SSH Login. scoring engine cannot TCP-connect to port 22

Authority mappings

Which work roles, knowledge units, and EWU courses this error pattern touches. Hover for context, click to drill in.

What the message means

Plain connection failure: either sshd is down, port 22 isn't forwarded, or something upstream of sshd is dropping the TCP SYN. SSH is **2× weight** (2.78 pts/check) and has been EWU's traditional strength. do not break this during hardening.

Why the service is down

• sshd service stopped (check journalctl for recent restarts).
• Config error in /etc/ssh/sshd_config. sshd refused to start.
• Router not forwarding port 22.
• Host firewall blocking 22.
• fail2ban banned the scoring engine's IP after a burst of perceived failures.

Commands in order

1. 1. 1. sshd running?

   copy systemctl status sshd

   Expect

   active (running)

   Interpret and next

   Inactive: `systemctl start sshd`. Failed: `journalctl -u sshd -n 50`. usually a config typo.
2. 2. 2. Config syntax valid?

   copy sshd -T 2>&1 | head -20

   Expect

   Configuration output, no errors

   Interpret and next

   Any error = fix it. Common: PermitRootLogin typo, missing file for AllowUsers.
3. 3. 3. Listening on 22?

   copy ss -tlnp | grep :22

   Expect

   sshd on 0.0.0.0:22

   Interpret and next

   Listening only on 127.0.0.1 = ListenAddress wrong in sshd_config.
4. 4. 4. fail2ban has a ban?

   copy fail2ban-client status sshd 2>/dev/null

   Expect

   Banned IP list; scoring engine's IP must NOT be there

   Interpret and next

   Unban: `fail2ban-client unban <IP>`. Whitelist going forward: `ignoreip` in jail.local.
5. 5. 5. Host iptables?

   copy iptables -L INPUT -n | grep -E ':22|dpt:22'

   Expect

   ACCEPT rule (or empty, relying on policy ACCEPT)

   Interpret and next

   DROP/REJECT = `iptables -I INPUT -p tcp --dport 22 -j ACCEPT`.
6. 6. 6. Scoring user public keys present?

   copy for u in simone_weil nills todd_k vetomo claude_chevalley; do ls /home/$u/.ssh/authorized_keys 2>/dev/null; done

   Expect

   File exists for each user

   Interpret and next

   Missing: check backup `/root/ssh-keys-backup/`, restore. Scoring users keys MUST be kept.
7. 7. 7. Router NAT for 22

   copy /ip firewall nat print where dst-port=22

   Expect

   dstnat TCP 22 -> <server-IP>:22

   Interpret and next

   Missing: add it.

Decision tree

Answer each question to route to the right fix.

External references

• NCAE Cyber Games. official rules and scoring
• OpenBSD sshd_config(5) man page
• OpenSSH project. security advisories
• NCAE Defense Checklist. Apache2 + OpenSSH
  Official NCAE tutorial: video 30.
• NCAE Cyber Games. official tutorials channel
  44 tutorials. Numbers 23–32 are the Defense Checklist.

Other patterns on this service

• 44.4 partial The following users failed to authenticate with their public key: nills, vetomo
• 44.4 partial The following users failed to authenticate with their public key: vetomo, nills
• 36.1 partial The following users failed to authenticate with their public key: simone_weil, todd_k
• 36.1 partial The following users failed to authenticate with their public key: vetomo, todd_k
• 30.6 partial The following users failed to authenticate with their public key: claude_chevalley
• 27.8 partial The following users failed to authenticate with their public key: claude_chevalley, simon.
• 27.8 partial The following users failed to authenticate with their public key: nills, simone_weil
• 27.8 partial The following users failed to authenticate with their public key: nills, todd_k
• 25 partial The following users failed to authenticate with their public key: simone_weil, vetomo, cl.
• 25 partial The following users failed to authenticate with their public key: nills