Quote:
Some things I'm missing here from your end point:
- what does "All I have to do to make it reachable via SSH is to SSH from another server on the same subnet" mean? What do you actually do?
|
I literally just SSH into the misbehaving box from any other machine on it's local subnet, as soon as I create an SSH connection, it starts working from external IP addresses, I don't even have to authenticate.
Quote:
- checking /var/log/messages and /var/log/secure or equivalent for clues,
|
No entries whatsoever related. I can be running a tail on the auth.log, messages, user.log, and syslog and see nothing until I log in from the local subnet. This makes me think it may be a networking problem with the Comcast router.
No cron jobs.
Quote:
- listing any defensive measures like fail2ban,
|
None currently. I even uninstalled IPTables to be sure.
Quote:
- ssh daemon in debug mode to see debug output,
|
This I did, I see nothing until I connect from within the subnet, which then causes it to work perfectly.
Quote:
- ssh daemon on another port to see if its port-specific,
|
I've tried different ports/IPs as I said in my original post.
Quote:
- remote tcptraceroute to end point TCP/22 to see where the trace stops,
|
Good idea, I had not thought of TCPtraceroute, will perform and report back.
Quote:
- firewall "-j LOG" rules to verify access.
|
I removed all firewall/security early in the process to ensure that wasn't what was causing the problem.
Thanks for the thoughts. Next time I run into the problem, I will try the TCPtraceroute and post the results here. Unfortunately, I have to leave my home and makeshift data center to make this happen.