Given:
- vm - a WinXPsp3 virtual machine hosted by a Win7sp1 physical machine
- alice is the user on vm
- srv - a Win2008R2sp1 server
- bob is the user on srv
- quake - a linux server
- mark is the user on quake
- Both vm and srv have the same new installation of cygwin (1.7.9) and openssh.
- Firewall service is disabled on vm (and its host) and on srv
- All the machines can be pinged from all the machines.
ssh mark@quakeworks OK from both vm and srv.ssh bob@srvworks OK from both quake and vm.ssh alice@vmworks on the vm itself only, but it fails on the other two machines:
alice@vm ~
$ ssh alice@vm
alice@vm's password:
Last login: Tue Oct 25 23:42:09 2011 from vm.shunra.net
[mark@Quake ~]$ ssh -vvv alice@vm
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to vm [172.30.2.60] port 22.
debug1: connect to address 172.30.2.60 port 22: Connection timed out
ssh: connect to host vm port 22: Connection timed out
bob@Srv ~
$ ssh -vvv alice@vm
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to vm [172.30.2.60] port 22.
debug1: connect to address 172.30.2.60 port 22: Connection timed out
ssh: connect to host vm port 22: Connection timed out
I used ssh-host-config both on vm and srv to configure the ssh to run as a windows service. Besides that I did nothing else.
Can anyone help me troubleshoot this issue?
Thank you very much.
EDIT
The virtual machine software is VMWare Workstation 7.1.4. I think the problem is in its settings, but I have no idea where exactly. The Network Adapter is set to Bridged.
EDIT2
All the machines are located in the company lab, I think all of them are on the same segment, but I may be wrong. Below is the ipconfig /all output for each machine (skipping the linux server). I have deleted the Tunnel adapters to keep the output minimal. If anyone thinks they matter, do tell so and I will post them as well. In addition ping output is given to show that DNS is correct.
Something else, may be relevant, may be not. Doing psexec to srv works OK, whereas to vm failes with Access Denied.
srv:
C:\Windows\system32>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : srv
Primary Dns Suffix . . . . . . . : shunra.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : shunra.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : E4-1F-13-6D-F3-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.30.6.9(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Default Gateway . . . . . . . . . : 172.30.0.254
DNS Servers . . . . . . . . . . . : 172.30.1.1
172.30.1.2
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\Windows\system32>ping vm
Pinging vm.shunra.net [172.30.2.60] with 32 bytes of data:
Reply from 172.30.2.60: bytes=32 time=1ms TTL=128
Reply from 172.30.2.60: bytes=32 time=4ms TTL=128
Reply from 172.30.2.60: bytes=32 time<1ms TTL=128
Reply from 172.30.2.60: bytes=32 time<1ms TTL=128
Ping statistics for 172.30.2.60:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 4ms, Average = 1ms
C:\Windows\system32>
vm:
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : vm
Primary Dns Suffix . . . . . . . : shunra.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : shunra.net
shunranet
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : shunranet
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-8F-A0-0B
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 172.30.2.60
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Default Gateway . . . . . . . . . : 172.30.0.254
DHCP Server . . . . . . . . . . . : 172.30.1.1
DNS Servers . . . . . . . . . . . : 172.30.1.1
172.30.1.2
Lease Obtained. . . . . . . . . . : Tuesday, October 25, 2011 18:16:34
Lease Expires . . . . . . . . . . : Wednesday, November 02, 2011 18:16:34
C:\>ping srv
Pinging srv.shunra.net [172.30.6.9] with 32 bytes of data:
Reply from 172.30.6.9: bytes=32 time=1ms TTL=128
Reply from 172.30.6.9: bytes=32 time<1ms TTL=128
Reply from 172.30.6.9: bytes=32 time<1ms TTL=128
Reply from 172.30.6.9: bytes=32 time<1ms TTL=128
Ping statistics for 172.30.6.9:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
C:\>
vm-host (the host machine of the vm):
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : vm-host
Primary Dns Suffix . . . . . . . : shunra.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : shunra.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 6C-F0-49-E7-E9-30
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f59d:7f6e:1510:6f%10(Preferred)
IPv4 Address. . . . . . . . . . . : 172.30.6.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Default Gateway . . . . . . . . . : 172.30.0.254
DHCPv6 IAID . . . . . . . . . . . : 242020425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-CC-39-80-6C-F0-49-E7-E9-30
DNS Servers . . . . . . . . . . . : 172.30.1.1
194.90.1.5
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cd92:38c0:9a6d:c008%16(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.192.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 352342102
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-CC-39-80-6C-F0-49-E7-E9-30
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::edb9:b78c:a504:593b%17(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.5.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 369119318
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-CC-39-80-6C-F0-49-E7-E9-30
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\>ping srv
Pinging srv.shunra.net [172.30.6.9] with 32 bytes of data:
Reply from 172.30.6.9: bytes=32 time<1ms TTL=128
Reply from 172.30.6.9: bytes=32 time<1ms TTL=128
Reply from 172.30.6.9: bytes=32 time<1ms TTL=128
Reply from 172.30.6.9: bytes=32 time<1ms TTL=128
Ping statistics for 172.30.6.9:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>ping vm
Pinging vm.shunra.net [172.30.2.60] with 32 bytes of data:
Reply from 172.30.2.60: bytes=32 time<1ms TTL=128
Reply from 172.30.2.60: bytes=32 time<1ms TTL=128
Reply from 172.30.2.60: bytes=32 time<1ms TTL=128
Reply from 172.30.2.60: bytes=32 time<1ms TTL=128
Ping statistics for 172.30.2.60:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>
EDIT3
I have just checked - the vm-host is able to ssh to the vm machine! I still do not know how to leverage this discovery to solve the problem.
This is either an issue of what the sshd service is binding to on VM, or a networking issue of some sort, perhaps a firewall which is still nagging you.
To be sure, check what the sshd service is binding to. I'm assuming this won't be the problem though since it seems you mirrored the setup on a couple of machines, and one works. Probably best to check to be sure though.
Next thing is to double check that there are no firewalls blocking, or any other type of network control on the VM host software that may cause the packets to not reach destination. I would start right off the bat by running a tcpdump or whatever packet sniffer on the VM, and try to connect again via SSH, just to determine whether or not the packets are even making it that far. If they are not, my bet is the vm host software is blocking this connection.
It would help to have more detail about the network information. You went to good detail on some stuff but didn't include this. Are they all on the same subnet? what is the interconnectivity between all, etc...
I think this will help too
EDIT: So it looks like it's some sort of networking thing perhaps. I would kill the sshd service and try to run it manually, as described in This Answer from a related question. My guess is that you'll see nothing show up at all, which confirms that you are not reaching the VM - which has me thinking that either something on the network is blocking, or despite your efforts to disable any firewalling on the vm-host, it's still not getting beyond there. HTH.
The problem is with the vm-host. Although, it should be transparent for the SSH communication going to the guest machine (aka vm), for some unknown reason it is not. So, I had to install OpenSSH (via cygwin) on vm-host as well, even though I am not planning to access it via SSH. Once I have installed OpenSSH on vm-host I was able to access vm (the guest machine).
How installing OpenSSH on the host machine solves the access problems to the guest - I have no idea.