Page 1 of 1

SSH and Ports

Posted: Wed Jul 04, 2007 3:34 am
by shiznatix
I am trying to give outside SSH access to my test server but for some reason even though I forward port 22 to the machine, it won't connect. Here is my output:

Code: Select all

shiznatix@Joker:~$ ssh -l USERNAME SERVER.COM -vvv
OpenSSH_4.3p2 Debian-8ubuntu1, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to SERVER.COM [IP_ADDRESS] port 22.
then it just hangs. I of course can ssh through the internal network but it's just when I try going from the outside that I have problems. I am not sure what really to do so I am hope that one of you network savvy awesome-heads can give me a kick in the right direction.

Posted: Wed Jul 04, 2007 5:44 am
by feyd
Your computer's firewall, perhaps?

Posted: Wed Jul 04, 2007 5:46 am
by Weirdan
or server's

Posted: Wed Jul 04, 2007 6:19 am
by Chris Corbyn
or routing tables

Posted: Wed Jul 04, 2007 6:28 am
by shiznatix
its not my computers firewall because i can ssh into other servers no problem.

how do i check my servers routing table and firewall? i would think that the servers firewall would not be the problem because i can ssh into it from inside the network but maybe i am wrong? How do I go about checking this (command line only)?

Posted: Wed Jul 04, 2007 6:35 am
by Chris Corbyn
shiznatix wrote:its not my computers firewall because i can ssh into other servers no problem.

how do i check my servers routing table and firewall? i would think that the servers firewall would not be the problem because i can ssh into it from inside the network but maybe i am wrong? How do I go about checking this (command line only)?
Does anything else forward without troubles? Port 80 for example. If nothing forwards then it's definitely a routing or firewall issue. The reason I said routing is because it looks like the connection is opening through NAT, but never actually being responded too.

Posted: Wed Jul 04, 2007 6:50 am
by shiznatix
port 80 goes no problem. port 20 - 22 goes but I have troubles with PASV FTP connections. Those are the only other things this server is using.

Posted: Wed Jul 04, 2007 10:45 am
by The Phoenix
shiznatix wrote:port 80 goes no problem. port 20 - 22 goes but I have troubles with PASV FTP connections. Those are the only other things this server is using.
PASV FTP connections can't truly be forwarded/rerouted. The details are complicated, but the result is that you would need to forward ports 20-21 and 1024-65535.

Most good FTP clients offer a setting that can help with this issue. I highly recommend Filezilla, a GPL FTP client for windows.

Posted: Wed Jul 04, 2007 6:14 pm
by Ollie Saunders
Is SSHD running? Is it listening on that port?
I highly recommend Filezilla
Yeah I'd recommend that too. It's not amazing but it's not crap and that's a lot more than you can say for many of the others.

Posted: Thu Jul 05, 2007 8:09 am
by shiznatix
ole wrote:Is SSHD running? Is it listening on that port?
I highly recommend Filezilla
Yeah I'd recommend that too. It's not amazing but it's not crap and that's a lot more than you can say for many of the others.
sshd is running:

Code: Select all

[root@server-centos ~]# /etc/init.d/sshd status
sshd (pid 19392 19356 19354 19350 19348 3185) is running...

Posted: Thu Jul 05, 2007 8:21 am
by volka
Is there something in the server's log that might be related?

Posted: Thu Jul 05, 2007 8:38 am
by Chris Corbyn
Does your router happen to also run SSH? I know there's a LinkSys router which does this (the one that has Linux installed on it).

Posted: Thu Jul 05, 2007 6:09 pm
by Ambush Commander
A good test is to try forwarding SSH connections through a non-standard port.

Posted: Fri Jul 06, 2007 3:41 am
by shiznatix
d11wtq: It is a d-link router so I don't think thats the problem
Ambush Commander wrote:A good test is to try forwarding SSH connections through a non-standard port.
I tried it without success. Here is my entry in the router configuration:
SSH 192.168.0.150 Both 40 / 40 Always
In my /etc/ssh/sshd_config I have "Port 40"

And last here is my trying to connect:
shiznatix@Joker:~$ ssh -l USERNAME DOMAIN_NAME -vvv -p 40
OpenSSH_4.3p2 Debian-8ubuntu1, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to DOMAIN_NAME [IP_ADDRESS] port 40.
and it just hangs.

Posted: Fri Jul 06, 2007 11:48 am
by Ambush Commander
Port 40 is not exactly "non-standard". I was thinking that you should try a port from 49152 to 65535. Also, note that starting a process listening to that low port number requires root privileges, although the ability to connect internally seems to discredit this. Maybe you should explain that more (is it from a different computer on the network?)