MX Linux Forum

New server, Bookworm. Everything works except remote ssh into it. It can get out to other machines, it can ping all the other machines. All other machines can ping it.
I have removed openssh and reinstalled it twice and get the same behavior. I am a longtime linux user, over 20 years and this is the first time I have ever been stumped by ssh. Nothing in the logs that I can find. ss -plnt shows ssh is bound to 0.0.0.0:22 peer address:port is 0.0.0.0:* (normal)

Any help, suggestions are greatly appreciated.

PK in California


The thought that a firewall occurred to me as I was eating lunch. Thank you for your replies, confirmed my decision to check it. I checked it, it's now disabled, Somewhere I feel a newbie should be informed that it is what it is at initial install..

I'm really curious as to why these 2 addresses are allowed, I would think that if you are going to make the initial state "secure" nothing would be allowed.
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT-

Please post your QSI ( MX Menu | Quick System Info | Copy for Forum | paste here )

Have you tried turning off the firewall to see if that is blocking you?

Just by the way: Maybe MX Team reconsiders changing back to ufw not enabled by default as it seems to be causing more confusions than the advantages, many users (or new users) do not know that ... The old ootb setting used to be ok for most daily/average/home/non-professional users.. just a humble opinion.

I think people who set up services like this should learn how to allow them though the firewall. Yes, it's not "user friendly" but most of the grandmas would probably not set up OpenSSH servers.

Adrian wrote: Sat May 18, 2024 2:58 pm... most of the grandmas would probably not set up OpenSSH servers.

In the meantime, the reasoning for the average users (the old setting being ok) is this:

man ufw wrote:
ufw is disabled with a default incoming policy of deny, a default forward policy of deny, and a default outgoing policy of allow ...

which looks "not bad" :)

Adrian wrote: Sat May 18, 2024 2:58 pm I think people who set up services like this should learn how to allow them though the firewall. Yes, it's not "user friendly" but most of the grandmas would probably not set up OpenSSH servers.

MX User Manual - section 4.5.1 Firewall

MX User Manual wrote:You may want or need to change this default configuration:

• It may be blocking services like Samba, SSH, VNC, KDE Connect or network printers.

More detail - ‘4.5.1 Uncomplicated Firewall (UFW) Configuration‘

Ubuntu Documentation - GUFW (official doc website)

See original, edited it.

I'm really curious as to why these 2 addresses are allowed, I would think that if you are going to make the initial state "secure" nothing would be allowed.
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT

I didn't check but I doubt we have that by default on our ISO, sounds more like something you added that open those ports on your system, one seems to be Avahi (possibly a Plex server) and the other one is for UPnP

Adrian wrote: Sat May 18, 2024 6:31 pm

I'm really curious as to why these 2 addresses are allowed, I would think that if you are going to make the initial state "secure" nothing would be allowed.
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT

I didn't check but I doubt we have that by default on our ISO, sounds more like something you added that open those ports on your system, one seems to be Avahi (possibly a Plex server) and the other one is for UPnP

Avahi is an mDNS client and is installed by default. These ports are designed to allow your machine to run services that let it function reasonably in an ad hoc network without DHCP. If you don't want them, remove them.