[SOLVED] Cannot ssh to localhost

[DevNll]

Strange problem: I can ssh in from a different machine, and I can ssh out to a different machine, but I can't ssh to localhost. I get a connection timeout.

Code:

# ssh -vv localhost
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection timed out
ssh: connect to host localhost port 22: Connection timed out

localhost is in /etc/hosts

iptables _shouldn't_ have been blocking the connection... but I added a special rule for it just in case:

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
[...]
ssh        tcp  --  anywhere             anywhere            tcp dpt:ssh

Chain ssh (1 references)
target     prot opt source               destination         
           tcp  --  anywhere             anywhere            state NEW recent: SET name: SSHBRUTE side: source 
DROP       tcp  --  anywhere             anywhere            state NEW recent: UPDATE seconds: 300 hit_count: 8 name: SSHBRUTE side: source 
ACCEPT     tcp  --  134.114.0.0/16       anywhere            tcp dpt:ssh 
ACCEPT     tcp  --  localhost.localdomain  anywhere            tcp dpt:ssh 
REJECT     tcp  --  anywhere             anywhere            state NEW reject-with icmp-port-unreachable

My /etc/hosts.allow and hosts.deny files are both blank.

netstat assures me that sshd is up and listening and not bound to a particular address:

Code:

netstat -an | grep :22
tcp        0      0 127.0.0.1:2208              0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:2207              0.0.0.0:*                   LISTEN      
tcp        0      0 :::22                       :::*                        LISTEN

On the attempt, nothing shows up in /var/log/messages or /var/log/secure.

I'm running out of ideas, and searching for other people's just gets me lots of folks who can ssh localhost but can't get anywhere else - the opposite of my problem. Any thoughts?

[DevNll]

*sigh*

That always seems to happen; you bash your head up against something for most of a morning, and as soon as you give in and post a question on a forum, you work it out.

It appears that my problem was the lack of a reverse DNS lookup, which ssh didn't like. If I ssh to the fully qualified domain name of the host, instead of using localhost or 127.0.0.1, it works fine.

Thanks,

- rob.

[DevNll]

Huh. Kind of obnoxious that marking this as solved makes it closed to any further posts. Got a PM from jippie with additional comments that seemed like they might be useful for other folks, so I've opened it long enough to post his comments here:

still an ssh to 127.0.0.1 should work. Too bad the thread is already closed, because something is wrong.
In your netstat -an you have port 22 listening only for IPv6 and not for IPv4.

This is what it should look like:

Code:

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN

check for the following line:

Code:

ListenAddress 0.0.0.0

in your sshd_config, and check your /etc/hosts for:

Code:

127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback

Enjoy!