Sunday, May 5, 2024
Homepage · ssh
 Popular · Latest · Hot · Upcoming
3
rated 0 times [  3] [ 0]  / answers: 1 / hits: 40101  / 3 Years ago, sun, september 19, 2021, 12:19:52

I tried to use set up git and use it for github, then when I followed the help doc, but when I got to step 5 of the set up ssh keys section :Test everything out , When I used this command: ssh -T [email protected] I got an error:




ssh: connect to host github.com port 22: No route to host




Then I used this command:



ssh -vT [email protected]


Here is what I got:



OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011

debug1: Reading configuration data /home/jacos/.ssh/config

debug1: Applying options for github.com

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Connecting to github.com [207.97.227.239] port 22.

debug1: connect to address 207.97.227.239 port 22: No route to host

ssh: connect to host github.com port 22: No route to host


I googled for a while and found I have to check if the iptables blocked the port.
So here is the result:



~$ sudo /sbin/iptables -L -n

[sudo] password for jacos: 

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:67 

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:67 

ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53 

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53 



Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  0.0.0.0/0            10.42.43.0/24       state RELATED,ESTABLISHED 

ACCEPT     all  --  10.42.43.0/24        0.0.0.0/0           

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination


And I tried the command suggested by Gilles: 



tcptraceroute github.com 22


Here is what I got:



Selected device eth0, address 222.20.58.XX(sorry...I masked part of my ip), port 33281 for outgoing packets

Tracing the path to github.com (207.97.227.239) on TCP port 22 (ssh), 30 hops max

 1  222.20.58.254  0.891 ms  0.850 ms  0.693 ms

 2  zxq-xs-h3c7510e.hust.edu.cn (115.156.255.137)  1.253 ms  1.569 ms  2.837 ms

 3  zxq-xs-rjs8606.hust.edu.cn (115.156.255.130)  0.729 ms  0.678 ms  0.629 ms

 4  115.156.255.174  0.794 ms  6.279 ms  16.569 ms

 5  * * *

 6  * * *

 7  * * *

 8  * * *

 9  * * *

10  * * *

11  * * *

12  * * *

13  * * *

14  * * *

15  * * *

16  * * *

17  * * *

18  * * *

19  * * *

20  * * *

21  * * *

22  * * *

23  * * *

24  * * *

25  * * *

26  * * *

27  * * *

28  * * *

29  * * *

30  * * *

Destination not reached


It seems that the route is stopped at 115.156.255.174, which I don't know where it is.



I can't figure out what it means. Does it block port 22?



By the way, I can access the Internet and visit github.com. And I am using Ubuntu 11.10.



Can anyone help with this? Thanks!


More From » ssh
 Answers
3

Your INPUT chain accepts everything. You haven't shown your OUTPUT chain, but I'll assume that it accepts everything too. This implies that the connection is blocked somewhere between you and Github. It is possible that your school's firewall blocks outgoing connections to port 22.



You can get a better idea of where your packets are intercepted by installing tcptraceroute Install tcptraceroute and running tcptraceroute github.com 22.



Ask your school's administrator to open port 22, or at least (if they're reluctant) port 22 to github.com. Your use of the network is a serious use, which should be allowed to students.



If the administrators do not budge, and you use a proxy to connect to the web, you might be able to get the proxy to relay traffic (it may or may not work, depending on how the proxy is configured). See Is it possible to SSH through port 80?



By the way, your INPUT chain allows all incoming traffic, since you only have ACCEPT rules and an ACCEPT policy. A typical rule set would block incoming UDP traffic on non-vetted ports and block incoming TCP connections on non-vetted ports:



iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -p udp --dport 53 -j ACCEPT

iptables -A INPUT -p udp --dport 123 -j ACCEPT

iptables -P INPUT DROP

[#38469] Tuesday, September 21, 2021, 3 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
lassrake
Add To Favorites
Follow
Total Points: 400
Total Questions: 103
Total Answers: 98
Location: Netherlands
Member since Mon, Jun 22, 2020
4 Years ago
;