Cannot remotely connect using ssh

[samrat_rao]

Hi,

I can connect to local systems using ssh but not any remote connection. i get this error:

ssh: connect to host 'reqdipaddr' in port 22: Connection refused

I cant ping to 'reqdipaddr'.

I have these lines in /etc/profile

http_proxy=http://iiscproxy.serc.iisc.ernet.in:3128/
ftp_proxy=http://iiscproxy.serc.iisc.ernet.in:3128/

Code: Select all

/sbin/service iptables status

Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Code: Select all

traceroute 'reqdipaddr'

traceroute to 'reqdipaddr' ('reqdipaddr'), 30 hops max, 40 byte packets
1 10.116.1.1 (10.116.1.1) 1.298 ms 1.665 ms 2.003 ms
2 * * *
3 10.10.2.65 (10.10.2.65) 2.181 ms 2.172 ms 2.155 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

Code: Select all

/sbin/iptables-save

# Generated by iptables-save v1.3.5 on Sat Feb 13 17:30:37 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [651434:58171986]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sat Feb 13 17:30:37 2016

Suggestions please. Thanks.

[TrevorH]

Your connection is being refused by the remote server. Are those firewall rules that you posted for the remote system or the local one? The local one's rules are immaterial unless there are entries in the OUTPUT chain. It's also possible that some firewall between your local system and the remote one is denying the traffic but you'd have to ask your network admins about that. There is no equivalent to http_proxy= for ssh connections.

[samrat_rao]

Hi Trevor, thanks for the reply.

All the rules i've posted are for my machine. I have no rights over the remote server.

Before posting here I asked the guys in charge of the remote server, they couldn't solve my problem. They said that they have given me access to their systems.

Now i am in an institution where all the traffic is routed through servers. So you are suggesting that there are additional firewalls between my system and the remote server?

[TrevorH]

Something between you and the destination server is rejecting the traffic. Either that is the destination server itself or it's a router between you and the destination. There's nothing you can do about that except complain to the people who _think_ they've given you access.

[samrat_rao]

Thanks Trevor, for making it simpler for me.