Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Okay, so I know this question has been asked before a lot. I'm asking again because I have already been through the search results both here and on Google.
My problem is that I need to do some tech support for my family in a different city. This would all go much faster if I could get some kind of remote shell access. Unfortunately, I can't seem to log into SSH, despite taking the following steps.
* Static IP isn't really an issue, I'm willing to phone them to get their IP address from something like www.whatismyip.com.
* I've seen assurances from our ISP (Windstream) that they are not blocking port 22
* I've user our router (dd-wrt linksys wrt54g) to forward port 22 to that particular computer (which has a static local IP).
* I'm running a liveCD there (systemrescuecd), where I've used the iptables command to allow absolutely everything through. (Yes, it's insecure, but we don't have anything on there worth taking/trashing, and this setup lasts only a day or so). (And yes, I set a root password on the live cd)
* I have the ssh daemon running. It works on the local network - other computers connected to the router can ssh in, just not anyone outside the LAN.
All of the hints I've found so far say to check one of these things. Having done all of them, I still have no access. All my ssh connections time out before I get to a log in screen. Internet access is perfectly normal and operational from that machine.
I have not, I'll check that. I didn't think it would be relevant - I thought that meant the amount of time between a login prompt and when the user had to react - I never get the prompt.
I tried setting it to 2 minutes, but it made no difference. My ssh client still just sat there for ~20 seconds, then said that there was a network error and the connection timed out.
Also it could be helpful to attach endpoint-to-endpoint 'tcptraceroute', 'ssh -vvv' and remote sshd output (mask where necessary). Also using iptables to just "-j LOG" (or tcpdump?) on both the filter INPUT and OUTPUT chains might help (plus router logging?) to see if packets actually hit the target.
I'm actually having an identical issue, and I ultimately feel in my case that it's an issue with the isp on *their* end (don't think the op mentions anything about them.)
Anyway, my point isn't to discover why it won't work, rather to offer a work-around based on a similar issue I had a couple of years back (with the same endpoint isp), and that is to setup openvpn, and use that as a tunnel, whether via ssh or whatnot. I'm about to do the same here, just haven't had the time.
I will mention that the important thing to remember with openvpn is that "float" option for the port has to be in the config on the host (*their*) side, essentially searching for an open port....
I'll also mention that I'd like to see a simpler solution, so please don't let me interrupt further....
cheers,
ps - edit: also like to mention, and you've probably considered, that *they* could tunnel to you, and you could perhaps help that way....
Last edited by mrclisdue; 02-13-2010 at 05:58 PM.
Reason: I can't shut up.
I agree with mrclisdue. I believe it is going to be the ISP. Try changing the ssh server to run on port 443. You could also run an nmap scan of your local network to make sure that port 22 is actually open.
You said that you forwarded port 22 to your computer. Has this been done on the other side as well? It is the server that needs port 22 opened not the client. (unless you block outgoing traffic)
A cheap way to check input connectivity is "telnet <IP> <port>". You should see a response like:
Trying 192.168.1.106...
Connected to elite.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.2
Also try using nmap to see which ports are open on the server.
Make sure they are running the sshd server.
Make sure their firewall isn't blocking port 22.
Like others have suggested, if you can ping the target IP from you PC and port 22 is forwarded in the router, most likely the ISP is blocking that port.
You could use tcpdump on the ssh server to see if any ssh packets are reaching it. If not you would then know the problem is either with your ISP or with your router. Sorry, I am not familiar with the tcpdump command so cannot suggest which options to use.
Thanks for all of your help. It turns out that there was a second side to this issue that I had not considered. The ISP of the server was fine, but the ISP of the client (Campus Technologies, to whom my university farms out internet access) has a habit of blocking everything but port 80, even outbound. I suspect that once I fight this out with them to get 22 unblocked on the client side, things will improve. I'll look for another internet connection to test this theory with.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.