====== Ubuntu - SSH - Troubleshooting SSH ====== First, check that the SSH daemon is running: sudo ps -A | grep sshd This command should produce a line(s) like this: ?   00:00:00   sshd If there is no line, your SSH daemon is not running. If it is, you should next check that it's listening for incoming connections: sudo netstat --inet -lpn | grep sshd This command should produce a line that looks like this: tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN /sshd If there is more than one line, then your SSH daemon is listening on more than one port - you might want to go back and delete some Port lines in your sshd_config file. If there are no lines, your SSH daemon isn't listening on any ports, so you need to add at least one Port line. If the line specifies something other than "0.0.0.0:22", then your SSH daemon is listening on a non-standard port or address, which you might want to fix. Next, try logging in from your own computer: sudo ssh -v localhost ...which should show something like: OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to localhost [127.0.0.1] port 22. debug1: connect to address 127.0.0.1 port 22: Connection refused ssh: connect to host localhost port 22: Connection refused Notice that the connection was refused. This is due to the earlier config that limited access only from 192.168.0.11. In this case, that allowed IP address was not used, and an attempt was made to login using localhost instead. Lets retry logging in using an allowed IP address: sudo ssh -v 192.168.0.11 ...which should show something like: OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 192.168.0.11 [192.168.0.11] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: SELinux support disabled debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2p2 Ubuntu-6ubuntu0.1 debug1: match: OpenSSH_6.2p2 Ubuntu-6ubuntu0.1 pat OpenSSH* debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA b7:60:9d:55:7e:43:6a:33:f8:b1:57:54:93:4a:b7:b3 The authenticity of host '192.168.0.11 (192.168.0.11)' can't be established. ECDSA key fingerprint is b7:60:9d:55:7e:43:6a:33:f8:b1:57:54:93:4a:b7:b3. Are you sure you want to continue connecting (yes/no)? This will print a lot of debugging information, and will then prompt whether you want to connect. Enter **yes**. ...which should show some additional lines: Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.11' (ECDSA) to the list of known hosts. debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent Write failed: Broken pipe The **Write failed: Broken pipe** message is caused by a timeout issue. You may recall that the login time was limited in the earlier config. **NOTE**: This has however added our WAN IP address into the list of known hosts. Simply rerun by issuing the following command again. sudo ssh -v 192.168.0.11 ...which should show something like: debug1: Server host key: ECDSA b7:60:9d:55:7e:43:6a:33:f8:b1:57:54:93:4a:b7:b3 debug1: Host '192.168.1.11' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:1 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/id_rsa debug1: Trying private key: /root/.ssh/id_dsa debug1: Trying private key: /root/.ssh/id_ecdsa debug1: Next authentication method: password root@192.168.1.11's password: Remember that the password will only be accepted if the corresponding user is allowed access in by SSH. In this case this would not work, as root was not an allowed user. Try logging in from a valid user's account. For instance to login using john as the username use: sudo ssh -v 192.168.0.11 -l john ...which should show something like: ... john@192.168.1.11's password: debug1: Authentication succeeded (password). Authenticated to 192.168.1.11 ([192.168.1.11]:22). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LC_PAPER = en_GB.UTF-8 debug1: Sending env LC_ADDRESS = en_GB.UTF-8 debug1: Sending env LC_MONETARY = en_GB.UTF-8 debug1: Sending env LC_NUMERIC = en_GB.UTF-8 debug1: Sending env LC_TELEPHONE = en_GB.UTF-8 debug1: Sending env LC_IDENTIFICATION = en_GB.UTF-8 debug1: Sending env LANG = en_GB.UTF-8 debug1: Sending env LC_MEASUREMENT = en_GB.UTF-8 debug1: Sending env LC_TIME = en_GB.UTF-8 debug1: Sending env LC_NAME = en_GB.UTF-8 Welcome to Ubuntu 13.10 (GNU/Linux 3.11.0-18-generic x86_64) * Documentation: https://help.ubuntu.com/ System information as of Mon Mar 24 21:38:35 GMT 2014 System load: 0.08 Processes: 117 Usage of /home: 0.4% of 452MB Users logged in: 0 Memory usage: 3% IP address for eth0: 192.168.1.11 Swap usage: 0% IP address for eth1: 192.168.2.1 Graph this data and manage this system at: https://landscape.canonical.com/ Last login: Mon Mar 24 21:38:41 2014 from 192.168.1.184 If nothing happens, you might need to tell your computer's firewall to allow connections on port 22 (See the FireWall Security section). Once logged in, to leave the SSH command-line, type: exit