To All:

I am attempting to route my ssh traffic through a 47xxx port. Yes, it's not standard but I want to do it for security reasons. When I run the following command I get this error message:

ssh -vvv -p 47235 cajunchief@10.0.x.x
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.0.x.x [10.0.x.x port 47235.
debug1: connect to address 10.0.0.232 port 47234: No route to host
ssh: connect to host 10.0.0.232 port 47235: No route to host


However---When i run this command over the default port i get this error:

ssh -vvv -p 22 cajunchief@10.0.x.x
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.0.x.x [10.0.x.x] port 22.
debug1: connect to address 10.0.x.x port 22: Connection refused
ssh: connect to host 10.0.x.x port 22: Connection refused


The initial run does not get through???

The second run makes it through but of course does not work as port 22 is not being used by my server.
I have setup my comcast router to port forward port 47235 to the correct ip address 10.0.x.x.


Can anyone tell me where the problem is:

cajunchief

This indicates that the IP address can't be reached (ie nothing to do with port). Check that the IP address is correct. A ping to that address will fail as well...

Ferrari,
NOT correct! here is the ping!

ping 10.0.0.232
PING 10.0.0.232 (10.0.0.232) 56(84) bytes of data.
64 bytes from 10.0.0.232: icmp_seq=1 ttl=64 time=0.825 ms
64 bytes from 10.0.0.232: icmp_seq=2 ttl=64 time=0.517 ms
64 bytes from 10.0.0.232: icmp_seq=3 ttl=64 time=0.298 ms
64 bytes from 10.0.0.232: icmp_seq=4 ttl=64 time=0.296 ms
64 bytes from 10.0.0.232: icmp_seq=5 ttl=64 time=0.306 ms
64 bytes from 10.0.0.232: icmp_seq=6 ttl=64 time=0.298 ms
64 bytes from 10.0.0.232: icmp_seq=7 ttl=64 time=0.505 ms
64 bytes from 10.0.0.232: icmp_seq=8 ttl=64 time=0.521 ms
^C
--- 10.0.0.232 ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 7559ms
rtt min/avg/max/mdev = 0.296/0.445/0.825/0.176 ms
[cajunchief@cajunchiefcom ~]$

Forwarding the port on the router does not affect local LAN connections. You would need to use your WAN IP address.

Did you configure the firewall to allow traffic on 47235?

michealk,

don't you need to do a port forward to allow traffic through the router to the port on the cpu you want?

cajunchief

Yes, but it is only used when accessing the CPU from outside your local network.

Remember, we're not on front of your network, and your opening post doesn't tell the full story. You didn't demonstrate that you could reach the host with a ping. Important information, otherwise we're left to guess. Use nmap to show that there is a listening ssh server on the host you want to connect to within the LAN.

Check the host firewall configuration as well.

ferrari,

I think your probably correct, I don't see the PORT I want to use inside my LAN being open as shown below:

nmap -A -T4 scanme.nmap.org

Starting Nmap 6.40 ( http://nmap.org ) at 2016-05-15 16:34 EDT
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.095s latency).
Not shown: 992 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh (protocol 2.0)
| ssh-hostkey: 1024 ac:00:a0:1a:82:ff:cc:55:99:dc:67:2b:34:97:6b:75 (DSA)
| 2048 20:3d:2d:44:62:2a:b0:5a:9d:b5:b3:05:14:c2:a6:b2 (RSA)
|_256 96:02:bb:5e:57:54:1c:4e:45:2f:56:4c:4a:24:b2:57 (ECDSA)
25/tcp filtered smtp
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
|_http-title: Go ahead and ScanMe!
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
9929/tcp open nping-echo Nping echo
31337/tcp open tcpwrapped
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port22-TCP:V=6.40%I=7%D=5/15%Time=5738DD74%P=x86_64-redhat-linux-gnu%r(
SF:NULL,2B,"SSH-2\.0-OpenSSH_6\.6\.1p1\x20Ubuntu-2ubuntu2\.3\r\n");

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 28.37 seconds


I have a comcast gateway router, how do I configure the internal lan to let my port be open?

cajunchief

You need to configure the firewall on the server itself (10.0.0.232) if running to allow traffic on port 47235.

What distribution / version is running on 10.0.0.232?

michaelk,

As usual yes you are very correct! Merci Beaucoup!

cajunchief