Join Log in
Score:2
Helga Cassol avatar Ubuntu

ssh: connect to host IP port 22: Connection refused

iq flag
Helga Cassol

I'm trying to connect my laptop to another workstation with SSH protocol. On both of my Windows PCs I installed Ubuntu to work from the terminal (WSL). I've followed tutorials found online to do the installation and the configuration but it gave me this error.

I've already checked if the ssh service is running on both of PCs and if the port 22 is listening.

$ sudo ss -tulpn | grep :22
tcp   LISTEN 0      128          0.0.0.0:22        0.0.0.0:*    users:(("sshd",pid=227,fd=3))
tcp   LISTEN 0      128             [::]:22           [::]:*    users:(("sshd",pid=227,fd=4))

$ systemctl status sshd.service
● ssh.service - OpenBSD Secure Shell server
         Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
         Active: active (running) since Thu 2023-03-09 10:19:13 CET; 3h 7min ago
           Docs: man:sshd(8)
                 man:sshd_config(5)
       Main PID: 227 (sshd)
          Tasks: 1 (limit: 4031)
         Memory: 8.1M
         CGroup: /system.slice/ssh.service
                 └─227 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
Mar 09 10:19:13 LAPTOP-69 systemd[1]: Started OpenBSD Secure Shell server.
Mar 09 10:21:10 LAPTOP-69 sshd[466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1  user=helga_cassol
Mar 09 10:21:12 LAPTOP-69 sshd[466]: Failed password for helga_cassol from 127.0.0.1 port 52396 ssh2
Mar 09 10:21:25 LAPTOP-69 sshd[466]: Failed password for helga_cassol from 127.0.0.1 port 52396 ssh2
Mar 09 10:21:29 LAPTOP-69 sshd[466]: Accepted password for helga_cassol from 127.0.0.1 port 52396 ssh2
Mar 09 10:21:29 LAPTOP-69 sshd[466]: pam_unix(sshd:session): session opened for user helga_cassol(uid=1000) by (uid=0)
Mar 09 10:24:21 LAPTOP-69 sshd[531]: Accepted password for helga_cassol from 127.0.0.1 port 60782 ssh2
Mar 09 10:24:21 LAPTOP-69 sshd[531]: pam_unix(sshd:session): session opened for user helga_cassol(uid=1000) by (uid=0)
Mar 09 10:56:00 LAPTOP-69 sshd[5741]: Accepted password for helga_cassol from 127.0.0.1 port 57428 ssh2
Mar 09 10:56:00 LAPTOP-69 sshd[5741]: pam_unix(sshd:session): session opened for user helga_cassol(uid=1000) by (uid=0)

Another check:

$ sudo ss -tulpn
Netid            State              Recv-Q             Send-Q                         Local Address:Port                         Peer Address:Port            Process
udp              UNCONN             0                  0                              127.0.0.53%lo:53                                0.0.0.0:*                users:(("systemd-resolve",pid=96,fd=13))
udp              UNCONN             0                  0                                  127.0.0.1:323                               0.0.0.0:*
udp              UNCONN             0                  0                                      [::1]:323                                  [::]:*
tcp              LISTEN             0                  4096                           127.0.0.53%lo:53                                0.0.0.0:*                users:(("systemd-resolve",pid=96,fd=14))
tcp              LISTEN             0                  128                                  0.0.0.0:22                                0.0.0.0:*                users:(("sshd",pid=227,fd=3))
tcp              LISTEN             0                  128                                     [::]:22                                   [::]:*                users:(("sshd",pid=227,fd=4))

I've also already checked the firewall with sudo ufw status and it's inactive.

With the command ifconfig I checked the IP address for Ubuntu but if I try to ping this IP my laptop doesn't find the server.

If I use the Windows IP, I can ping the server.

So it seems that the correct IP to use is the Windows IP and not the IP created for Ubuntu.

But when I do:

ssh -vvv helga_cassol@10.x.x.xx

This is the result:

OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include 
/etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 10.0.0.79 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> 
'/home/helga_cassol/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> 
'/home/helga_cassol/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 10.0.0.79 [10.0.0.79] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: connect to address 10.0.0.79 port 22: Connection refused
ssh: connect to host 10.0.0.79 port 22: Connection refused

If I use the Ubuntu IP address with the same command:

ssh helga_cassol@172.xx.xxx.xx

This is the result:

connect to host 172.xx.xxx.xx port 22: Connection timed out

Do you have some ideas? Thank you in advance.

1943
1 + 1
ssh
andrew.46 avatar
in flag
andrew.46
**Comments have been [moved to chat](https://chat.stackexchange.com/rooms/144489/discussion-on-question-by-helga-cassol-ssh-connect-to-host-ip-port-22-connecti); please do not continue the discussion here.** Before posting a comment below this one, please review the [purposes of comments](/help/privileges/comment). Comments that do not request clarification or suggest improvements usually belong as an [answer](/help/how-to-answer), on [meta], or in [chat]. Comments continuing discussion may be removed.
0
Reply
Score:3
NotTheDr01ds avatar Ubuntu
vn flag
NotTheDr01ds

Short answer (TL;DR)

My preferred method, detailed below, is to install the Windows OpenSSH server and use it as a jump host to access Ubuntu in WSL2. Don't let the length of this answer scare you. I just tend to explain in (perhaps too much) detail ... ;-)

Explanation

The core issue here is that WSL2 is on a separate, NAT'd, virtual network inside a Hyper-V virtual machine on the Windows system. That means that we have to provide a route via tunnel, proxy, or forwarding from the "real" network to this virtual network where Ubuntu resides.

There have been several solutions to this over the years, but the best ones (IMHO) no longer (at least currently) work with the latest version of WSL installed from the Microsoft Store.

Most solutions rely on port forwarding, as with the tutorial you mentioned in the comments. Historically, that has been complicated by WSL2 using a different IP address each time it starts (also mentioned in that tutorial). However, there's some good news on that front -- The latest WSL release (starting with 1.1.0) in the Microsoft Store now attempts to use the same IP address on each restart. So if you want to use the netsh interface portproxy method mentioned in that tutorial (and also the WSL docs), you can in theory do it once without needing to worry about "per reboot" mechanics.

The Process

That said, for SSH into WSL2, I still prefer using a simple SSH jump host. I'll cover a version of this setup here in this answer, but if you want to configure SSH keys, also see my original Super User answer on the topic.

For password based (non-key)

  • One time installation/configuration of the Windows OpenSSH server. Full instructions in the link, but essentially, in an Admin PowerShell:

    # Install the feature:
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

# Start the sshd service
Start-Service sshd

# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'

# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}

  • One-time configuration of the Ubuntu OpenSSH server -- Essentially edit /etc/ssh/sshd_config to modify the port number. I'll use 2222 for example below. Restart the service, of course (sudo systemctl restart ssh if using Systemd; sudo service ssh restart if not).

For the examples below, I'm going to assume that:

  • Your Windows host with the Ubuntu that you want to access is named Bubblegum and it is accessed on the network as bubblegum.local (an mDNS name), but you can also substitute IP address here.
  • Your username on the Windows host is helga
  • Your Ubuntu username is hc
  • Your Ubuntu SSH port set up above is 2222.

Then you can access Ubuntu through SSH from another system on the network via something like:

ssh -J helga@bubblegum.local -p 2222 hc@localhost

This tells SSH to first login to the jump host (the Windows SSH server), then connect from that host to localhost:2222, which is the Ubuntu SSH server. If your usernames are all the same, you can omit them entirely. So it can be as clean as:

ssh -J bubblegum.local -p 2222 localhost

You can simplify it even further with a ~/.ssh/config file for the clients.

Host bubblegum_ubuntu  # Can be whatever you want
Hostname localhost
User hc # If needed
Port 2222
ProxyJump helga@bubblegum.local

# Optional, but useful if you access more than one
# WSL distribution on the system to avoid unnecessary
# man-in-the-middle warnings due to different host keys.
UserKnownHostsFile ~/.ssh/known_hosts_bubblegum_ubuntu

With that in place, you can just:

ssh bubblegum_ubuntu
+ 5
Artur Meinild avatar
vn flag
Artur Meinild
Amazing - hopefully this gets the job done.
0
Reply
ar flag
user68186
A very good answer indeed. I use Windows in Qemu/KVM so I don't need this, but I couldn't help make some stylistic changes. Feel free to revert them if you don't like them.
0
Reply
NotTheDr01ds avatar
vn flag
NotTheDr01ds
@user68186 Thanks! I do agree that the use of headings improves the flow; I just backed it off one-level to start with H2. I know it *seems* like it is semantically correct to start with H1, but the question title itself is already H1 (technically a Stack Exchange bug, IMHO, since the `#` should, as a result, naturally start a H2). That and I think H1 is just too BIG ;-). Also your `{` / `}` really makes me wish we had a Markdown flavor here that supported [callouts](https://docs.readme.com/rdmd/docs/callouts). I've changed that slightly, but it's still not optimal, IMHO.
1
Reply
ar flag
user68186
I have been using H1 in my answers and once someone edited them to H2. I didn't know why, but I didn't revert the edit. Your explanation make sense. I will use H2 from now on. Thanks! **One more thing:** I always forget to restart the sshd service after editing `/etc/ssh/sshd_config` on the rate occasion I need to do it. When I do remember, I have to look up the command. I think adding that command to your answer will help others.
0
Reply
Helga Cassol avatar
iq flag
Helga Cassol
I've tried your solution and it works perfectly. Thank you so much! @NotTheDr01ds
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.