Today I ran into a strange problem where I was getting a “ssh connection refused” message from putty while connecting to a Linux server via SSH. I was able to connect to the server just the day before and was sure nothing had changed regarding the server.
Here are some of the symptoms and troubleshooting steps I did to fix the problem.
– Frequently getting “ssh connection refused” while connecting via SSH using putty
– Even after a successful connection, the SSH session would drop after a few seconds
– A ping to the server results in responses, however I notice doing a prolonged ping, the TTL of the echo response would appear as a different number after a few packets
– I had switched the network card, cable, switch and switch ports resulted the same
– iptables was clear (I did a iptables -F) to flush the tables
– The SSH service was restart, machine rebooted.
– Outgoing pings from the server seems to operate fine, and default routes were properly set
After sometime I decided to take the machine in runlevel 1 which results in disconnecting the server. I continued to ping the server and AHA! There was a response! This could only mean there is another server in the same subnet assigned the same IP!
Unlike Windows where your network icon in the system tray would inform you of an IP conflict, you do not have the same privilege under the Linux shell.
In order to find that ghost server I immediately logged onto my core switch and did an arp lookup to find the mac address and port associated with the server.
sh arp | include x.x.x.x sh mac-address-table | include xxxx.xxxx.xxxx
After tracing through the switches using the sh mac-address-table commands I found the port which the server resided and changed that IP.
Lesson learned: Make sure you do not assign duplicate IPs!