Member Avatar for Tinnin

Hi All,

I have a server that I'm using as a Git repository. I'm trying to clone from this repository to a GoDaddy server. I am getting the error "ssh: connect to host <my git server ip and port>: connection refused.

I have checked the ssh_configs, sshd running, rsa keys, openssh-server/client, some stuff I forget, ...

I haven't been able to fix the problem or google anything that has moved the issue along.

I would talk to the kind folks at GoDaddy about this but the last two times I've called up I end up giving them technical support (and bearing in mind I know very little about servers and such, this is very disheartening).

Any help, advice or nudges in the right direction would be greatly appreciated.

Thanks.

  • 4 Contributors
  • 9 Replies
  • 829 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by Tinnin
Member Avatar for c-tech

Hi Tinnin,
Have you been able to log in to the server from another location before? If not, please check your firewall settings on the server, IPTables maybe? Please also advise on what distro of Linux you are running on that server.

Member Avatar for rubberman

If you can, post the contents of /etc/ssh/sshd_config here.

Member Avatar for mike_2000_17

You could change the port to something other than 22 (which could be blocked by some firewall) and see if that works (when you change the port, you have to specify it when trying to connect to it).

Member Avatar for Tinnin

Hi guys.

Sorry about my late reply to your answers. Busy busy.

So this is my current setup (not changed since before my opening post).

/etc/ssh/sshd_config:

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 123
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM no

linux distribution:

Linux version 3.12.22+ (dc4@dc4-arm-01) (gcc version 4.7.2 20120731 (prerelease) (crosstool-NG linaro-1.13.1+bzr2458 - Linaro GCC 2012.08) ) #691 PREEMPT Wed Jun 18 18:29:58 BST 2014

I think this is what came with the NOOBS setup of the raspberry pi model B.

iptables -L:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Thanks

Member Avatar for Tinnin

A bit more info:
I've set up port forwarding for my router to the git server local ip ssh port.

When I run PFPortChecker to test for the connection I get a result of "Your port is OPEN on another device"

I assume this is why I can't connect from the GoDaddy side of things.

Is this something a can resolve on my git server or is it a problem elsewhere?

Member Avatar for mike_2000_17

It's probably not a good idea to use port 123, because that's the standard port for the network time protocol (NTP). It is likely to be in conflict with it.

When you need to pick an arbitrary port number for something like this, you should always pick something much higher (never below 1500, because most of those are reserved for standard protocols).

A typical port used for ssh, besides the standard 22 port, is the port 22022. In any case, try using a much bigger port number to stay clear of any standard protocol.

Member Avatar for Tinnin

I see. I set it back to port 22 for the time being but the issue persists. I'll try your suggestion of making it a high number.

Edited by Tinnin
Member Avatar for Tinnin

I've changed the port forwarding public port to 55555. This points to port 22 on my local server.
I've followed the instructions here to disable any firewall settings. Though I'm not sure how necessary that was as there was nothing there to begin with anyway.

iptable settings:

# Generated by iptables-save v1.4.14 on Thu Oct 30 15:18:35 2014
*mangle
:PREROUTING ACCEPT [179:14471]
:INPUT ACCEPT [179:14471]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [113:12721]
:POSTROUTING ACCEPT [113:12721]
COMMIT
# Completed on Thu Oct 30 15:18:35 2014
# Generated by iptables-save v1.4.14 on Thu Oct 30 15:18:35 2014
*nat
:PREROUTING ACCEPT [2:265]
:INPUT ACCEPT [2:265]
:OUTPUT ACCEPT [3:293]
:POSTROUTING ACCEPT [3:293]
COMMIT
# Completed on Thu Oct 30 15:18:35 2014
# Generated by iptables-save v1.4.14 on Thu Oct 30 15:18:35 2014
*filter
:INPUT ACCEPT [61:4762]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [34:4185]
COMMIT
# Completed on Thu Oct 30 15:18:35 2014

I tried to generate a key on the remote server and ssh-copy-id it to my local server but it still came up with connection refused.

It seems that attempting to connect via ssh through the dynamic dns using port forwarding, I get the "connection refused" message, yet I can connect locally via ssh through the local ip and port.

What could it be that I'm cocking up?

Member Avatar for Tinnin

update:
I found out that logs of ssh connections are kept in /var/log/syslog

I've been getting the response:

ddclient[2163]: WARNING: cannot connect to myip.dnsdynamic.com:80 socket: IO::Socket::INET: Bad hostname 'myip.dnsdynamic.com'

which comes from /etc/ddclient.conf which I set up using this guide when I set up a dynamic dns using dnsdynamic.

Any ideas on what I should be changing the line,

use=web, web=myip.dnsdynamic.com   # get ip from server.

to?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.