HPE Community
Operating System - HP-UX
1752778 Members
6068 Online
108789 Solutions
New Discussion юеВ

Re: HP server can not ssh to any other server

 
jagdish_3
New Member

тАО01-07-2009 11:05 AM

тАО01-07-2009 11:05 AM

HP server can not ssh to any other server

When I am trying to ssh to any other HP server its giving me the below error :

# ssh -v west
OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.30.014, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to west [10.3.201.217] port 22.
debug1: connect to address 10.3.201.217 port 22: Connection timed out
ssh: connect to host west port 22: Connection timed out


Please let me know any solution for this.
0 Kudos
Reply
8 REPLIES 8
Patrick Wallek
Honored Contributor

тАО01-07-2009 11:10 AM

тАО01-07-2009 11:10 AM

Re: HP server can not ssh to any other server

Are connections via ssh allowed on the server called "west"?

Is SSH installed and running on that server?
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО01-07-2009 11:11 AM

тАО01-07-2009 11:11 AM

Re: HP server can not ssh to any other server

Hi:

Is anybody home? Is the host named "west" up with 'ssh' running?

Regards!

...JRF...
0 Kudos
Reply
jagdish_3
New Member

тАО01-07-2009 11:56 AM

тАО01-07-2009 11:56 AM

Re: HP server can not ssh to any other server

Yes ssh is installed on server West and its not for this server ,its for each server i am trying to ssh through this server perkins..

Is it a problem with ssh_config file in perkins ?
These are the variables set there :

# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication yes
# RSAAuthentication yes
# PasswordAuthentication yes
# FallBackToRsh no
# UseRsh no
# BatchMode no
# CheckHostIP yes
StrictHostKeyChecking no
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_rsa
# Port 22
# Protocol 2,1
# Cipher blowfish
# EscapeChar ~
0 Kudos
Reply
VK2COT
Honored Contributor

тАО01-07-2009 04:18 PM

тАО01-07-2009 04:18 PM

Re: HP server can not ssh to any other server

Hello,

Since you have problem to ssh from
your server perkins to any other server,
here is the test plan:

a) Is routing on server perkins correct?
Can you route packets to servers in
question?

b) Do you run IP Filter on perkins?

c) Can you run the following from perkins
(to by-pass ssh commands):

# telnet west 22

d) Is your network firewalled? In other words, are you allowed to use SSH on LANs?

e) If ICMP is not blocked by firewalls,
can you test it from server perkins:

# traceroute west
# ping west

f) Log into server west and
verify that ssh daemon is listening on
public interface(s)!

Let us know.

Cheers,

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
Reply
yulianto piyut
Valued Contributor

тАО01-07-2009 07:34 PM

тАО01-07-2009 07:34 PM

Re: HP server can not ssh to any other server

1. check the connection of the other server (use ping & tracerroute)
2. can you telnet to other server?
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО01-08-2009 02:08 AM

тАО01-08-2009 02:08 AM

Re: HP server can not ssh to any other server

The error message was "connection timed out" instead of "connection refused". This means there was no response at all from the other server, not even the standard rejection response from a closed port.

The most common cause for this behavior is a firewall configured to drop the SSH traffic. The firewall might be an IPFilter on the HP-UX server, or a separate piece of network hardware, or a software firewall in the destination servers.

If HP-UX has IPFilter installed, its filtering rules are typically stored in /etc/opt/ipf directory.

If there is no IPFilter or any other firewall product installed in your HP-UX, contact your network administrator and continue troubleshooting with him/her.

Things to check:
- does the HP-UX server actually succeed in sending out the first SSH traffic packet?
- does that packet actually reach the destination server?
- if not, which device in the network stops the packet or sends it to a wrong direction?

You may have to plug in a network traffic analyzer at various points of the network to check these things.

If you can confirm that the SSH traffic reaches the destination server, then the problem must be with the destination server.

MK
MK
0 Kudos
Reply
Ganesan R
Honored Contributor

тАО01-08-2009 05:31 AM

тАО01-08-2009 05:31 AM

Re: HP server can not ssh to any other server

Hi Jagdish,

If you are sure SSH is installed and listening on port 22 on west, then I suspect there would be some firewall which is blocking the ssh request.

Work with your network team to open the port on the firewall. You can check with telnet command if the port is opened on firewall and reaching the destination.

#telnet west 22
Best wishes,

Ganesh.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО01-08-2009 07:15 AM

тАО01-08-2009 07:15 AM

Re: HP server can not ssh to any other server

Shalom,

On the target:
netstat -an | grep 22

That should show ssh listening on port 22.

If you have nmap on an external host you can use it to test the target host.

Also check for firewalls.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.