LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-21-2010, 11:46 AM   #1
nixuzer
LQ Newbie
 
Registered: May 2005
Posts: 4

Rep: Reputation: 0
Question tracert for ssh?


As of yesterday all ssh activity to the data center where I host my servers stopped. All attempted ssh connections return "Connection failed". Unfortunately I do not have any other ssh servers elsewhere to test to verify that the problem is not on the ISP side. Since the ISP is not open until Monday @ 9AM I was hoping to have more detail prior to calling because they are usually a little resistant to any technical input without ample evidence.

Is there a cygwin/linux utility for performing a tracert over 22? I need to determine whether my ISP (a small WISP) or the data center is blocking the port. I have done a -v on ssh but it does not provide enough detail where the problem is occurring and the connection has been attempted by name and directly to each server via their IPs.

Code:
$ telnet "my server ip" 22
Connecting To "my server ip"...Could not open connection to the host, on port 22: Connect failed
Code:
$ ssh -v user@"my server name"
OpenSSH_5.3p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Connecting to "my server name" ["my server ip"] port 22.
debug1: connect to address "my server ip" port 22: Connection timed out
ssh: connect to host "my server name" port 22: Connection timed out
UPDATE: Also forgot to include I can ping and visit the websites hosted on the servers.

Thank you in advance for your assistance.

Last edited by nixuzer; 02-21-2010 at 11:47 AM. Reason: Add detail
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 02-21-2010, 12:06 PM   #2
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Use tcpdump:
tcpdump -nn -v port 22
and do telnet to your shell.

It will show you who is answering to your telnet.

Last edited by nimnull22; 02-21-2010 at 12:08 PM.
 
2 members found this post helpful.
Old 02-22-2010, 12:56 PM   #3
nixuzer
LQ Newbie
 
Registered: May 2005
Posts: 4

Original Poster
Rep: Reputation: 0
Unhappy

nimnull22, thanks for the response.

If I'm reading the output of the tcpdump correctly the destination IP is getting the request and never responding. I was able to connect from another computer today (via VPN) however my home network is still not working.

Code:
uzer@uzer-laptop:~$ sudo tcpdump -nn -v port 22
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
12:45:56.085916 IP (tos 0x10, ttl 64, id 63295, offset 0, flags [DF], proto TCP (6), length 60)
    10.0.2.15.36232 > "my server ip".22: Flags [S], cksum 0xf00b (correct), seq 2917997973, win 5840, options [mss 1460,sackOK,TS val 4294961834 ecr 0,nop,wscale 6], length 0
12:45:59.083599 IP (tos 0x10, ttl 64, id 63296, offset 0, flags [DF], proto TCP (6), length 60)
    10.0.2.15.36232 > "my server ip".22: Flags [S], cksum 0xed1d (correct), seq 2917997973, win 5840, options [mss 1460,sackOK,TS val 4294962584 ecr 0,nop,wscale 6], length 0
12:46:05.088081 IP (tos 0x10, ttl 64, id 63297, offset 0, flags [DF], proto TCP (6), length 60)
    10.0.2.15.36232 > "my server ip".22: Flags [S], cksum 0xe741 (correct), seq 2917997973, win 5840, options [mss 1460,sackOK,TS val 4294964084 ecr 0,nop,wscale 6], length 0
12:46:17.083638 IP (tos 0x10, ttl 64, id 63298, offset 0, flags [DF], proto TCP (6), length 60)
    10.0.2.15.36232 > "my server ip".22: Flags [S], cksum 0xdb89 (correct), seq 2917997973, win 5840, options [mss 1460,sackOK,TS val 4294967084 ecr 0,nop,wscale 6], length 0
12:46:41.083660 IP (tos 0x10, ttl 64, id 63299, offset 0, flags [DF], proto TCP (6), length 60)
    10.0.2.15.36232 > "my server ip".22: Flags [S], cksum 0xc41a (correct), seq 2917997973, win 5840, options [mss 1460,sackOK,TS val 5788 ecr 0,nop,wscale 6], length 0
12:47:29.083577 IP (tos 0x10, ttl 64, id 63300, offset 0, flags [DF], proto TCP (6), length 60)
    10.0.2.15.36232 > "my server ip".22: Flags [S], cksum 0x953a (correct), seq 2917997973, win 5840, options [mss 1460,sackOK,TS val 17788 ecr 0,nop,wscale 6], length 0
I have checked the firewall an no IPs are being rejected (iptables -nL) and the IP does not show up. If I look in the auth.log my home IP never shows up. Any other recommendations?
 
Old 02-22-2010, 02:26 PM   #4
nixuzer
LQ Newbie
 
Registered: May 2005
Posts: 4

Original Poster
Rep: Reputation: 0
Since I am 3 days behind on some website updated I added an alternate port to my sshd_config and it is working fine however it would be helpful as well as educational to isolate why it will not accept connections from my IP on port 22.
 
Old 02-22-2010, 02:31 PM   #5
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Any other recommendations?

Yes, you have to contact your ISP and ask for the explanations.
Also try to connect something else to port 22 from your home network. For example you can "telnet IP 22" to any your friend's computer, just to check. You have to make sure that packets leave your home network router.
You have to receive "connection refused" from remote IP, you will be able to see it in tcpdump output.
If nothing will come back, that could mean your packets are dropped somewhere.
 
Old 02-22-2010, 03:01 PM   #6
Skaperen
Senior Member
 
Registered: May 2009
Location: center of singularity
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,678
Blog Entries: 31

Rep: Reputation: 176Reputation: 176
Quote:
Originally Posted by nixuzer View Post
Since I am 3 days behind on some website updated I added an alternate port to my sshd_config and it is working fine however it would be helpful as well as educational to isolate why it will not accept connections from my IP on port 22.
If an alternate port works, then someone is blocking port 22, or the host admin has NAK filtered and turned off port 22 (but wait, you're the admin so I guess we rule that out). My bet is on blocking ... because I would be one to do it. I don't use port 22 for SSH because it just floods the logs with attempts to get in, making it hard for me to see legit issue, and risking filling up /var/log. I recommend using an alternate port.

Do a traceroute to get a list of IP address between these hosts. Then watching with tcpdump, try to telnet to port 22 on each one, one at a time, and see where you get "connection refused" and where you don't. Where you get connection refused, port 22 is getting to there.

But seriously, just leave port 22 disabled and use another port or two ... ports not typically used for anything. Leave tcpdump running for a while with typical traffic your your server not dumped, and see what ports the script kiddies are poking at these days. Don't use any of those for SSH, either.

Some day, they pay start port scanning to find hidden SSH ports. Then we'll need something more advanced like a "knock knock" protocol to open ports.
 
Old 02-22-2010, 03:08 PM   #7
jefro
Moderator
 
Registered: Mar 2008
Posts: 21,937

Rep: Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619
nc (netcat) might have some value.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Very strange Tracert results MonsterMaxx Linux - General 10 04-18-2008 04:08 PM
tracert/traceroute dav_y2k Linux - Networking 1 12-06-2006 11:25 AM
Strange ip from the result of tracert command mrpc_cambodia Linux - Networking 4 01-25-2005 06:49 AM
tracerouter & Tracert without Linux - Security 12 09-22-2004 05:06 PM
Traceroute, tracert??? MattLaw Linux - General 9 05-02-2004 07:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration