Results 1 to 12 of 12

Thread: No SSH from external net

  1. #1
    Large Member
    Join Date
    Apr 2004
    Posts
    3,720
    Thanks
    47
    Thanked
    99 times in 64 posts

    No SSH from external net

    Now, I must have setup SSHD dozens of times in the past, but it seems I've overlooked something fundamental/obvious here. I can connect fine from the internal net, but externally and over the internet does not work. Checked and double checked the correct ports are forwarded on the router the machine sits behind (before anyone asks) - the error is 'connection refused' rather than a timeout anyway.

    Nothing of note in the logs. I've not stopped and started SSHD with the -d/-D switches as the machine has no monitor, and I haven't exercised my bash skills in a while . Can you issue a restart to SSHD with the -d/-D vars?

    Any suggestions?
    To err is human. To really foul things up ... you need a computer.

  2. #2
    Gentoo Ricer
    Join Date
    Jan 2005
    Location
    Galway
    Posts
    11,048
    Thanks
    1,016
    Thanked
    944 times in 704 posts
    • aidanjt's system
      • Motherboard:
      • Asus Strix Z370-G
      • CPU:
      • Intel i7-8700K
      • Memory:
      • 2x8GB Corsiar LPX 3000C15
      • Storage:
      • 500GB Samsung 960 EVO
      • Graphics card(s):
      • EVGA GTX 970 SC ACX 2.0
      • PSU:
      • EVGA G3 750W
      • Case:
      • Fractal Design Define C Mini
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • Asus MG279Q
      • Internet:
      • 240mbps Virgin Cable

    Re: No SSH from external net

    If your distribution uses tcpd wrappers, make sure /etc/hosts.allow and /etc/hosts.deny doesn't have anything that would stop connections to your sshd.
    Quote Originally Posted by Agent View Post
    ...every time Creative bring out a new card range their advertising makes it sound like they have discovered a way to insert a thousand Chuck Norris super dwarfs in your ears...

  3. #3
    SiM
    SiM is offline
    Senior Member
    Join Date
    Apr 2006
    Location
    London
    Posts
    7,787
    Thanks
    300
    Thanked
    633 times in 422 posts
    • SiM's system
      • Motherboard:
      • P5K Premium
      • CPU:
      • Q6600
      • Memory:
      • 8GB PC2-6400 OCZ ReaperX + Platinum
      • Storage:
      • 3 x 320gb HD322HJ single platter in Raid 0
      • Graphics card(s):
      • PNY GTX285
      • PSU:
      • Corsair TX650W
      • Case:
      • Antec 1200
      • Monitor(s):
      • 2407-HC

    Re: No SSH from external net

    Are you using a router? Have you forwarded the correct port to the correct IP?

  4. #4
    Gentoo Ricer
    Join Date
    Jan 2005
    Location
    Galway
    Posts
    11,048
    Thanks
    1,016
    Thanked
    944 times in 704 posts
    • aidanjt's system
      • Motherboard:
      • Asus Strix Z370-G
      • CPU:
      • Intel i7-8700K
      • Memory:
      • 2x8GB Corsiar LPX 3000C15
      • Storage:
      • 500GB Samsung 960 EVO
      • Graphics card(s):
      • EVGA GTX 970 SC ACX 2.0
      • PSU:
      • EVGA G3 750W
      • Case:
      • Fractal Design Define C Mini
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • Asus MG279Q
      • Internet:
      • 240mbps Virgin Cable

    Re: No SSH from external net

    Quote Originally Posted by SiM View Post
    Are you using a router? Have you forwarded the correct port to the correct IP?
    Quote Originally Posted by The OP
    Checked and double checked the correct ports are forwarded on the router the machine sits behind (before anyone asks)
    The OP was way ahead of you

    It's likely to be a tcpd wrapper issue, useless pain in the ass that it is.
    Quote Originally Posted by Agent View Post
    ...every time Creative bring out a new card range their advertising makes it sound like they have discovered a way to insert a thousand Chuck Norris super dwarfs in your ears...

  5. #5
    SiM
    SiM is offline
    Senior Member
    Join Date
    Apr 2006
    Location
    London
    Posts
    7,787
    Thanks
    300
    Thanked
    633 times in 422 posts
    • SiM's system
      • Motherboard:
      • P5K Premium
      • CPU:
      • Q6600
      • Memory:
      • 8GB PC2-6400 OCZ ReaperX + Platinum
      • Storage:
      • 3 x 320gb HD322HJ single platter in Raid 0
      • Graphics card(s):
      • PNY GTX285
      • PSU:
      • Corsair TX650W
      • Case:
      • Antec 1200
      • Monitor(s):
      • 2407-HC

    Re: No SSH from external net

    Ahh teaches me not to read properly

  6. #6
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: No SSH from external net

    Firewall, or if you are using SE-Linux (another PITA!) that may be an issue. Can't be an SSHd configuration issue or it wouldn't connect from the LAN. (Although firewall would affect LAN connections...)
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  7. #7
    Get in the van. Fraz's Avatar
    Join Date
    Aug 2007
    Location
    Bristol
    Posts
    2,919
    Thanks
    284
    Thanked
    397 times in 231 posts
    • Fraz's system
      • Motherboard:
      • Gigabyte X58A-UD5
      • CPU:
      • Watercooled i7-980X @ 4.2 GHz
      • Memory:
      • 24GB Crucial DDR3-1333
      • Storage:
      • 240 GB Vertex2E + 2 TB of Disk
      • Graphics card(s):
      • Water-cooled Sapphire 7970 @ 1175/1625
      • PSU:
      • Enermax Modu87+
      • Case:
      • Corsair 700D
      • Operating System:
      • Linux Mint 12 / Windows 7
      • Monitor(s):
      • Dell 30" 3008WFP and two Dell 24" 2412M
      • Internet:
      • Virgin Media 60 Mbps

    Re: No SSH from external net

    This is almost certainly due to tcp wrappers as several people above have already said.

    Make sure your /etc/hosts.deny file is like:

    ALL: ALL
    and your /etc/hosts.allow file has all domains you'd likely want to be allowed to connect. E.g. for me this is:

    ALL: LOCAL 127.0.0.1 .uk .cern.ch
    It's good to have tcp wrappers enabled if just to deny the insane amount of hack attempts from China/Russia...

  8. #8
    Gentoo Ricer
    Join Date
    Jan 2005
    Location
    Galway
    Posts
    11,048
    Thanks
    1,016
    Thanked
    944 times in 704 posts
    • aidanjt's system
      • Motherboard:
      • Asus Strix Z370-G
      • CPU:
      • Intel i7-8700K
      • Memory:
      • 2x8GB Corsiar LPX 3000C15
      • Storage:
      • 500GB Samsung 960 EVO
      • Graphics card(s):
      • EVGA GTX 970 SC ACX 2.0
      • PSU:
      • EVGA G3 750W
      • Case:
      • Fractal Design Define C Mini
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • Asus MG279Q
      • Internet:
      • 240mbps Virgin Cable

    Re: No SSH from external net

    Quote Originally Posted by Fraz View Post
    It's good to have tcp wrappers enabled if just to deny the insane amount of hack attempts from China/Russia...
    Only tcpd wrapper causes you not to think about what you're doing. It poorly, and *very* inefficiently attempts to imitate a firewall. Stick with netfilter if you want to keep out the bad guys. Drop all traffic from APNIC ranges if you have no use for them. Use shorewall if you find editing text files easier than iptables, most will.
    Quote Originally Posted by Agent View Post
    ...every time Creative bring out a new card range their advertising makes it sound like they have discovered a way to insert a thousand Chuck Norris super dwarfs in your ears...

  9. #9
    Large Member
    Join Date
    Apr 2004
    Posts
    3,720
    Thanks
    47
    Thanked
    99 times in 64 posts

    Re: No SSH from external net

    I assume that, as a general rule, default rules are allow ALL : ALL if both files are empty? I set up an FTP daemon and can connect to that fine? Any other ideas chaps?
    To err is human. To really foul things up ... you need a computer.

  10. #10
    Gentoo Ricer
    Join Date
    Jan 2005
    Location
    Galway
    Posts
    11,048
    Thanks
    1,016
    Thanked
    944 times in 704 posts
    • aidanjt's system
      • Motherboard:
      • Asus Strix Z370-G
      • CPU:
      • Intel i7-8700K
      • Memory:
      • 2x8GB Corsiar LPX 3000C15
      • Storage:
      • 500GB Samsung 960 EVO
      • Graphics card(s):
      • EVGA GTX 970 SC ACX 2.0
      • PSU:
      • EVGA G3 750W
      • Case:
      • Fractal Design Define C Mini
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • Asus MG279Q
      • Internet:
      • 240mbps Virgin Cable

    Re: No SSH from external net

    Correct. The only other possibility is netfilter is rejecting connections to sshd.
    Quote Originally Posted by Agent View Post
    ...every time Creative bring out a new card range their advertising makes it sound like they have discovered a way to insert a thousand Chuck Norris super dwarfs in your ears...

  11. #11
    Large Member
    Join Date
    Apr 2004
    Posts
    3,720
    Thanks
    47
    Thanked
    99 times in 64 posts

    Re: No SSH from external net

    Can't see anything obvious but I'm by no means an expert. I've got no firewall script setup for certain.
    To err is human. To really foul things up ... you need a computer.

  12. #12
    Gentoo Ricer
    Join Date
    Jan 2005
    Location
    Galway
    Posts
    11,048
    Thanks
    1,016
    Thanked
    944 times in 704 posts
    • aidanjt's system
      • Motherboard:
      • Asus Strix Z370-G
      • CPU:
      • Intel i7-8700K
      • Memory:
      • 2x8GB Corsiar LPX 3000C15
      • Storage:
      • 500GB Samsung 960 EVO
      • Graphics card(s):
      • EVGA GTX 970 SC ACX 2.0
      • PSU:
      • EVGA G3 750W
      • Case:
      • Fractal Design Define C Mini
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • Asus MG279Q
      • Internet:
      • 240mbps Virgin Cable

    Re: No SSH from external net

    Do you have an IDS running on the machine or the default gateway?.. Some IDS daemons can be a mite twitchy. Another possibility is that your ISP may be blocking it by default to prevent the spread of drones, and they may be willing to open it for you if you have a public/private key infrastructure in place.
    Quote Originally Posted by Agent View Post
    ...every time Creative bring out a new card range their advertising makes it sound like they have discovered a way to insert a thousand Chuck Norris super dwarfs in your ears...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. External hard drive
    By daboos in forum Help! Quick Relief From Tech Headaches
    Replies: 2
    Last Post: 19-05-2008, 08:21 PM
  2. New virgin media Ceo: Net neutrality is a load of b*****cks
    By alsenior in forum General Discussion
    Replies: 66
    Last Post: 26-04-2008, 02:36 PM
  3. what (firewall+router) ports do i need to open? (rdp over ssh)
    By lanceuppercut in forum Networking and Broadband
    Replies: 0
    Last Post: 24-02-2008, 10:17 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •