4
2
I want to open a connection to my mac (10.8) via SSH. An SSH-server is installed by default on OSX. Remote login is enabled, so the service is running and I can connect to to localhost via ssh.
The firewall is enabled, and the port for SSH is open. If I connect from another computer on the same local network, I get a connection timeout.
What am I missing here?
NMAP Test
>> nmap -vv -sP 192.168.1.22
Starting Nmap 5.21 ( http://nmap.org ) at 2012-12-30 23:05 CET
Initiating Ping Scan at 23:05
Scanning 192.168.1.22 [2 ports]
Completed Ping Scan at 23:05, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 23:05
Completed Parallel DNS resolution of 1 host. at 23:05, 0.00s elapsed
Nmap scan report for macbook (192.168.1.22)
Host is up (0.0034s latency).
Nmap done: 1 IP address (1 host up) scanned in 0.01 seconds
SPRBRN
Posted 2012-12-30T12:12:14.940
Reputation: 5 185
1How do you connect to the internet? Specifically, are you behind a router? – Dennis – 2012-12-30T12:55:08.503
Both computers are connected to the same router, the mac via wifi. It has worked before, and I can connect from the mac to the other computer using SSH. – SPRBRN – 2012-12-30T16:23:58.293
Try making the two computers listen to different ports. You can add a listening port by adding the line
Listen PORTNUMBERto/etc/ssh/sshd_config. – Dennis – 2012-12-30T16:44:06.767To help diagnose try to nmap to your mac from another computer on the same local network. You should see port 22 open (or whatever you have set it to if you have changed it per Dennis' suggestion above) – sdjuan – 2012-12-30T17:25:10.357
Do you have any other firewalls enabled? Mountain Lion has three built in -- the app firewall that shows in the GUI, and pf and ipfw which are only configurable from the command line or third-party utilities. – Gordon Davisson – 2012-12-30T17:29:35.710
I did an nmap test and posted the results in the question. I tried to telnet to ssh, but no result either. – SPRBRN – 2012-12-30T22:10:53.420
I just turned off the firewall in the system preferences, then tried again, and could connect. So it's a firewall issue - should have tried that earlier! – SPRBRN – 2013-01-11T22:15:18.850
@GordonDavisson - I thought the gui was a front end to ipfw. How can I test if PF is running? If I do "ps aux | grep pf" something about dynamic_pager comes up. When I try that for ipfw, nothing. So when they don't work, and the gui allows for port 22, why doesn't it work? – SPRBRN – 2013-01-11T22:42:01.137
You can check the pf status with
sudo pfctl -s info(look for "Status:" near the top of the results). ipfw is normally enabled (check withsudo sysctl net.inet.ip.fw.enable-- 1 is enabled, 0 disabled), but not doing anything (sudo ipfw listwill give the result "65535 allow ip from any to any"). BTW, in the GUI, did you have "Automatically allow signed software..." disabled? If so, you may also have to explicitly allow the sshd executable through. – Gordon Davisson – 2013-01-12T05:46:08.267Thanks. Pf is disabled. Ipfw is enabled and doing nothing like you said. Automatically allow signed software is disabled, and as you can see above in the screenshot, ssh is enabled. I hope this makes something clear for you, but not for me. I still don't have a clue what to do. – SPRBRN – 2013-01-12T19:38:56.817
"Automatically allow signed software..." shouldn't be necessary for ssh, but try enabling it (& the firewall obviously) and see what happens. Also, try disabling & reenabling remote login (with the firewall enabled as normal). Finally, check /var/log/appfirewall.log and see if it has anything useful. – Gordon Davisson – 2013-01-14T06:35:05.623
1how do you connect over the computer name or the ip of the Mac? – konqui – 2014-01-22T18:08:30.587