Wednesday, May 18, 2016

networking - SSH client refuses to connect to any server (Connection refused)



Out of nowhere, my SSH client decided to stop connecting to any server (whether it is an SSH server or not) and output the following error:



ssh: connect to host x.x.x.x port 22: Connection refused



Mind you, this is not a simple setup error. I am fully aware that an SSH server is running on hosts that I try to connect to, evident by the following:




➜  ~ sudo nmap -sS 192.168.0.200
Password:

Starting Nmap 7.01 ( https://nmap.org ) at 2018-04-01 10:58 IST
Nmap scan report for 192.168.0.200
Host is up (0.0035s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh <========================
80/tcp open http

81/tcp open hosts2-ns
443/tcp open https
MAC Address: B8:27:EB:7C:24:64 (Raspberry Pi Foundation)

Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds


I can also telnet into it successfully (no "connection refused" message)



➜  ~ telnet 192.168.0.200 22

Trying 192.168.0.200...
Connected to 192.168.0.200.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u2


However...



➜  ~ ssh srv@192.168.0.200
ssh: connect to host 192.168.0.200 port 22: Connection refused



This shows that it is not an error with my server, or even my machine per se, but with the SSH client as it is unable to connect to a port which is clearly open and an SSH service port. Interestingly, it fails with ANY address, regardless of whether it's even reachable or not, which further makes me think this is a problem with my SSH client and not firewall:



➜  ~ ssh 1.1.1.1
ssh: connect to host 1.1.1.1 port 22: Connection refused
➜ ~ ssh 23.23.23.23
ssh: connect to host 23.23.23.23 port 22: Connection refused
➜ ~ ssh 232.221.231.3
ssh: connect to host 232.221.231.3 port 22: Connection refused

➜ ~ ssh 192.168.0.0
ssh: connect to host 192.168.0.0 port 22: Connection refused
➜ ~ ssh 123.123.0.1
ssh: connect to host 123.123.0.1 port 22: Connection refused


How is this even possible? SSH doesn't even attempt the connection and claims "connection refused". What can possibly be the culprit?



Additional info:




➜  ~ uname -a
Darwin MacBook-Air.local 17.4.0 Darwin Kernel Version 17.4.0: Sun Dec 17 09:19:54 PST 2017; root:xnu-4570.41.2~1/RELEASE_X86_64 x86_64

Answer



It turned out to be an easy fix. If there is anyone else going through this, consider the following...



Earlier, I had enabled SOCKS proxying in the macOS Network Preferences > Advanced ... > Proxies > SOCKS Proxy. It looked like this:



enter image description here




Long story short, this server was no longer running, so proxy connections to loopback were unsuccessful. The reason Chrome, Telnet, and Nmap worked was because they did not respect the macOS SOCKS proxy setting. Any applications which actually respected these settings (such as ssh) were unable to access the Internet, which is why SSH connections were failing.



I'm not 100% sure why SSH came up with "connection refused" instead of some generic "unreachable" error, but I know that the SOCKS proxy was the reason. If the same happens to you, try checking your proxy settings!


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...