LinuxQuestions.org - tracert for ssh?

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - tracert for ssh? (https://www.linuxquestions.org/questions/linux-networking-3/tracert-for-ssh-790574/)

tracert for ssh?

As of yesterday all ssh activity to the data center where I host my servers stopped. All attempted ssh connections return "Connection failed". Unfortunately I do not have any other ssh servers elsewhere to test to verify that the problem is not on the ISP side. Since the ISP is not open until Monday @ 9AM I was hoping to have more detail prior to calling because they are usually a little resistant to any technical input without ample evidence.

Is there a cygwin/linux utility for performing a tracert over 22? I need to determine whether my ISP (a small WISP) or the data center is blocking the port. I have done a -v on ssh but it does not provide enough detail where the problem is occurring and the connection has been attempted by name and directly to each server via their IPs.

Code:

$ telnet "my server ip" 22

Connecting To "my server ip"...Could not open connection to the host, on port 22: Connect failed

Code:

$ ssh -v user@"my server name"

OpenSSH_5.3p1, OpenSSL 0.9.8l 5 Nov 2009

debug1: Connecting to "my server name" ["my server ip"] port 22.

debug1: connect to address "my server ip" port 22: Connection timed out

ssh: connect to host "my server name" port 22: Connection timed out

UPDATE: Also forgot to include I can ping and visit the websites hosted on the servers.

Thank you in advance for your assistance.

Use tcpdump:
tcpdump -nn -v port 22
and do telnet to your shell.

It will show you who is answering to your telnet.

nimnull22, thanks for the response.

If I'm reading the output of the tcpdump correctly the destination IP is getting the request and never responding. I was able to connect from another computer today (via VPN) however my home network is still not working.

Code:

uzer@uzer-laptop:~$ sudo tcpdump -nn -v port 22

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

12:45:56.085916 IP (tos 0x10, ttl 64, id 63295, offset 0, flags [DF], proto TCP (6), length 60)

    10.0.2.15.36232 > "my server ip".22: Flags [S], cksum 0xf00b (correct), seq 2917997973, win 5840, options [mss 1460,sackOK,TS val 4294961834 ecr 0,nop,wscale 6], length 0

12:45:59.083599 IP (tos 0x10, ttl 64, id 63296, offset 0, flags [DF], proto TCP (6), length 60)

    10.0.2.15.36232 > "my server ip".22: Flags [S], cksum 0xed1d (correct), seq 2917997973, win 5840, options [mss 1460,sackOK,TS val 4294962584 ecr 0,nop,wscale 6], length 0

12:46:05.088081 IP (tos 0x10, ttl 64, id 63297, offset 0, flags [DF], proto TCP (6), length 60)

    10.0.2.15.36232 > "my server ip".22: Flags [S], cksum 0xe741 (correct), seq 2917997973, win 5840, options [mss 1460,sackOK,TS val 4294964084 ecr 0,nop,wscale 6], length 0

12:46:17.083638 IP (tos 0x10, ttl 64, id 63298, offset 0, flags [DF], proto TCP (6), length 60)

    10.0.2.15.36232 > "my server ip".22: Flags [S], cksum 0xdb89 (correct), seq 2917997973, win 5840, options [mss 1460,sackOK,TS val 4294967084 ecr 0,nop,wscale 6], length 0

12:46:41.083660 IP (tos 0x10, ttl 64, id 63299, offset 0, flags [DF], proto TCP (6), length 60)

    10.0.2.15.36232 > "my server ip".22: Flags [S], cksum 0xc41a (correct), seq 2917997973, win 5840, options [mss 1460,sackOK,TS val 5788 ecr 0,nop,wscale 6], length 0

12:47:29.083577 IP (tos 0x10, ttl 64, id 63300, offset 0, flags [DF], proto TCP (6), length 60)

    10.0.2.15.36232 > "my server ip".22: Flags [S], cksum 0x953a (correct), seq 2917997973, win 5840, options [mss 1460,sackOK,TS val 17788 ecr 0,nop,wscale 6], length 0

I have checked the firewall an no IPs are being rejected (iptables -nL) and the IP does not show up. If I look in the auth.log my home IP never shows up. Any other recommendations?

Since I am 3 days behind on some website updated I added an alternate port to my sshd_config and it is working fine however it would be helpful as well as educational to isolate why it will not accept connections from my IP on port 22.

Any other recommendations?

Yes, you have to contact your ISP and ask for the explanations.
Also try to connect something else to port 22 from your home network. For example you can "telnet IP 22" to any your friend's computer, just to check. You have to make sure that packets leave your home network router.
You have to receive "connection refused" from remote IP, you will be able to see it in tcpdump output.
If nothing will come back, that could mean your packets are dropped somewhere.

Quote:

Originally Posted by nixuzer (Post 3872982)

If an alternate port works, then someone is blocking port 22, or the host admin has NAK filtered and turned off port 22 (but wait, you're the admin so I guess we rule that out). My bet is on blocking ... because I would be one to do it. I don't use port 22 for SSH because it just floods the logs with attempts to get in, making it hard for me to see legit issue, and risking filling up /var/log. I recommend using an alternate port.

Do a traceroute to get a list of IP address between these hosts. Then watching with tcpdump, try to telnet to port 22 on each one, one at a time, and see where you get "connection refused" and where you don't. Where you get connection refused, port 22 is getting to there.

But seriously, just leave port 22 disabled and use another port or two ... ports not typically used for anything. Leave tcpdump running for a while with typical traffic your your server not dumped, and see what ports the script kiddies are poking at these days. Don't use any of those for SSH, either.

Some day, they pay start port scanning to find hidden SSH ports. Then we'll need something more advanced like a "knock knock" protocol to open ports.

nc (netcat) might have some value.