ssh passwordless, all is set, but connection timeout

0

I am trying to set up passwordless connection between two server, backup and prod.

prod can connect passwordless without problem to backup, but if I try the opposite way, I just get timeout.

prod$ ls ~/.ssh/authorized_keys
backup.pub

backup$ ls ~/.ssh/authorized_keys
prod.pub

prod$ ssh backup
Welcome to Ubuntu 13.04 (GNU/Linux 3.8.0-31-generic x86_64)
...

backup$ ssh prod
ssh: connect to host XXX.XXX.XXX.XXX port 22: Connection timed out

What am I missing? Also, obviously I can t reboot prod.

EDIT:

backup$ ssh -v root@XXX.XXX.XXX.XXX
OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to XXX.XXX.XXX.XXX [XXX.XXX.XXX.XXX] port 22.
debug1: connect to address XXX.XXX.XXX.XXX port 22: Connection timed out
ssh: connect to host XXX.XXX.XXX.XXX port 22: Connection timed out

When using tail -f, this appear after the timeout:

Apr  3 11:35:01 sd-39181 CRON[33009]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  3 11:35:01 sd-39181 CRON[33009]: pam_unix(cron:session): session closed for user root

DrakaSAN

Posted 2014-04-03T08:56:20.263

Reputation: 370

Answers

0

Try the following:

  1. get verbose output to see what is happening

    prod$ ssh -v backup

  2. use username and ip just to be sure you're connecting with the right stuff

    prod$ ssh -v user_name@prod_ip

  3. check you have the right corresponding private keys on the servers

  4. also ~/.ssh/authorized_keys should be a file with one key per line

  5. check permissions

  6. check your access logs i.e. on Ubuntu

    prod$ tail -f /var/log/auth.log

franklin

Posted 2014-04-03T08:56:20.263

Reputation: 16

1.I ll edit my post when I ll have the full output. 2. Will do. 3. How can I test that? 4. On both server, authorized_keys is a directory... Strange. 5. Will do. 6. Will post. – DrakaSAN – 2014-04-03T09:29:43.547

do you have a firewall running? can you check if your port is open netstat -na | grep 22 – franklin – 2014-04-03T10:00:48.363

1

A timeout indicates there is a connection problem. The system cannot set up a TCP connection and doesn't get an ICMP error message (like reject, prohibited or unreachable). This is probably because a firewall blocks your connection. It might also be a good idea to check iptables on the machine with sudo iptables -nvL.

You can check the TCP connection by telnetting to the host on port 22: telnet prod 22. It's probably best to ask your firewall administrators what the problem might be.

mtak

Posted 2014-04-03T08:56:20.263

Reputation: 11 805

Asked: 2014-04-03T08:56:20.263

Viewed: 1 561 times

Active: 2014-04-03T10:15:24.383