LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-21-2014, 12:33 PM   #1
jw1800
LQ Newbie
 
Registered: Mar 2014
Posts: 8

Rep: Reputation: Disabled
Nonstandard ssh port Connection Refused


Hello everyone, this is my first post and I thought I would request help with a problem I have been struggling with for a few days now. I am trying to change my ssh port from the standard 22 to a new four digit number (lets say xxxx) but when I try to connect remotely I receive
Code:
 ssh: connect to host user@host port xxxx: Connection refused
If i use the standard port 22 remotely I am able to connect as expected.

What I've Tried

After I change the port in my /etc/ssh/sshd_config and restart the ssh service, I make sure the logs say
Code:
 Server listening on 0.0.0.0 port xxxx
 Server listening on :: port xxxx
I forward the port on my router (R7000)
my iptables are flushed
ufw allow port xxxx

I have tried multiple ports making sure they are above 1025

Inside my local network I can connect to other computers using ssh -p xxxx ... but when I try it remotely I still get connection refused.

Could this be my router(or me) not forwarding ports correctly? I feel as if it should be an easy solution that I just am not finding. Also, I am using linux mint if it helps.

Thanks for any help in advance guys!
 
Old 03-21-2014, 01:28 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 (pre-systemd)
Posts: 2,855

Rep: Reputation: 757Reputation: 757Reputation: 757Reputation: 757Reputation: 757Reputation: 757Reputation: 757
If you are running selinux (a good idea for anything attached to the net) then you need to tell it about the new port.
 
Old 03-21-2014, 03:18 PM   #3
Ryanms3030
Member
 
Registered: Jan 2014
Distribution: Debian, Mint, CentOS, Ubuntu
Posts: 261

Rep: Reputation: Disabled
You might also have to create firewall rule to allow the new port number

Last edited by Ryanms3030; 03-21-2014 at 03:19 PM.
 
Old 03-21-2014, 05:46 PM   #4
jw1800
LQ Newbie
 
Registered: Mar 2014
Posts: 8

Original Poster
Rep: Reputation: Disabled
Thanks for the replies. As for SELinux, I had actually never heard of it before so I will look into that for future use. Thanks for the tip.As for firewall, my iptables rules are flushed and I have already allowed the port for ufw (I believe those are the only two firewalls that mint comes with). I did initially think it was the firewall though and so does anyone know if there is an additional command after
Code:
sudo ufw allow xxxx
 
Old 03-21-2014, 06:16 PM   #5
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,561

Rep: Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127
So you can connect to the server using your new port from inside your local network, but not from outside?

I'm confused by your statement:
Quote:
Inside my local network I can connect to other computers using ssh -p xxxx
Did you mean to say you can connect FROM other computers? If so, then the problem is clearly in your router config. Many routers need to have port forwarding set up in two places. Once in the port forwarding rules, and also in the firewall rules to even allow the connection to begin with.
 
Old 03-21-2014, 06:36 PM   #6
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,910

Rep: Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999
This is probably a silly question but which external port number are you forwarding to which internal port number? If your router has an option to forward the SSH port to an internal port that will not work as it will be forwarding external port 22 to internal port 2222 (for example) rather than forwarding external port 2222 to external port 2222 instead.
[2222 used as your new SSH port]
 
Old 03-21-2014, 07:43 PM   #7
jw1800
LQ Newbie
 
Registered: Mar 2014
Posts: 8

Original Poster
Rep: Reputation: Disabled
Ya sorry, I did mean to say that I could connect from other computers in my local network. I will look more into my router setting then. And sorry for being confusing before, I am not always the best writer.
As for my external and internal port numbers, they are both set to the same thing. As in external is 2222 and the internal is 2222.
 
Old 03-21-2014, 07:46 PM   #8
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,910

Rep: Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999
Quote:
Originally Posted by jw1800 View Post
As for my external and internal port numbers, they are both set to the same thing. As in external is 2222 and the internal is 2222.
I thought that would be the case but mentioned it as these things are easy to forget or overlook.
 
Old 03-21-2014, 08:31 PM   #9
joe_2000
Member
 
Registered: Jul 2012
Location: Aachen, Germany
Distribution: Void, Arch, Debian
Posts: 859

Rep: Reputation: 245Reputation: 245Reputation: 245
Are you testing from within your own network? I have seen routers that allowed port forwarding but only for connections that are *really* coming from the outside. The only way I found to actually test that it works was going online via a umts connection over my mobile and then trying to connect.

Some other thoughts: Are you sure that you are using the right target ip? You can use http://www.whatismyip.com/ to check.

Are you sure that you are forwarding the port to the right machine in your lan? You may want to use a static IP for that machine, just to be 100% sure.

You could run a nmap scan:

Code:
nmap -p xxxx <ip-address>
Where the ip-address must be the public one(!)

If your router is forwarding the port correctly you should see it open, the output on mine looks like this:
Code:
user@host:~$ nmap -p xxxx  my-ip-address 

Starting Nmap 6.00 ( http://nmap.org ) at 2014-03-22 01:26 CET
Nmap scan report for host-provider-string (address)
Host is up (0.0039s latency).
PORT      STATE SERVICE
xxxx/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
Note that you may have to install nmap beforehand, it's in the repositories of most distros.
 
Old 03-21-2014, 08:52 PM   #10
jw1800
LQ Newbie
 
Registered: Mar 2014
Posts: 8

Original Poster
Rep: Reputation: Disabled
Thanks joe_2000 for all the suggestions. I reconfirmed my ip and used nmap to scan the port again and it says 'xxxx/tcp open'. As for trying this behind my router, I technically am. I am however sshing from laptop in my local building to another computer in another building and then trying to ssh back in to the desktop computer that I am having the problem with. Does the network still consider this local? I imagined it as the network seeing it as a new external connection that is to be directed to the desktop. I will use your suggestion of mobile to test it though, if it works I will write back claiming my ignorance.
 
Old 03-21-2014, 09:18 PM   #11
jw1800
LQ Newbie
 
Registered: Mar 2014
Posts: 8

Original Poster
Rep: Reputation: Disabled
Unfortunately that did not work, I will continue searching around. Sorry for being so difficult.
 
Old 03-21-2014, 10:09 PM   #12
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,561

Rep: Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127
Quote:
Originally Posted by jw1800 View Post
As for trying this behind my router, I technically am. I am however sshing from laptop in my local building to another computer in another building and then trying to ssh back in to the desktop computer that I am having the problem with.
That's fine. The problem would be if you were ssh'ing to your own public IP from within your network (without stopping off at a 3rd party machine first). Some routers are fine with this, some block it.
 
Old 03-22-2014, 07:52 AM   #13
joe_2000
Member
 
Registered: Jul 2012
Location: Aachen, Germany
Distribution: Void, Arch, Debian
Posts: 859

Rep: Reputation: 245Reputation: 245Reputation: 245
Hmm, weird. Some more thoughts:
Can you confirm there are no ip conflicts within your local network? (Maybe your router shows you which machines are connected in its interface?)
Have you tried the part of using a static ip?
Have you tried doing this with another computer (to potentially rule out the router as the source of the issue)? If you cannot do it with another computer maybe you can at least run a live system on the target machine.
Just for me to understand the situation better: Can you confirm that the router forwards port 22 correctly? (I am not sure about the wording in your initial post)

You mentioned allowing a port in ufw, but that your iptables were flushed. This sounds a bit conflicting to me. I have not used ufw, but could it be that it does something you aren't aware of (like filtering source ips)? Can you deactivate it completley, run iptables -F and try again?
Are you running other smart tools such as denyhosts or similar?

Another possibility to test whether the router is forwarding the port correctly: Install a webserver (e.g. apache), run it on a non-default port, and see if you can open the default page in a browser by putting your public ip in the address bar. (Obviously after having forwarded that port) If you use apache it should say something like "It works!".
 
Old 03-23-2014, 07:43 PM   #14
jw1800
LQ Newbie
 
Registered: Mar 2014
Posts: 8

Original Poster
Rep: Reputation: Disabled
Wow sorry about this guys but I decided to try it from another remote location and it turns out it works. The problem is the other connection I was sshing through to be able to connect from the outside connection. It apparently has limits on where it can connect and refuses connection if it's not on the white list, so that was the problem the whole time. I was not the one who set up the other connection and I had never had a problem with any other locations so I didn't think to doubt it. Sorry for wasting time and thanks for attempting to help me through my ignorance. I will marked this as solved just in case anyone else is as dumb as I am.
 
Old 03-24-2014, 03:30 PM   #15
joe_2000
Member
 
Registered: Jul 2012
Location: Aachen, Germany
Distribution: Void, Arch, Debian
Posts: 859

Rep: Reputation: 245Reputation: 245Reputation: 245
Quote:
Originally Posted by jw1800 View Post
Wow sorry about this guys but I decided to try it from another remote location and it turns out it works. The problem is the other connection I was sshing through to be able to connect from the outside connection. It apparently has limits on where it can connect and refuses connection if it's not on the white list, so that was the problem the whole time. I was not the one who set up the other connection and I had never had a problem with any other locations so I didn't think to doubt it. Sorry for wasting time and thanks for attempting to help me through my ignorance. I will marked this as solved just in case anyone else is as dumb as I am.
No need to apologize, no damage done :-)

It would be interesting though to understand the issue better so as to learn from it. The part I don't understand is why your test through a cell phone connection failed... Did you still have the remote connection on the connection past in that test? I.e.
Code:
local machine -> cell phone -> machine in remote building -> target machine in local building
?

That would indeed explain. But if you did
Code:
local machine -> cell phone -> target machine in local building
it should work, shouldn't it?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh: connect to host port 22: Connection refused nileshraut2009 Ubuntu 1 10-08-2012 06:40 AM
SSH connection refused port 22 XDaniel Linux - Networking 3 03-06-2011 11:53 PM
ssh tunnel on port 22 connection refused ashamanmiller DamnSmallLinux 2 12-10-2010 09:54 AM
ssh: connection refused, port 22 Roko Linux - Networking 5 12-01-2008 06:12 AM
SSH port...Connection....refused?? Miyamoto Mandriva 6 08-26-2003 05:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration