Find the answer to your Linux question:
Results 1 to 6 of 6
Hi, I am having issues connecting to a remote host via ssh and I suspect that this is due to some security restrictions on their side. I can't be sure ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2011
    Posts
    5

    Unable to connect to ssh server


    Hi,

    I am having issues connecting to a remote host via ssh and I suspect that this is due to some security restrictions on their side. I can't be sure of that so I just come and ask for your advice.

    The remote host is configured to allow only some specific IP addresses to connect. I have to connect to this server from two different places :
    - my university room, where I have a fixed public IP address
    - my parent's, where I connect with a local IP address, via a NAT router (a "box" provided by my ISP). The NAT router has a fixed public IP address.

    I asked the administrator to allow access for the two IPs (the fixed public IP I have when I am in my uni room, and the fixed public IP of my parent's NAT router).

    I have no problem connecting from my room at university, but I can't connect from my parent's (The server doesn't even respond when I ping it from there).

    I have no problem accessing other SSH servers (without IP restrictions) from my parent's.

    So I thought maybe this comes from the fact that my computer has a private IP address that is different from the NAT's public address which I gave to the sysadmin, and this could cause trouble at somepoint.

    Anyone has a more precise idea so as to where this comes from ? And how I can solve the problem and connect to this ssh server from behind my NAT router ?

    Thanks in advance for your help,

    Pierre

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Most, if not all ISP providers, do not assign fixed IP addresses to home accounts unless you have signed up for a business account. This saves them on IP management. Most home accounts are using DHCP IP Addresses. ISP set a time limit normaly to have the DHCP IP Address change so that normal home uses cannot setting up a server and running it at home.

    I would be surprised if the UNI doesn't assign you a DHCP address also with a long lease time if for nothing else to save on IP management.

    That being said when you are on your home network you can check your IP Addres at What Is My IP which will show you what your IP address is as seen from the internet world.

    I would look into using SSH_Keys for login and fail2ban for blocking those people who try to log in without a key. That way you don't have to lock down the IP Address you can log in from and you can be anywhere and still login.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Feb 2011
    Posts
    5
    >Most, if not all ISP providers, do not assign fixed IP addresses

    Mine does, I am a hundred percent certain of that. (Note that this is not uncommon in France, where I live).

    >I would be surprised if the UNI doesn't assign you a DHCP address

    Here again, I am a hundred percent sure my fixed IP address at uni is indeed a fixed IP address.

    The problem does not come from here.


    >I would look into using SSH_Keys for login and fail2ban for blocking those people who try to log in without a key. That way you don't have to lock down the IP Address you can log in from and you can be anywhere and still login.

    I totally agree with you. Unfortunately neither you nor I have admin rights on the host I am trying to connect to The authentication is password only, and they have this f*** IP restriction policy. I just have to deal with it.

    Thanks for your help !

    Pierre

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    OK, if you are 100% sure of yourself the next step would be to contact the remote admin and see where you are being blocked at. Have him check the logs to see if you are even reaching his system. Make sure he has the correct IP Address. Let him tell you what he has for your IP Address that way you know he really looked. Some times you tell them your IP and they say that is what they have only to find out after much troubleshooting they never even checked.

    If he tells you he see nothing in the logs and the IP is correct then you have to figure out where you are being blocked. First step would be to verify your public IP Address. If it is the same and everything else is working web, email, ect. then you need to see if the ISP is blocking outbound ports.

    I could site here all day and guess at what the problem might be but that isn't going to get your anywhere quickly. You need to start at your system and work your way up to the remote host to find out where the blockage is.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #5
    Just Joined!
    Join Date
    Feb 2011
    Posts
    5
    Already checked IPs with the sysadmin. Also I don't think it has anything to do with my ISP because I don't have any trouble connecting to ssh servers from my parents' as long as these servers don't have IP restrictions.

    I guess I'll have to wait until I am back at UNI to sort this out.

    Anyway thanks for your advice,

    Regards,

    Pierre

  7. #6
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    When you figure this out could you post what it was for future use? Thnx.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •