Remote Access FAQs

Linux — SSH

The first thing to check when troubleshooting an SSH connection is to ensure that SSH is actually running on your machine. Do this with one of the following three commands:

    /etc/ init.d/sshd status (shows the status of SSH on the server)
    ps= aux l grep sshd (which will list all users on SSH for the server)
    netstat-n then grep 22 (lists all connections on the server, port 22 being the most common for SSH use)
If it has been determined that SSH is running, ensure that both the software and hardware firewalls are allowing communication to the SSH port. Run the command ip tables - l to list all of the IPs associated with the server to determine if the port is available.

Look at the configuration file at etc/ssh/sshd_config and check the “listen” address to ensure the default with comments, usually 0.000.0.0 which allows all IP addresses, or if a specific IP address is assigned, ensure that the user is using SSH with that IP.

If the SSH connection still cannot be established, verify from an outside source that the port is open. Do this by entering the command telnet <IPaddress>. The cursor will hang if the port is closed and will blink if the port is open. This will better identify the issue depending on the status of the port.

Use a port scanner to locate all ports on the server to determine what port is being used for SSH and if it is active. Enter the command nmap<host>. If the port number is known, enter the command nmap-p <port> <host>.

Check the /etc/ file and look through the etc hosts.allow and etc hosts.deny files to ensure they accurately represent the user trying to access the server. If the user's IP address is in the etc hosts.deny file, edit the file and remove the IP as he or she could accidentally be blocked from the system.

Once you have completed all of the above troubleshooting points and have yielded no results, SSH daemon on the server should be debugged. Begin by stopping the SSH service on the server with the following command:

    /etc/inti.d/sshd stop Then run usr/sbin/ sshd-d
This should result in an output. On the testing client, enter the following command to find the authentication mismatch in the output:

    ssh-v root@<host>
This will most likely determine the authentication mismatch and solve the issue.

Windows — Remote Desktop Connection

Many of the same or similar troubleshooting tools can be used in Windows, but via the Windows GUI. This may be an issue with 3rd party firewall software as well, so be sure to check for other firewalls besides the firewall built into Windows 2003 (2000 does not include a software firewall). To begin, always check that the firewall (whether host based or hardware) is not blocking access to the user:

  1. Click on “Start”, “Control Panel”, and then “Windows Firewall”.
  2. Ensure that if the firewall is on, the “Don't Allow Exceptions” button is unchecked.
  3. Ensure that “Remote Desktop” is selected under the “Exceptions” tab.
  4. Also check the “Scope” button in the firewall to ensure that the customer IP is not being blocked. It is possible to change the port running RDC, so check to see if this is the case (standard RDC port is 3389).
  5. If you are running a 3rd party firewall, you will receive an error message such as “IP nat.sys in use” during log on.
  6. If the “Routing and Remote Access” box is checked in the firewall, this may also be causing the issue.
  7. Ensure that the user has the “Enable Remote Desktop Use” box under the “Remote” tab in the “System Properties”.
If the firewall is not the issue, check the Administrative Tools in Windows to ensure that RDC is enabled in Terminal Services:
  1. Click on “Start”, “Administrative Tools”, and then “Terminal Services Manager”.\
  2. Determine the mode of the server by opening the “Terminal Services Configuration” tab.
  3. Select “Server Setting”, then “Licensing”. The default setting should say “Remote Desktop for Administrators”, which allows two remote users and a console users for a total of three users.
Once it has been determined that the system is configured for RDC properly, check that the number of users logged on has not been exceeded by opening the “Services Configuration” panel. From here, you can determine how many users are logged on to the RDC and remove any that are inactive or unnecessary. Do this by right-clicking on the user and selecting “Delete”. Users oftentimes do not log off correctly and continue to use one of the remote slots on the server even though their connection is inactive. This will then allow the RDC user to log on in place of the inactive connection.

If the above tools cannot be accessed due to a downed server, contact ServePath Support for further assistance.

Another method is to install “Terminal Server” by doing the following:

  1. Click on “Start”, “Control Panel”, then “Add/Remove Programs”.
  2. Click on “Add Programs” and select “Terminal Server”
  3. Once this is installed, it changes the server mode to “Terminal Server”, which is most commonly used for application sharing. Using this tool is free for unlimited users for only 120 days. Once the 120 days have expired, a tscal license is necessary for each user. This may be the issue you are experiencing if you use Terminal Servers for remote access. ServePath provides licenses on a fee for service basis if you wish to continue using Terminal Servers.
Check the TCP/IP filtering in the firewall settings to ensure that a user is not being denied. This is more prevalent on Windows 2000 systems that do not have Windows Firewall. The TCP/IP filtering can select specific users to be denied or allowed access to the server. If your IP is being denied, remove it from the deny list to enable access.

Check the “Local Security Policy” or the “Domain Security Policy” depending on your server. Open “Local Policies” or the “Domain Policies”, then “User Rights Assignment” then “Allow User Log On Through Terminal Services”. The remote desktop user should be included in the list. If they are not, add them. Ensure that the remote desktop user is not on the “Deny Log On Through Terminal Services” list on the same page. If the remote desktop user is included in the list, remove them.

Ensure that you have checked the “Local Directory” or “Active Directory" (depending on your server type) by doing the following:

  1. Click on “Users and Computers”
  2. Double-click on the user in question
  3. Open the user's properties
  4. Check the “Terminal Services Profile” tab and ensure that none of the boxes have been checked.