SSH doesn't work: No route to host [Archive]

View Full Version : SSH doesn't work: No route to host

linuxsys

26th January 2012, 02:21 PM

Hi all,

I was connected to a mail server via PuTTY and all of a sudden the connecttion dropped and I've tried everything and no luck. My SSH is not the default port 22. Here are the commands I ran,

# ssh -l root mailservername -p [my ssh port number]
ssh: connect to host mailservername port [my ssh port number]: No route to host
# ssh -l root IPnumber -p [my ssh port number]
ssh: connect to host IPnumber port [my ssh port number]: No route to host

Ping works just fine

ssh localhost works just fine

#ps aux | grep ssh
root 6583 0.0 0.1 69452 15740 tty1 S+ 14:05 0:00 ssh root@localhost –p [my ssh port number]
root 6584 0.0 0.0 88996 3492 ? Ss 14:05 0:00 sshd: root@pts.0
root 17285 0.0 0.0 61664 1188 ? Ss 14:26 0:00 /user/sbin/sshd
root 29790 0.0 0.0 61208 772 pts/0 S+ 14:49 0:00 grep ssh

Restarted iptables didn’t help either. SELinux is already in Permissive mode:

#getenforce
Permissive

Installed NMAP and scanned the ports and didn't see the SSH:

#nmap
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-01-25
Interesting ports on localhost.localdomain (127.0.0.1)
Not shown: 1669 closed ports
PORT STATE SERVICE
[number]/tcp open smtp
[number]/tcp open http
[number]/tcp open pop3
[number]/tcp open netbios-ssn
[number]/tcp open imap
[number]/tcp open https
[number]/tcp Microsoft-ds
[number]/tcp open smtps
[number]/tcp open ipp
[number]/tcp open imaps
[number]/tcp open pop3s

traceroute from a client to this mail server returns:

# traceroute [mailservername]
traceroute to mailservername (mail server IP), 30 hops max, 60 byte packets
1 mailserver.domain.com (mail server IP) 8.850 ms !X 8.841 ms !X 8.832 ms !X

And from the mailserver to a client gave me a long output with some *** at the end. I was at the console and took pictures of the output but since that output was long couldn't capture it.

The mail server is up and running but SSH to that box just doesn't work.

would someone please help me fix this issue? I'd really appreciate it.

Thank you

PabloTwo

26th January 2012, 02:54 PM

linuxsys

26th January 2012, 03:20 PM

If this works:
ssh root@<ipaddress> -p <portnumber>
then you could set the ipaddress for the remote host (mailservername) in your /etc/hosts file. Use the format:
ipaddress mailservername
The ipaddress and port# of the remote host should already be set in your ~/.ssh/known_hosts file, but it may or may not contain the hostname for that particular site.

Thanks for your reply.

From the remote host ssh to the mail server no longer works, that's the problem. So the first command that you posted returns no route to host.
Just to clarify, on the mail server ssh localhost works.

On the remote server where I was trying to SSH to the mail server from, the ip address and name of the mail server is already added to the hosts file.

PabloTwo

26th January 2012, 03:28 PM

linuxsys

26th January 2012, 03:30 PM

OK, I didn't pick up on the fact that you trying to ssh into mailservername from a remote server that you were already connected into via ssh. In that case, I'll leave it up to one or more of the network savy users here to guide you, as I'm not particularly qualified in that case.

Thanks for your reply. Yes, the ssh works on the mailserver itself but when I try to connect to the mailserver remotely, it won't work (it used to work before up until couple days ago).

pindakoe

26th January 2012, 08:15 PM

I did have the same issue when setting up my box. In that case it turned out that the firewall was blocking access to my SSH port (I think). Changing SSHD to listen on default 22 worked (at the time wasn't far enough into iptabels to open other ports). also /etc/hosts.allow and hosts.deny may be the reason for the block (if hosts.deny lists ALL:ALL)

linuxsys

27th January 2012, 05:42 PM

Thank you for your answer. Do you by any chance know how I can open that custom port again? Going back to port 22 is not recommended in my case...

I did this and no luck:

iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport {my ssh port} ACCEPT

---------- Post added at 05:42 PM ---------- Previous post was at 01:54 PM ----------

This is what I found in each file:

iptables:

# Generated by iptables-save v1.3.5 on Fri Jan 27 12:16:54 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10396207:8077141142]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -p tcp -m tcp --dport {my ssh port} -j ACCEPT
-A INPUT -p tcp -m tcp --dport {my ssh port} -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 7071 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Jan 27 12:16:54 2012

hosts.deny:
nginx: .google.com
68.x.x.x : sshd
ALL: .ru
ALL: .cn

hosts.allow:
This file was empty