Hello everyone,

I am currently experiencing issues with my sshd server. My configuration consists of Ubuntu Server with Kubuntu 14.04.3 Desktop on top. I currently am using CSF/LFD for my firewall. Within the LAN, I was SSHing just fine until one point when I recently received a connection timeout on the LAN side and had to add my LAN IPs to csf.allow manually as a workaround. I checked csf.deny, "iptables -L | grep 192.168", auth.log, and lfd.log to see if the IPs were blocked/blacklisted with no indication. I also checked sshd_config to see if there were any issues with the config that would cause the event. Within the network (LAN side), I can SSH to the WAN IP:80 (with no special allow rules) just fine. Outside of the LAN, the same is not true as I cannot access my server as my connection is being dropped. I tried seeing if it was a firewall issue by changing DROP="REJECT" in place of DROP="DROP" to see if it was being dropped/rejected. As a result, I have seen the following error message: "Connection to x.x.x.x port 80 failed: Connection refused" (on the WAN side from outside the network). I have referred to other forum messages with similar issues in an attempt to troubleshoot the issue with no success. I tried reinstalling OpenSSH Client/Server, flushing CSF and enabling UFW, checking blocklists with nothing indicative of bans/blocks to local or WAN IPs that I am connecting from. I am currently forwarding my server's port 22 to my WAN's port 80.

I am currently a couple months into SSH (Fairly New to the concept). I am currently using RSA authentication of 2048 bit keys to access my server. Any tips/pointers are welcome.


All help will be greatly appreciated.


Sincerely,

donald3.heckel

Since port 80 is the standard http port, perhaps your internet provider is blocking that port. I wouldn't use port 80 for ssh. Why not use the standard ssh port on the WAN side?

Hello Doug,

Thank you very much for your reply.

I don't think that my ISP would be blocking that port because of being able to ssh within the LAN to the WAN's 80 (yet again it could be). The main reason why I am not using the standard SSH port is that port 22 is possibly also blocked by my ISP. Port 2222 worked well when I tried it with my ISP. However, that port is blocked at my school. The message I get is "ssh_exchange_identification: Connection reset by peer". Because of this, I am looking to try alternative ports to access my server that wouldn't be blocked at different places such as my school or other places. Also, what ports do you usually use? (not to gain security by obscurity)

Sincerely,

donald3.heckel

I'm not familiar with your firewall, generally I'm on a redhat distro. But from your description I'd double-check how you modified your firewall, maybe you missed something to get the port unblocked properly. Also, if you use selinux you have to tell selinux that an alternate port is OK for ssh use.

Any port that's not already assigned to some other app as a well-known port. There is a list of well-known ports probably on your computer, or you can check the one on wikipedia. 2222 should work fine. And the number of bot attempts on your ssh server will pretty much completely stop when you use an alternate ssh port.

Hello,

Update:

Speaking of earlier, I have tried port 8080 today as an alternative and it still has timed out just to let you know about alternative ports that haven't worked.

Sincerely,

donald3.heckel

Hello everyone,

I have tried port 8080 with no success along with port 2222 beforehand to give you a brief update of what went on. Also Doug, what have your experiences been with red hat based distros in the server side of things?

All help will be greatly appreciated.

Sincerely,

donald3.heckel

I've used RedHat since pre-fedora redhat 5, and use Centos servers. If your distro uses selinux you need to allow the non-standard ports, properly forward ports through routers/firewalls and use an up-to-date sshd server, and everything has always worked fine for me.

FWIW, A family member today was having an issue ssh'ing from suse workstations to a remote raspberry raspbian unit on a dsl connection (out of town), couldn't log in from his suse workstations but ssh from any suse to a local raspberry, then ssh'ing from the raspberry to the remote raspberry worked fine.

He then installed putty on the suse workstations and with putty was able to ssh to the remote site. The remote is running on a non-standard port with the port forwarded through a consumer router to the Pi2. We reached no conclusion as to the cause of the original suse-ssh problem.

Hello Doug,

How are you doing?

I am happy to report that an upgrade to Ubuntu 15.10 fixed the problem. I don't know what it was, but it could've been an issue with Ubuntu 14.04 or with sshd itself. I was able to ssh successfully on port 2222. Thank you very much for you help.

Sincerely,

donald3.heckel

I'm happy to hear you've solved your problem.