Question

SSH: Port 22 closed

Posted September 14, 2021 610 views
NetworkingUbuntu 20.04

I cannot connect to port 22, I tried adjusting the MTU to 1100. Still no change, enabling root login, checking the iptables and ufw. My SSH Public Key is configured and the public ip is pointing to these servers.
Here is the ssh -vvv user@domain

OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 1: Applying options for elizabethportfolio.co.uk
debug3: kex names ok: [diffie-hellman-group1-sha1]
debug1: /home/user/.ssh/config line 4: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "domain" port 22
debug2: ssh_connect_direct
debug1: Connecting to domain [ip] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version dropbear_0.46
debug1: no match: dropbear_0.46
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to domain:22 as 'user'
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: 3des-cbc
debug2: ciphers stoc: 3des-cbc
debug2: MACs ctos: hmac-sha1,hmac-md5
debug2: MACs stoc: hmac-sha1,hmac-md5
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: diffie-hellman-group1-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: 3des-cbc MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: 3des-cbc MAC: hmac-sha1 compression: none
debug2: bits set: 494/1024
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by ip port 22

Removed ciphers and Hex. My name and domain for privacy. I have tried with the public ip as well but no difference.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers

Hi @quietone,

Can you show us your UFW status? Additionally, if you type in:

sudo ufw allow “OpenSSH”

does the problem resolve itself?

Another solution you might want to try is disable ufw and see if you are able to connect to your droplet. If you have IPtables remember to enable port 22 there.

  • sudo ufw allow OpenSSH
    
    Rule added
    Rule added (v6)
    

    Seemed to missed that.

    
     ssh root.ip 
    ``````Connection closed ip port 22
    
  • sudo ufw allow OpenSSH
    rule added
    

    Tried again port 22 closed.

    Port 22 on iptables again to be sure,

    Disabled firewall.

    Yet Port 22 remains to be closed.

    • Hi @quietone,

      Hmm, that is strange, anyway, I can see you’ve posted that your /etc/hosts.deny file has ALL:PARANOID, it is commented with an # before that or no? What I mean is :

      # ALL: PARANOID
      

      If here is no # in front of the line then it’s active and that is what’s preventing you to enter via SSH.

Hello, @quietone

The connection is established but it is then closed from the server. What you can do is to check if the host access control is enabled. To do that check if the following files are present and if they have rules added to them:

/etc/hosts.allow and /etc/hosts.deny

Also check the permissions of the following files /etc/ssh_host_rsa_key and /etc/ssh_host_dsa_key. They all must be 0600.

Another thing to check is the /etc/ssh/sshd_config file for other security settings.

Regards,
Alex