39

There are three machines in this scenario:

  • Desktop A : user@1.23.x.x
  • Laptop A : user@1.23.y.y
  • Machine B : user@192.168.z.z

All the machines have Ubuntu 11.04 (Desktop A is a 64bit one) and have both openssh-server and openssh-client.

Now when I try to connect Desktop A to Laptop A or vice-versa by ssh user@1.23.y.y I get an error as 

port 22: No route to host

in both the cases.

I own both the machines, now if I try same commands from my friend's machine, i.e. via Desktop B, I can access both my Laptop and Desktop. But if I try to access Desktop B from my Laptop or by Desktop I get

port 22: Connection timed out

I even tried changing ssh port no. in ssh_config file but no success.

Note: that 'Laptop A' uses WiFi connection while 'Machine A' uses Ethernet Connection and 'Machine B' is on an entirely different network.

@Lekensteyn Here it is ->

Laptop A && Desktop A -> Router/Nano_Rcvr provided to me by ISP. So to one Router two Machines are connected and can be accessed at the same time. here is my ifconfig output for both the machines :- Laptop

wlan0

      Link encap:Ethernet  HWaddr X:X:X:X:00:bc  
      inet addr:1.23.73.111  Bcast:1.23.95.255  Mask:255.255.224.0
      inet6 addr: fe80::219:e3ff:fe04:bc/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:108409 errors:0 dropped:0 overruns:0 frame:0
      TX packets:82523 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000 
      RX bytes:44974080 (44.9 MB)  TX bytes:22973031 (22.9 MB)

Desktop

eth0

      Link encap:Ethernet  HWaddr X:X:X:X:c5:78  
      inet addr:1.23.68.209  Bcast:1.23.95.255  Mask:255.255.224.0
      inet6 addr: fe80::227:eff:fe04:c578/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:10380 errors:0 dropped:0 overruns:0 frame:0
      TX packets:4509 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000 
      RX bytes:1790366 (1.7 MB)  TX bytes:852877 (852.8 KB)
      Interrupt:43 Base address:0x2000

Output of ip route show

      1.23.64.0/19 dev wlan0  proto kernel  scope link  src 1.23.73.111  metric 2 

      169.254.0.0/16 dev wlan0  scope link  metric 1000

Output of traceroute -n 1.23.73.111

       traceroute to 1.23.73.111 (1.23.73.111), 30 hops max, 60 byte packets
       1  1.23.68.209  3008.787 ms !H  3008.786 ms !H  3008.784 ms !H
Nihar Sawant
  • 513
  • 1
  • 4
  • 7
  • Please correct those IP addresses. Is 1.23.x.x a public IP address? If not, please use 10.x.x.x, 192.168.x.x or 172.16.x.x. Can you ping the other machines? `ping 192.168.x.x` – Lekensteyn Jul 21 '11 at 09:44
  • Sounds weird but its a public IP Addr if u want I can give you 'ifconfig' output. No I cant Ping both my machines it says 'Destination Host Unrechable' Though I can ping my friend's machine – Nihar Sawant Jul 21 '11 at 09:50
  • 1
    Could you draw your network setup? ASCII art will be fine. You need to include the machines, the "internet" and involved (home) routers/modems. – Lekensteyn Jul 21 '11 at 09:51
  • 2
    I agree with @Lekensteyn. These problems are most commonly NAT/forwarding issues. Explain your network structure and we can probably help. – Oli Jul 21 '11 at 10:14
  • @Lekensteyn check out my updated Post – Nihar Sawant Jul 21 '11 at 10:51
  • @dewbot What about desktop B? 192.168.0.0/16 is a private IP range. If your friends desktop is not inside your network, you need to get him forward his ports correctly (NAT setup) and get his public IP address. – Lekensteyn Jul 21 '11 at 10:56
  • well thats not a concern, I was just checking if I can connect to my machines or not. We both have diff ISPs. Main issue with my two Machines. – Nihar Sawant Jul 21 '11 at 11:11
  • @dewbot, by the way, your MAC address is still visible in the IPv6 address because the privacy extension is disabled. Could you add the output of `ip route show`, and also install `traceroute` and provide the output of `traceroute -n 1.23.73.111`? – Lekensteyn Jul 21 '11 at 12:00
  • can you check settings on your router for something like "client isolation" ? I tried to ping you, (UTC 12:01), desktop was unaccesible, notebook replied. Was desktop running at that time ? – Denwerko Jul 21 '11 at 12:02
  • @Denwerko Desktop is switched off now! – Nihar Sawant Jul 21 '11 at 12:07
  • @dewbot I forgot to mention that you should run the `traceroute` command on the other machine. Please add the output of the commands to your command, do not comment it. – Lekensteyn Jul 21 '11 at 12:29
  • :p well even I was wondering what are you going to get by tracing the route of own machine. Anyways have a look at the edits – Nihar Sawant Jul 21 '11 at 12:52
  • I seem to have this error after I forgot to close an SSH session. When I close my laptop with an SSH session open, it hangs when I open it again some time later, when I try to setup a new connection, I got No route to host. Sometimes I get a connection timed out as well. After waiting for a long time, it works fine again... – Steven Roose May 25 '13 at 15:59

8 Answers8

23

The routes look fine. I'll assume that those IP addresses are private ones (LAN) and not public accessible.

Since you're connected in different ways to the network (wifi / wired), it's very likely that your router has separated wired / wireless networks. Try connecting both of them on a wired (or wireless) connection. Another possibility is that a firewall on the Ubuntu machines is blocking connections.

Otherwise, configure your router to use the same network (subnet) for wireless and wired connections. Also make sure that the router does not block client-to-client communication.

Your router is possibly dropping all unsolicited packets, that's why your friend gets a "connection timed out" message on your public IP address. Configure NAT port forwarding so that the public IP address + port combination forwards to your LAN address.

Example network:

YOUR NETWORK (A)
    Router A (public address: 198.51.100.1)
    Desktop A - 10.0.0.2
    Laptop  A - 10.0.0.3

YOUR FRIENDS NETWORK (B)
    Router B (public address: 203.0.113.1)
    Machine B - 192.168.0.2

On Router A, setup NAT forwarding:

To make your desktop accessible:
  forward the public port 22 to 10.0.0.2
To make your laptop accessible:
  forward the public port 2222 to 10.0.0.3

If you've a firewall (ufw, iptables, ...) on the machines set, allow incoming traffic to port 22 (Desktop A) and port 2222 (Laptop A).

The desktop can now be accessed using SSH with:

ssh user@198.51.100.1 -p 22

The laptop can now be accessed using SSH with:

ssh user@198.51.100.1 -p 2222

If you want to access your friends machine, apply these instructions to his machine + router.

Lekensteyn
  • 171,743
  • 65
  • 311
  • 401
4

i had a similar problem. One machine on wire one wireless. I found a tickbox in my router besides "seperate ips for lan and wlan" and ticked it off. Now i can login to the wireles computer. Before that i got the error message "No route to host".

smev9
  • 41
  • 1
1

In my case there was a Docker network on the same CIDR as my VPN.

I used the following command to figure out which network, and then I removed it:

docker inspect $(docker network ls -q) | jq '.[] | {name: .Name, cidr: .IPAM.Config[0].Subnet}'

After that it worked fine.

BeastOfCaerbannog
  • 12,964
  • 10
  • 49
  • 77
M.Vanderlee
  • 111
  • 2
1

Check the ssh check box while installing RHEL. I did not check it and causing the same issue. Please check that parameter

Mayur Sawant
  • 73
  • 1
  • 1
  • 6
1

I got the same issue myself now on a vps, and its completely weird, never seen anything like it.

I am an experienced server admin and this sort of error is normally cut and dry.

No route to host means the server doesnt know how to route the packet (routing table, however I have never seen it only occur on one protocol and not another).

In my case.

No NAT Internet connection. No IPTABLES Ping works I can connect to ip's either side of the broken ip. The broken ip says "no route to host" on any tcp port.

This suggests either something in the middle is returning the error code or a bug in the OS with the routing table.

Note the error is instant, not a delay meaning the rejection is local. But thats all I can diagnose.

root@vps1 network # telnet 83.149.xx.xx 23
Trying 83.149.xx.xx...
telnet: Unable to connect to remote host: No route to host
root@vps1 network # telnet 83.149.xx.xx 80
Trying 83.149.xx.xx...
telnet: Unable to connect to remote host: No route to host
root@vps1 network # ping 83.149.xx.xx
PING 83.149.xx.xx (83.149.xx.xx) 56(84) bytes of data.
64 bytes from 83.149.xx.xx: icmp_seq=1 ttl=56 time=8.89 ms
64 bytes from 83.149.xx.xx: icmp_seq=2 ttl=56 time=7.93 ms
Mostafa Ahangarha
  • 4,358
  • 7
  • 35
  • 51
ChrisC79
  • 11
  • 1
0

I would weirdly get this error even after successfully running SSH between my PC and raspberry Pi. What fixes it for me is turning wifi off and on (both client and host), restarting your terminal and using new ip addresses.

Josh
  • 111
  • 4
0

I was facing the issue with Docker network as well and M.Vanderlee's answer helped me identify which of my networks was causing the issue. Unfortunately it was my Docker default bridge network and I'm not supposed to delete it. (Trying to delete your default network throw's the error Error response from daemon: bridge is a pre-defined network and cannot be removed.

So, in order to resolve the issue, I had to change the CIDR of the default bridge network. Here's how to do it - Edit the /etc/docker/daemon.json (creating a file with this name if it doesn't exist is OK) file and change the default-address-pools value there to anything other than what you would want to connect to outside the world of Docker, and restart Docker daemon. Following is an example of the file contents:

{
 "default-address-pools":
 [
 {"base":"10.2.0.0/16","size":24}
 ]
}
Vishwas M.R
  • 101
  • 1
-3

If you have changed/replaced your system hard drive incase then try removing the hostkey from .ssh/known_hosts file then try connecting again.

Ratiranjan Kar
  • 9