LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-02-2016, 09:50 AM   #1
donald3.heckel
Member
 
Registered: Aug 2014
Posts: 60

Rep: Reputation: Disabled
Post SSHD difficulties outside of WAN Network (OpenSSH)


Hello everyone,

I am currently experiencing issues with my sshd server. My configuration consists of Ubuntu Server with Kubuntu 14.04.3 Desktop on top. I currently am using CSF/LFD for my firewall. Within the LAN, I was SSHing just fine until one point when I recently received a connection timeout on the LAN side and had to add my LAN IPs to csf.allow manually as a workaround. I checked csf.deny, "iptables -L | grep 192.168", auth.log, and lfd.log to see if the IPs were blocked/blacklisted with no indication. I also checked sshd_config to see if there were any issues with the config that would cause the event. Within the network (LAN side), I can SSH to the WAN IP:80 (with no special allow rules) just fine. Outside of the LAN, the same is not true as I cannot access my server as my connection is being dropped. I tried seeing if it was a firewall issue by changing DROP="REJECT" in place of DROP="DROP" to see if it was being dropped/rejected. As a result, I have seen the following error message: "Connection to x.x.x.x port 80 failed: Connection refused" (on the WAN side from outside the network). I have referred to other forum messages with similar issues in an attempt to troubleshoot the issue with no success. I tried reinstalling OpenSSH Client/Server, flushing CSF and enabling UFW, checking blocklists with nothing indicative of bans/blocks to local or WAN IPs that I am connecting from. I am currently forwarding my server's port 22 to my WAN's port 80.

I am currently a couple months into SSH (Fairly New to the concept). I am currently using RSA authentication of 2048 bit keys to access my server. Any tips/pointers are welcome.


All help will be greatly appreciated.


Sincerely,

donald3.heckel
 
Old 02-02-2016, 12:53 PM   #2
Doug G
Member
 
Registered: Jul 2013
Posts: 749

Rep: Reputation: Disabled
Since port 80 is the standard http port, perhaps your internet provider is blocking that port. I wouldn't use port 80 for ssh. Why not use the standard ssh port on the WAN side?
 
Old 02-02-2016, 02:23 PM   #3
donald3.heckel
Member
 
Registered: Aug 2014
Posts: 60

Original Poster
Rep: Reputation: Disabled
Hello Doug,

Thank you very much for your reply.

I don't think that my ISP would be blocking that port because of being able to ssh within the LAN to the WAN's 80 (yet again it could be). The main reason why I am not using the standard SSH port is that port 22 is possibly also blocked by my ISP. Port 2222 worked well when I tried it with my ISP. However, that port is blocked at my school. The message I get is "ssh_exchange_identification: Connection reset by peer". Because of this, I am looking to try alternative ports to access my server that wouldn't be blocked at different places such as my school or other places. Also, what ports do you usually use? (not to gain security by obscurity)

Sincerely,

donald3.heckel
 
Old 02-02-2016, 06:32 PM   #4
Doug G
Member
 
Registered: Jul 2013
Posts: 749

Rep: Reputation: Disabled
I'm not familiar with your firewall, generally I'm on a redhat distro. But from your description I'd double-check how you modified your firewall, maybe you missed something to get the port unblocked properly. Also, if you use selinux you have to tell selinux that an alternate port is OK for ssh use.

Quote:
Also, what ports do you usually use? (not to gain security by obscurity)
Any port that's not already assigned to some other app as a well-known port. There is a list of well-known ports probably on your computer, or you can check the one on wikipedia. 2222 should work fine. And the number of bot attempts on your ssh server will pretty much completely stop when you use an alternate ssh port.
 
Old 02-03-2016, 10:51 AM   #5
donald3.heckel
Member
 
Registered: Aug 2014
Posts: 60

Original Poster
Rep: Reputation: Disabled
Hello,

Update:

Speaking of earlier, I have tried port 8080 today as an alternative and it still has timed out just to let you know about alternative ports that haven't worked.

Sincerely,

donald3.heckel
 
Old 02-06-2016, 02:10 PM   #6
donald3.heckel
Member
 
Registered: Aug 2014
Posts: 60

Original Poster
Rep: Reputation: Disabled
Hello everyone,

I have tried port 8080 with no success along with port 2222 beforehand to give you a brief update of what went on. Also Doug, what have your experiences been with red hat based distros in the server side of things?

All help will be greatly appreciated.

Sincerely,

donald3.heckel

Last edited by donald3.heckel; 02-06-2016 at 02:11 PM.
 
Old 02-06-2016, 08:07 PM   #7
Doug G
Member
 
Registered: Jul 2013
Posts: 749

Rep: Reputation: Disabled
I've used RedHat since pre-fedora redhat 5, and use Centos servers. If your distro uses selinux you need to allow the non-standard ports, properly forward ports through routers/firewalls and use an up-to-date sshd server, and everything has always worked fine for me.

FWIW, A family member today was having an issue ssh'ing from suse workstations to a remote raspberry raspbian unit on a dsl connection (out of town), couldn't log in from his suse workstations but ssh from any suse to a local raspberry, then ssh'ing from the raspberry to the remote raspberry worked fine.

He then installed putty on the suse workstations and with putty was able to ssh to the remote site. The remote is running on a non-standard port with the port forwarded through a consumer router to the Pi2. We reached no conclusion as to the cause of the original suse-ssh problem.
 
Old 02-18-2016, 09:14 PM   #8
donald3.heckel
Member
 
Registered: Aug 2014
Posts: 60

Original Poster
Rep: Reputation: Disabled
Talking

Hello Doug,

How are you doing?

I am happy to report that an upgrade to Ubuntu 15.10 fixed the problem. I don't know what it was, but it could've been an issue with Ubuntu 14.04 or with sshd itself. I was able to ssh successfully on port 2222. Thank you very much for you help.

Sincerely,

donald3.heckel
 
Old 02-18-2016, 11:08 PM   #9
Doug G
Member
 
Registered: Jul 2013
Posts: 749

Rep: Reputation: Disabled
I'm happy to hear you've solved your problem.
 
  


Reply

Tags
firewall, networking, openssh, ssh, sshd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How to get Openssh sshd daemon debug information on Solaris 10? johncsl82 Solaris / OpenSolaris 3 09-01-2009 07:49 AM
OpenSSH 4.1p1 sshd won't start on AIX 5.1 TimP AIX 1 03-18-2006 07:45 PM
Issue with sshd (openssh 3.5p1-6) eid Linux - Security 3 11-21-2005 07:10 AM
sshd (openssh) issue. The_mystiC Linux - Software 3 11-03-2005 08:06 AM
Problems with sshd in openssh-3.9p1 Solaris.M.K.A Linux - Newbie 2 09-06-2004 12:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration