Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

NETCONF error: "ssh: connect to host ... Connection refused" on non-default port

Condition

On the NETCONF server, you ran a command like this, specifying a non-default port:

$ ssh vyatta@10.200.200.2 -p 830 -s netconf

and you see an error like this:

ssh: connect to host 10.200.200.2 port 830: Connection refused

You then re-ran the command with the verbose option enabled:

$ ssh -v vyatta@10.200.200.2 -p 830 -s netconf

and the verbose output indicates that the connection is refused:

OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.200.200.2 [10.200.200.2] port 830.
debug1: connect to address 10.200.200.2 port 830: Connection refused
ssh: connect to host 10.200.200.2 port 830: Connection refused

Finally, you ran a command like this:

$ ping 10.200.200.2

which indicates that the Vyatta NOS is reachable at this IP address:

PING 10.200.200.2 (10.200.200.2) 56(84) bytes of data.
64 bytes from 10.200.200.2: icmp_seq=1 ttl=64 time=0.442 ms
64 bytes from 10.200.200.2: icmp_seq=2 ttl=64 time=0.491 ms
^C
--- 10.200.200.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 30ms
rtt min/avg/max/mdev = 0.442/0.466/0.491/0.032 ms

Cause

SSH is not enabled on this port on the Vyatta NOS system.

Remedy

  1. From the Vyatta NOS NETCONF client, check that the port is open.
    user@system# run show system connections | grep 830
    [edit]
    This shows that the port is not configured. So then you need to configure it.
    user@system# set service ssh port 830
    [edit]
    user@system# commit
    [edit]
    Now if you run the show system connections command again, you'll see that the port is open:
    user@system# run show system connections | grep 830
    tcp        0      0 0.0.0.0:830             0.0.0.0:*               LISTEN
    tcp6       0      0 :::830                  :::*                    LISTEN
  2. Verify that you can now connect on the port, with the ssh command.
    $ ssh vyatta@10.200.200.2 -p 830 -s netconf
    Welcome to DANOS - Vyatta NOS Edition
    
    vyatta@10.200.200.2's password:
    <?xml version="1.0" encoding="UTF-8"?>
    <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
      <capabilities>
        <capability>urn:ietf:params:netconf:base:1.0</capability>
        <capability>urn:ietf:params:netconf:base:1.1</capability>
    ...