Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
02-13-2015, 10:00 AM
|
#1
|
Member
Registered: May 2008
Location: France
Distribution: Ubuntu, Debian
Posts: 343
Rep:
|
My ISP (french ISP Free) is seemingly blocking SSH. Looking for possible workarounds.
SSH seems to be blocked by my ISP (Free.fr).
I have several sites hosted by GoDaddy (Linux deluxe shared hosting with cpanel.) I have enabled SSH access and installed my public RSA key. My computer is connected to my router with an ethernet cable. But whenever I try to SSH, I get 'ssh_exchange_identification: read: Connection reset by peer'.
So I contacted GoDaddy, and they've assured me that they were not blocking my IP address.
What's strange is that when I connect by wifi, SSH works perfectly.
I have contacted Free.fr, but customer support is terrible (almost 1 h on hold, then somebody finally speaking for about 15 s, then you're put on hold again, and so on until you give up.)
Although I can use wifi to SSH, I'm curious about what's going on and wondering if there are any possible workarounds.
Last edited by manu-tm; 02-13-2015 at 10:04 AM.
|
|
|
02-13-2015, 10:08 AM
|
#2
|
LQ Guru
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573
|
So if you connect to your router via wifi, everything works fine, but if you connect to your router via wired ethernet, it doesn't work? Same router, same ISP, same computer? If so, then it's clearly not the ISP blocking anything, it's a problem with either the router or the network configuration on your computer.
|
|
|
02-13-2015, 10:10 AM
|
#3
|
Member
Registered: May 2008
Location: France
Distribution: Ubuntu, Debian
Posts: 343
Original Poster
Rep:
|
No, I connect via wifi to a hotspot (FreeWifi), so I'm using someone else router ('freebox'), ie a different IP address.
Edit: as a Free.fr customer, I'm allowed to use any FreeWifi hotspot (with the right credentials).
Last edited by manu-tm; 02-13-2015 at 10:19 AM.
|
|
|
02-13-2015, 10:18 AM
|
#4
|
LQ Guru
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573
|
Ah, so if you use your computer to connect to a public wifi, everything is fine, but on your home network the connection doesn't go through?
Is it possible you have inadvertently added your own IP to the server's blacklist with too many failed connections while initially trying to set it up? Do you have SSH access to any other machines that you could test on?
ISPs sometimes block certain services for residential connections, but that's on the incoming port. I've never seen an ISP block outgoing connections.
|
|
|
02-13-2015, 10:26 AM
|
#5
|
Member
Registered: May 2008
Location: France
Distribution: Ubuntu, Debian
Posts: 343
Original Poster
Rep:
|
Quote:
Originally Posted by suicidaleggroll
Is it possible you have inadvertently added your own IP to the server's blacklist with too many failed connections while initially trying to set it up? Do you have SSH access to any other machines that you could test on?
|
That was what I suspected first. But GoDaddy insisted my IP was not blacklisted. They asked for a traceroute and later told me it could be my ISP.
Edit: There isn't another machine that I could try to access at the moment. And I've now merge all my previous hosting accounts into a single new one.
Edit2: Of course, I can *only* take GoDaddy's word.
Last edited by manu-tm; 02-13-2015 at 10:36 AM.
|
|
|
02-13-2015, 01:29 PM
|
#6
|
Member
Registered: Nov 2012
Posts: 299
Rep:
|
Quote:
Originally Posted by manu-tm
No, I connect via wifi to a hotspot (FreeWifi), so I'm using someone else router ('freebox'), ie a different IP address.
Edit: as a Free.fr customer, I'm allowed to use any FreeWifi hotspot (with the right credentials).
|
When using soneone elses freebox, aren't you still using the same ISP free.fr? If so you would have thought ssh was blocked for that freebox too if free.fr were doing it.
Can you change your routers public IP address by powering it off and on or is it static?
Does your WiFi interface have different firewall settings to your Ethernet interface? Try disabling the firewall on Ethernet to test it.
|
|
|
02-13-2015, 02:19 PM
|
#7
|
Member
Registered: May 2008
Location: France
Distribution: Ubuntu, Debian
Posts: 343
Original Poster
Rep:
|
Quote:
Originally Posted by af7567
When using soneone elses freebox, aren't you still using the same ISP free.fr? If so you would have thought ssh was blocked for that freebox too if free.fr were doing it.
|
Yes, you're definitely right. In that case, what's different is the IP.
Quote:
Originally Posted by af7567
Can you change your routers public IP address by powering it off and on or is it static?
Does your WiFi interface have different firewall settings to your Ethernet interface? Try disabling the firewall on Ethernet to test it.
|
The router has a static public IP.
About the firewall, disabling it doesn't change anything.
Not totally sure (because I made a lot of trials) but I think that I've been able to connect via SSH on the ethernet interface a couple of times, so the problem could also relates to what suicidaleggroll mentioned (too many failed connections while initially trying to set up SSH).
Edit: Could it be that my ISP is now blocking SSH traffic from my IP address because something looks fishy?
Last edited by manu-tm; 02-13-2015 at 02:46 PM.
|
|
|
02-13-2015, 02:47 PM
|
#8
|
Moderator
Registered: Mar 2008
Posts: 22,114
|
It could be they are blocking business type ports.
How much does it cost for an ISP anyway?
|
|
|
02-13-2015, 02:53 PM
|
#9
|
LQ Guru
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573
|
Quote:
Originally Posted by jefro
It could be they are blocking business type ports.
|
I've never seen one that blocked outgoing connections though. That would be really annoying.
|
|
|
02-13-2015, 02:55 PM
|
#10
|
Member
Registered: May 2008
Location: France
Distribution: Ubuntu, Debian
Posts: 343
Original Poster
Rep:
|
Sorry, what are 'business type ports'?
|
|
|
02-13-2015, 02:59 PM
|
#11
|
LQ Guru
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573
|
Quote:
Originally Posted by manu-tm
Sorry, what are 'business type ports'?
|
21 - FTP
22 - SSH
80 - HTTP
etc.
Any of the common services. They just don't want you hosting websites, email, data servers, etc. on a residential line, they want to charge you business rates if you're running a business.
|
|
|
02-13-2015, 03:00 PM
|
#12
|
Member
Registered: May 2008
Location: France
Distribution: Ubuntu, Debian
Posts: 343
Original Poster
Rep:
|
OK, I see, thanks!
Edit: It's a shared hosting so, AFAIK, there is no way I can change sshd config (including port number) on the server.
Last edited by manu-tm; 02-13-2015 at 03:36 PM.
|
|
|
02-14-2015, 11:03 PM
|
#13
|
Member
Registered: Oct 2003
Location: USA
Distribution: Xubuntu, Arch
Posts: 231
Rep:
|
Try connecting to another remote ssh server from your home network. If you succeed in establishing a connection it will be clear that your ISP is not blocking, and more likely that the problem really is GoDaddy despite their denial. On the other hand if you are unable to ssh in to other sites then the problem may be your ISP or it may be something wrong with your own network configuration (or your ssh configuration).
If you don't have access to another ssh server you can set up a free Linux or Unix shell account for this purpose at one of the sites listed here:
http://aruljohn.com/freeshell/.
|
|
|
02-15-2015, 04:10 AM
|
#14
|
Member
Registered: May 2008
Location: France
Distribution: Ubuntu, Debian
Posts: 343
Original Poster
Rep:
|
Quote:
Originally Posted by r.stiltskin
If you don't have access to another ssh server you can set up a free Linux or Unix shell account for this purpose at one of the sites listed here:
http://aruljohn.com/freeshell/.
|
Just tried out. What I get is:
Code:
$ ssh zzzz@c1.linuxshell.picrofo.com
zzzz@c1.linuxshell.picrofo.com's password:
Received disconnect from 5.196.143.0: 2: Too many authentication failures for zzzz
Edit: I just set up the password so I *know* it.
Last edited by manu-tm; 02-15-2015 at 04:13 AM.
|
|
|
02-15-2015, 08:23 AM
|
#15
|
Member
Registered: Oct 2003
Location: USA
Distribution: Xubuntu, Arch
Posts: 231
Rep:
|
Ha ha. Same thing happened to me when I tried it last night. They have a very unintuitive 2-step registration process. First go to picrofo.com which brings you to their homepage, logged in as guest. Click on [Login] and set up your username and password there.
Then go to linuxshell.picrofo.com, choose one of the available shells (CentOS 6.5 or Ubuntu 14.04 LTS), click on Register, enter the same username and password that you already set up at the homepage and you should now be able to log into the shell in your browser window.
Now you can log out of that shell and try to connect by ssh from a terminal. It should work, although you might have to wait a while until the "too many authentication attempts" ban times out. I don't know how long that takes. Good luck.
|
|
|
All times are GMT -5. The time now is 04:28 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|