Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 18
I've hit a wall. Working on this for 2 days. Setup: 2 Linux boxes behind a router connected to a cable modem. One I'm using as a server. Server is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2007
    Posts
    16

    ssh refusing connection


    I've hit a wall. Working on this for 2 days.
    Setup: 2 Linux boxes behind a router connected to a cable modem. One I'm using as a server. Server is running sshd. Other computer can ssh into server with LAN ip but can't if using site (internet WAN) ip.

    Using Cox High speed cable.

    When I try to login using the WAN ip, such as this:
    ssh xxx@170.140.180.200 (ip of cable modem), I get a 'connection refused'.

    - sshd IS running on server.
    - Tried running sshd on different ports (sshd -p 6200)
    - Tried another router in case port forwarding wasn't working on first router.
    - Tried -vvv on ssh command
    - Tried sshd -d (debug on sshd server)
    - Tried running sshd on other computer and logging in from server
    - Ran netstat -ntap - server listening on whatever port I run sshd on.
    - NO firewall

    To summarize, I can login to either machine from either machine using ssh on LAN. Can't login from one to the other over the internet, using the IP of the cable modem. Had someone outside LAN try and same error.

    Everything points to the 'port forwarding' on the router, but I just can't believe 2 routers are bad. sshd and credentials are ok since I can login locally from one computer to another.

    Ruled out Cox blocking ports by trying on several different ports (ie. 6300, 4747, etc.) Can't login to sshd over interent.

    What this tells me is that there is nothing wrong with either computer. ssh and sshd is working properly.

    ANY help would be appreciated since I have very little hair left to pull out.

  2. #2
    Banned
    Join Date
    Dec 2008
    Location
    Arkansas
    Posts
    4
    Dude. From everything you described it should work fine.

    Only possibilities I could think of you prob have tried.

    I have nearly the exact same setup, but slack on one, windows on the other
    and a linksys router behind a cable modem. Mine works fine if I use my public IP.

    Sure no iptables rules?
    And port forwarding is set for TCP?
    Any screwing with authentication methods?

  3. #3
    Just Joined!
    Join Date
    May 2007
    Posts
    16
    Yep, absolutely no firewall of any kind. No iptables -L. Nothing. With both routers, I've tried port forwarding to each machine. Tried tcp and udp and both. I'm using the same login credentials from within the LAN and the WAN. No joy.

    As I mentioned, the only clue is the actual error message. If it had anything to do with authentication, sshd not running, firewall, etc. you'd get a different error message. That message, from my experience, means that the request isn't even getting to the computer. Of course, I'm constantly learning new stuff, so I may be wrong.

    Here's an interesting twist. I set the DMZ on the router to expose the server directly to the internet and it still doesn't work.

    I'm stuck because I don't know how to troubleshoot this beyond what I have already tried. What else can I try?

  4. #4
    Banned
    Join Date
    Dec 2008
    Location
    Arkansas
    Posts
    4
    Reinstall the entire damn system. Then don't change anything for now in config except for
    disallowing root login.

    It has to work or aliens are screwing with you with some startrek-like powers.
    Then if it works, go from there, and when you get the same prob, youll know the last change you made.

  5. #5
    Just Joined!
    Join Date
    May 2007
    Posts
    16
    Was a little skeptical of your suggestion, but thought if nothing I'm doing is working, I might as well try anything. I booted up FreeNAS (livecd) that has everything running for a server platform. Same problem. I then tried a Knoppix live cd. Same.

    As I mentioned. I don't believe it has to do with the computer or software running on it. I tried plugging in an older Dlink 524 router. Same thing. That's three routers that I tried it with. Yes, all three COULD be bad, but the odds are against it.

    Also checked hosts.deny and hosts.allow. Nothing in either.

    Can a cable modem block ports? This is a new (1 month old) Motorola Surfboard cable modem.

    Could Cox be blocking all incoming traffic from non-normal ports? Can my next door neighbor be stealing my ssh traffic packets? Could I be losing my mind?

    ha ha just kidding, but I am starting to lose my mind over this. I don't know how to try anything further to troubleshoot it. Are there any other tests I can try?

    Since both of these computers are on the same ip, can I do what I'm trying to do? I don't see why not since I'm forwarding the ssh port to the server computer.

    BTW, thanks for trying to help. Also, how the heck did you get the letters to print backwards in your handle? That's pretty cool.

  6. #6
    Banned
    Join Date
    Dec 2008
    Location
    Arkansas
    Posts
    4
    google alt codes.


    There's something crucial your not telling us.
    You can set your nix puter with no firewall as your dmz host
    and then scan yourself from grc.com, anything that comes up
    'filtered' instead of open or closed is prob blocked by your isp.
    Mine blocks httpd(80), smtp, and windows netbios ports for example.

    But sshd is not usually blocked upstream. Too many customers would be offended by not being able to use their home puters from work.

    Worth checking though.

  7. #7
    Just Joined!
    Join Date
    May 2007
    Posts
    16
    great suggestion. I set the server as the dmz computer in the router. Went to grc and port scanned common ports. All are stealth except for port zero, which shows closed.

    I ran the sshd daemon on the standard port 22 and made sure Cox was not blocking it, according to their website.

    Double checked to make sure that sshd was in fact listening on port 22 by using netstat -ntap. It is.

    Not sure how they are doing the port scan, but the 'stealth' results concern me. If the computer is listening on port 22, shouldn't the port scan show open or something like that?

    bed time, but first thing in the morning, I'm going to connect the server directly up to the cable modem and see what happens. Not sure what to do about the computer's ip since I use static LAN IPs. Will the cable modem accept that ip and submask or do I have to set the computer to accept dhcp?

    The cable modem is a new Motorola Surfboard, which you can't access from within a LAN. It can only be accessed from outside the network. If I had known that, I wouldn't have bought it. That's stupid.

    edit: Couldn't wait for the morning. plugged server directly into cable modem and ran scan. Port 22 showed open!!!! Yeah!

    The bad news is that I have three routers that can't forward a port. Either that or there's some other setting that I don't know about. Of course, I've only been doing this for 20 years, what do I know.

  8. #8
    Just Joined!
    Join Date
    May 2007
    Posts
    16
    Update, but still a problem.

    Went out and bought a new router. Connected it. Forwarded port 22, as I did in the previous routers and now the port scan acts normal. When sshd is running, port shows open. When sshd not running, port shows stealth. Tried 2 of the old routers and neither work right. Guess they were bad.

    BUT....

    I still can't ssh or telnet into that computer from another computer on the same network, going out and back in through the WAN IP of the cable modem. e.g. using the IP of the site. No problem connecting locally through the network, from any computer.

    All I get is a 'connection timed out' error.

    Running sshd -d shows no activity when trying to login from outside the network. ssh -vvv shows nothing abnormal when trying to connect, then errors with the time out error.

    Any ideas on what may be the problem or what to try?

    Thanks

  9. #9
    Just Joined! cheapscotchron's Avatar
    Join Date
    Dec 2008
    Location
    swamps of jersey
    Posts
    68
    long shot, but....
    check /etc/hosts.allow and /etc/hosts.deny

  10. #10
    Just Joined!
    Join Date
    May 2007
    Posts
    16
    Hey, thanks, but I've already checked them many times.

    People from outside the network can ssh into the server now, (Yea!) but from inside the network, I can't log in (using the WAN IP) from any computer. They can all log in using the local network address though. I wonder why. They all time out.

    All route tables look ok and are all the same on every computer in the network. I've eliminated all iptables rules. i.e. there is nothing in iptables.

    Still no joy from inside the network, to outisde, to inside using ssh. Outside to inside works fine.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •