SSH and Ports

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

SSH and Ports

Post by shiznatix »

I am trying to give outside SSH access to my test server but for some reason even though I forward port 22 to the machine, it won't connect. Here is my output:

Code: Select all

shiznatix@Joker:~$ ssh -l USERNAME SERVER.COM -vvv
OpenSSH_4.3p2 Debian-8ubuntu1, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to SERVER.COM [IP_ADDRESS] port 22.
then it just hangs. I of course can ssh through the internal network but it's just when I try going from the outside that I have problems. I am not sure what really to do so I am hope that one of you network savvy awesome-heads can give me a kick in the right direction.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Your computer's firewall, perhaps?
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

or server's
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

or routing tables
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

its not my computers firewall because i can ssh into other servers no problem.

how do i check my servers routing table and firewall? i would think that the servers firewall would not be the problem because i can ssh into it from inside the network but maybe i am wrong? How do I go about checking this (command line only)?
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

shiznatix wrote:its not my computers firewall because i can ssh into other servers no problem.

how do i check my servers routing table and firewall? i would think that the servers firewall would not be the problem because i can ssh into it from inside the network but maybe i am wrong? How do I go about checking this (command line only)?
Does anything else forward without troubles? Port 80 for example. If nothing forwards then it's definitely a routing or firewall issue. The reason I said routing is because it looks like the connection is opening through NAT, but never actually being responded too.
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

port 80 goes no problem. port 20 - 22 goes but I have troubles with PASV FTP connections. Those are the only other things this server is using.
User avatar
The Phoenix
Forum Contributor
Posts: 294
Joined: Fri Oct 06, 2006 8:12 pm

Post by The Phoenix »

shiznatix wrote:port 80 goes no problem. port 20 - 22 goes but I have troubles with PASV FTP connections. Those are the only other things this server is using.
PASV FTP connections can't truly be forwarded/rerouted. The details are complicated, but the result is that you would need to forward ports 20-21 and 1024-65535.

Most good FTP clients offer a setting that can help with this issue. I highly recommend Filezilla, a GPL FTP client for windows.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

Is SSHD running? Is it listening on that port?
I highly recommend Filezilla
Yeah I'd recommend that too. It's not amazing but it's not crap and that's a lot more than you can say for many of the others.
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

ole wrote:Is SSHD running? Is it listening on that port?
I highly recommend Filezilla
Yeah I'd recommend that too. It's not amazing but it's not crap and that's a lot more than you can say for many of the others.
sshd is running:

Code: Select all

[root@server-centos ~]# /etc/init.d/sshd status
sshd (pid 19392 19356 19354 19350 19348 3185) is running...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Is there something in the server's log that might be related?
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Does your router happen to also run SSH? I know there's a LinkSys router which does this (the one that has Linux installed on it).
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

A good test is to try forwarding SSH connections through a non-standard port.
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

d11wtq: It is a d-link router so I don't think thats the problem
Ambush Commander wrote:A good test is to try forwarding SSH connections through a non-standard port.
I tried it without success. Here is my entry in the router configuration:
SSH 192.168.0.150 Both 40 / 40 Always
In my /etc/ssh/sshd_config I have "Port 40"

And last here is my trying to connect:
shiznatix@Joker:~$ ssh -l USERNAME DOMAIN_NAME -vvv -p 40
OpenSSH_4.3p2 Debian-8ubuntu1, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to DOMAIN_NAME [IP_ADDRESS] port 40.
and it just hangs.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Port 40 is not exactly "non-standard". I was thinking that you should try a port from 49152 to 65535. Also, note that starting a process listening to that low port number requires root privileges, although the ability to connect internally seems to discredit this. Maybe you should explain that more (is it from a different computer on the network?)
Post Reply