4

There are three machines in this scenario:

All the machines have Ubuntu 11.04 (Desktop A is a 64bit one) and have both openssh-server and openssh-client.

Now when I try to connect Desktop A to Laptop A or vice-versa by ssh [email protected] I get an error as 

port 22: No route to host

in both the cases.

I own both the machines, now if I try same commands from my friend's machine, i.e. via Desktop B, I can access both my Laptop and Desktop. But if I try to access Desktop B from my Laptop or by Desktop I get

port 22: Connection timed out

I even tried changing ssh port no. in ssh_config file but no success.

Note: that 'Laptop A' uses WiFi connection while 'Machine A' uses Ethernet Connection and 'Machine B' is on an entirely different network.

Laptop A && Desktop A -> Router/Nano_Rcvr provided to me by ISP. So to one Router two Machines are connected and can be accessed at the same time. here is my ifconfig output for both the machines :- Laptop

wlan0

Link encap:Ethernet  HWaddr X:X:X:X:00:bc  
inet addr:1.23.73.111  Bcast:1.23.95.255  Mask:255.255.224.0
inet6 addr: fe80::219:e3ff:fe04:bc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:108409 errors:0 dropped:0 overruns:0 frame:0
TX packets:82523 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000 
RX bytes:44974080 (44.9 MB)  TX bytes:22973031 (22.9 MB)

Desktop

eth0

Link encap:Ethernet  HWaddr X:X:X:X:c5:78  
inet addr:1.23.68.209  Bcast:1.23.95.255  Mask:255.255.224.0
inet6 addr: fe80::227:eff:fe04:c578/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:10380 errors:0 dropped:0 overruns:0 frame:0
TX packets:4509 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000 
RX bytes:1790366 (1.7 MB)  TX bytes:852877 (852.8 KB)
Interrupt:43 Base address:0x2000
Improve this question
8
  • 2
    This isn't a problem with SSH, it's a problem with your network config. You're looking in the wrong place. No route to host means that your machine can't work out how to route traffic of any kind to the other machine. Look again at the network config, make sure that's in order before you try and fix ssh.
    – EightBitTony
    Commented Jul 21, 2011 at 10:22
  • I posted same Q in Stackoverflow and they told me to put it in superuser. If you know how solve this prob can u gimme resources to look for the answer.
    – Nihar Sawant
    Commented Jul 21, 2011 at 10:34
  • Okay is machine B on a different Network but is connected to the same router? Im guessing all the IPS are internal not external, What are the actual networks these machines are on as 1.23.x.x isnt a valid internal range so i'm guessing you put that just for this question? It would help to have the actual addresses your using. Ping results etc...
    – squareborg
    Commented Jul 21, 2011 at 10:52
  • 2
    Your MAC address (Ethernet Media Access Controller hardware address, not Macintosh) is encoded into your statelessly autoconfigured IPv6 link-local address, and the first half of any MAC address is a vendor identifier called an Organizationally Unique Identifier or OUI, that you can look up on the IEEE website. Your desktop's NIC is from Intel or uses an Intel chipset.
    – Spiff
    Commented Jul 21, 2011 at 18:26
  • 1
    If this is a public wireless router (which it sounds like since they advertise OFDM/MIMO), it is likely configured to prevent peer-to-peer connections on the intranet
    – ernie
    Commented Nov 16, 2012 at 22:18

2 Answers 2

Reset to default
-1

These kinds of partial-connectivity problems with wireless involved usually come down to broken multicast handling causing ARPs not to get through reliably.

See the troubleshooting steps I recommended in this Answer: WiFi Network is fine for Macbook Pro and Win XP, but Win Vista "Limited Connectivity"

Improve this answer
3
  • well I can't understand most ;) of the part except WPA/WPA2 one. See my ISP is Tikona Digital Networks. So if some one wants to use WiFi Tikona provides a WiFi Dialer which is available only for Windows. So couple of days ago I figured out how to use WiFi Connection from Ubuntu n I wrote a blog too on it dewbot.posterous.com/… check it. Tht might help u about understanding my connection. Otherwise I tried changing WPA2 to WEP but its not working. I cant even establish the connection.
    – Nihar Sawant
    Commented Jul 21, 2011 at 12:35
  • So you're using a public Wi-Fi hotspot network or something? Or your ISP doesn't let you change the settings of your Wi-Fi router? My Answer assumed you have the ability to reconfigure your own Wi-Fi router.
    – Spiff
    Commented Jul 23, 2011 at 5:28
  • 1
    @Spiff looks like it's a wireless ISP connection utilizing MIMO, probably similar to what Clearwire used to offer in the US. I'm going to guess their routers prevents peer-to-peer connections.
    – ernie
    Commented Nov 16, 2012 at 22:21
-1

It is a bad error message. Those ssh errors can lead you to believe there is a network problem when there is not one. The route to the remote machine may be just fine but iptables blocking ssh back then (and still today on CentOS6.7) would give ssh: connect to host ec239dict port 22: No route to host

If other TCP traffic reliably makes it to the machine, then it is not a network route problem. Besides ssh, what other services have you tried to test connectivity? http? ping? tracepath? A web server would run just fine but ssh does not work.

The following /etc/sysconfig/iptables file is from a CentOS6.7 (December 2015) machine and ssh connection attempts to this machine result in ssh: connect to host ec239dict port 22: No route to host The firewall problem is that line 12 which ACCEPTS incoming ssh connections is never reached because it needs to be moved to before the REJECT at line 10. 

 1  # Firewall configuration written by system-config-firewall
 2  # Manual customization of this file is not recommended.
 3  *filter
 4  :INPUT ACCEPT [0:0]
 5  :FORWARD ACCEPT [0:0]
 6  :OUTPUT ACCEPT [0:0]
 7  -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 8  -A INPUT -p icmp -j ACCEPT
 9  -A INPUT -i lo -j ACCEPT
10  -A INPUT -j **REJECT** --reject-with icmp-host-prohibited
11  -A FORWARD -j **REJECT** --reject-with icmp-host-prohibited
12  -A INPUT -m state --state NEW -m tcp -p tcp -**-dport 22 -j ACCEPT**
13  COMMIT

Oddly enough, the ssh error messages get worse, if the firewall port is open but the ssh daemon is NOT running, then the error is
ssh: connect to host ec239dict port 22: Connection refused.
"Connection refused" sure sounds like a firewall blocking the connection attempt, but it in fact is the error message when the firewall is open but the ssh daemon is off. Again, there is a bug in the ssh error messages. Make sure the ssh daemon is running:

netstat -tunap | grep 22
chkconfig --list | grep ssh
/etc/init.d/ssh? status

Now in your case, there is most likely a misconfigured hardware or software firewall somewhere along the path.

Improve this answer
2
  • Yes, it is an answer as it was a problem i commonly had on CentOS and Fedora. When ssh reports "no route to host", it was not a network routing problem at all, but often just an incorrectly configured iptables on the remote host rejecting ssh. Had @Nihar-Siwant reported back his iptables, i may have shown him where the port to open ssh was after the reject all like in this post forums.fedoraforum.org/showthread.php?t=254683.
    – rjt
    Commented Dec 20, 2015 at 22:28
  • In 2011, almost all major Linux distributions had iptables on by default. 'iptables -Ln | grep 22' may have something to do with a firewall.
    – rjt
    Commented Dec 20, 2015 at 23:58

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .