SSH Connection Error : No route to host

3

1

There are three machines in this scenario:

  • Desktop A : user@1.23.x.x
  • Laptop A : user@1.23.y.y
  • Machine B : user@192.168.z.z

All the machines have Ubuntu 11.04 (Desktop A is a 64bit one) and have both openssh-server and openssh-client.

Now when I try to connect Desktop A to Laptop A or vice-versa by ssh user@1.23.y.y I get an error as 

port 22: No route to host

in both the cases.

I own both the machines, now if I try same commands from my friend's machine, i.e. via Desktop B, I can access both my Laptop and Desktop. But if I try to access Desktop B from my Laptop or by Desktop I get

port 22: Connection timed out

I even tried changing ssh port no. in ssh_config file but no success.

Note: that 'Laptop A' uses WiFi connection while 'Machine A' uses Ethernet Connection and 'Machine B' is on an entirely different network.

Laptop A && Desktop A -> Router/Nano_Rcvr provided to me by ISP. So to one Router two Machines are connected and can be accessed at the same time. here is my ifconfig output for both the machines :- Laptop

wlan0

Link encap:Ethernet  HWaddr X:X:X:X:00:bc  
inet addr:1.23.73.111  Bcast:1.23.95.255  Mask:255.255.224.0
inet6 addr: fe80::219:e3ff:fe04:bc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:108409 errors:0 dropped:0 overruns:0 frame:0
TX packets:82523 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000 
RX bytes:44974080 (44.9 MB)  TX bytes:22973031 (22.9 MB)

Desktop

eth0

Link encap:Ethernet  HWaddr X:X:X:X:c5:78  
inet addr:1.23.68.209  Bcast:1.23.95.255  Mask:255.255.224.0
inet6 addr: fe80::227:eff:fe04:c578/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:10380 errors:0 dropped:0 overruns:0 frame:0
TX packets:4509 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000 
RX bytes:1790366 (1.7 MB)  TX bytes:852877 (852.8 KB)
Interrupt:43 Base address:0x2000

Nihar Sawant

Posted 2011-07-21T09:43:45.900

Reputation: 171

2This isn't a problem with SSH, it's a problem with your network config. You're looking in the wrong place. No route to host means that your machine can't work out how to route traffic of any kind to the other machine. Look again at the network config, make sure that's in order before you try and fix ssh. – EightBitTony – 2011-07-21T10:22:00.087

I posted same Q in Stackoverflow and they told me to put it in superuser. If you know how solve this prob can u gimme resources to look for the answer. – Nihar Sawant – 2011-07-21T10:34:00.807

Okay is machine B on a different Network but is connected to the same router? Im guessing all the IPS are internal not external, What are the actual networks these machines are on as 1.23.x.x isnt a valid internal range so i'm guessing you put that just for this question? It would help to have the actual addresses your using. Ping results etc... – squareborg – 2011-07-21T10:52:45.803

well my friend's router is nt same as mine. His ISP is also completely diff. Check out the Edits which I have added you will get a better idea about it – Nihar Sawant – 2011-07-21T11:10:32.100

Does the problem go away if you boot your MacBook back into Mac OS X? – Spiff – 2011-07-21T12:20:46.900

how u came to know that I'm using Ubuntu in MacBook? Well MacOS X in my machine is quite old so I don't use it at all. I only use Ubuntu. – Nihar Sawant – 2011-07-21T12:40:07.843

2Your MAC address (Ethernet Media Access Controller hardware address, not Macintosh) is encoded into your statelessly autoconfigured IPv6 link-local address, and the first half of any MAC address is a vendor identifier called an Organizationally Unique Identifier or OUI, that you can look up on the IEEE website. Your desktop's NIC is from Intel or uses an Intel chipset. – Spiff – 2011-07-21T18:26:20.987

1If this is a public wireless router (which it sounds like since they advertise OFDM/MIMO), it is likely configured to prevent peer-to-peer connections on the intranet – ernie – 2012-11-16T22:18:05.293

Answers

-1

These kinds of partial-connectivity problems with wireless involved usually come down to broken multicast handling causing ARPs not to get through reliably.

See the troubleshooting steps I recommended in this Answer: WiFi Network is fine for Macbook Pro and Win XP, but Win Vista "Limited Connectivity"

Spiff

Posted 2011-07-21T09:43:45.900

Reputation: 84 656

This is a link-only answer to another Super User answer.

– JakeGould – 2015-12-20T16:31:32.143

well I can't understand most ;) of the part except WPA/WPA2 one. See my ISP is Tikona Digital Networks. So if some one wants to use WiFi Tikona provides a WiFi Dialer which is available only for Windows. So couple of days ago I figured out how to use WiFi Connection from Ubuntu n I wrote a blog too on it http://dewbot.posterous.com/hacking-tikona-wifi-to-get-wifi-access-from-u check it. Tht might help u about understanding my connection. Otherwise I tried changing WPA2 to WEP but its not working. I cant even establish the connection.

– Nihar Sawant – 2011-07-21T12:35:50.420

So you're using a public Wi-Fi hotspot network or something? Or your ISP doesn't let you change the settings of your Wi-Fi router? My Answer assumed you have the ability to reconfigure your own Wi-Fi router. – Spiff – 2011-07-23T05:28:57.773

1@Spiff looks like it's a wireless ISP connection utilizing MIMO, probably similar to what Clearwire used to offer in the US. I'm going to guess their routers prevents peer-to-peer connections. – ernie – 2012-11-16T22:21:18.843

-1

It is a bad error message. Those ssh errors can lead you to believe there is a network problem when there is not one. The route to the remote machine may be just fine but iptables blocking ssh back then (and still today on CentOS6.7) would give ssh: connect to host ec239dict port 22: No route to host

If other TCP traffic reliably makes it to the machine, then it is not a network route problem. Besides ssh, what other services have you tried to test connectivity? http? ping? tracepath? A web server would run just fine but ssh does not work.

The following /etc/sysconfig/iptables file is from a CentOS6.7 (December 2015) machine and ssh connection attempts to this machine result in ssh: connect to host ec239dict port 22: No route to host The firewall problem is that line 12 which ACCEPTS incoming ssh connections is never reached because it needs to be moved to before the REJECT at line 10. 

 1  # Firewall configuration written by system-config-firewall
 2  # Manual customization of this file is not recommended.
 3  *filter
 4  :INPUT ACCEPT [0:0]
 5  :FORWARD ACCEPT [0:0]
 6  :OUTPUT ACCEPT [0:0]
 7  -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 8  -A INPUT -p icmp -j ACCEPT
 9  -A INPUT -i lo -j ACCEPT
10  -A INPUT -j **REJECT** --reject-with icmp-host-prohibited
11  -A FORWARD -j **REJECT** --reject-with icmp-host-prohibited
12  -A INPUT -m state --state NEW -m tcp -p tcp -**-dport 22 -j ACCEPT**
13  COMMIT

Oddly enough, the ssh error messages get worse, if the firewall port is open but the ssh daemon is NOT running, then the error is
ssh: connect to host ec239dict port 22: Connection refused.
"Connection refused" sure sounds like a firewall blocking the connection attempt, but it in fact is the error message when the firewall is open but the ssh daemon is off. Again, there is a bug in the ssh error messages. Make sure the ssh daemon is running:

netstat -tunap | grep 22
chkconfig --list | grep ssh
/etc/init.d/ssh? status

Now in your case, there is most likely a misconfigured hardware or software firewall somewhere along the path.

rjt

Posted 2011-07-21T09:43:45.900

Reputation: 878

This is not an answer. This is a comment. If you found something helpful to you, then you should just up vote that question or answer. If you want to leave a comment, you should leave a comment. – JakeGould – 2015-12-20T16:29:07.243

Yes, it is an answer as it was a problem i commonly had on CentOS and Fedora. When ssh reports "no route to host", it was not a network routing problem at all, but often just an incorrectly configured iptables on the remote host rejecting ssh. Had @Nihar-Siwant reported back his iptables, i may have shown him where the port to open ssh was after the reject all like in this post http://forums.fedoraforum.org/showthread.php?t=254683.

– rjt – 2015-12-20T22:28:06.287

No this is not an answer. Your supposed answer is just a series of questions that should have been posted as a comment—and you definitely have enough rep to post a comment—and does not include any information on your IPTables ideas/insight and there is utterly no indication the original poster had IPTables—or any firewall—even running on their machine. – JakeGould – 2015-12-20T22:37:53.627

In 2011, almost all major Linux distributions had iptables on by default. 'iptables -Ln | grep 22' may have something to do with a firewall. – rjt – 2015-12-20T23:58:16.323

@JakeGould, "Those ssh errors can lead you to believe there is a network problem when there is not one" was the leading sentence in the original answer. – rjt – 2015-12-21T00:43:50.537

Asked: 2011-07-21T09:43:45.900

Viewed: 4 396 times

Active: 2015-12-21T01:03:41.343