I tried to use set up git and use it for github, then when I followed the help doc, but when I got to step 5 of the set up ssh keys section :Test everything out , When I used this command: ssh -T [email protected] I got an error:
ssh: connect to host github.com port 22: No route to host
Then I used this command:
ssh -vT [email protected]
Here is what I got:
OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /home/jacos/.ssh/config
debug1: Applying options for github.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to github.com [207.97.227.239] port 22.
debug1: connect to address 207.97.227.239 port 22: No route to host
ssh: connect to host github.com port 22: No route to host
I googled for a while and found I have to check if the iptables blocked the port. So here is the result:
~$ sudo /sbin/iptables -L -n
[sudo] password for jacos:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 10.42.43.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 10.42.43.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
And I tried the command suggested by Gilles:
tcptraceroute github.com 22
Here is what I got:
Selected device eth0, address 222.20.58.XX(sorry...I masked part of my ip), port 33281 for outgoing packets
Tracing the path to github.com (207.97.227.239) on TCP port 22 (ssh), 30 hops max
1 222.20.58.254 0.891 ms 0.850 ms 0.693 ms
2 zxq-xs-h3c7510e.hust.edu.cn (115.156.255.137) 1.253 ms 1.569 ms 2.837 ms
3 zxq-xs-rjs8606.hust.edu.cn (115.156.255.130) 0.729 ms 0.678 ms 0.629 ms
4 115.156.255.174 0.794 ms 6.279 ms 16.569 ms
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Destination not reached
It seems that the route is stopped at 115.156.255.174, which I don't know where it is.
I can't figure out what it means. Does it block port 22?
By the way, I can access the Internet and visit github.com. And I am using Ubuntu 11.10.
Can anyone help with this? Thanks!
Your
INPUTchain accepts everything. You haven't shown yourOUTPUTchain, but I'll assume that it accepts everything too. This implies that the connection is blocked somewhere between you and Github. It is possible that your school's firewall blocks outgoing connections to port 22.You can get a better idea of where your packets are intercepted by installing tcptraceroute
and running
tcptraceroute github.com 22.Ask your school's administrator to open port 22, or at least (if they're reluctant) port 22 to
github.com. Your use of the network is a serious use, which should be allowed to students.If the administrators do not budge, and you use a proxy to connect to the web, you might be able to get the proxy to relay traffic (it may or may not work, depending on how the proxy is configured). See Is it possible to SSH through port 80?
By the way, your
INPUTchain allows all incoming traffic, since you only haveACCEPTrules and anACCEPTpolicy. A typical rule set would block incoming UDP traffic on non-vetted ports and block incoming TCP connections on non-vetted ports:Based on your comment, it's almost certain that the school has some sort of filter in place to block either all non port 80 traffic or all non-whitelisted traffic. You could probably get away with a SSH HTTP tunnel as documented here, or you could try a browser based ssh client as shown here.