1, the time schedule is Always On, and a note says 'Port ranges forwarded internally will be the same as Externally'.