Hi All, I am having a real nagging problem with ssh. I setup dynamic dns so I could I connect to my box from outside. My basic setup is a router connected to a cable modem. I've opened the firewall port 22 tcp/udp on my router. However he is the problem I am having. I can ssh into my box from inside my LAN like, ssh 192.168.0.100, works fine! However when I try to ssh using my dynamic dns (or the external IP), ssh will hang and never return. 1) I've tried running my sshd in debug mode and here is the output =====(SERVER SIDE)===== debug1: sshd version OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: key_parse_private2: missing begin marker debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: key_parse_private2: missing begin marker debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: key_parse_private2: missing begin marker debug1: read PEM private key done: type ECDSA debug1: private host key: #2 type 3 ECDSA debug1: private host key: #3 type 4 ED25519 debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d' Set /proc/self/oom_score_adj from 0 to -1000 debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Server will not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from 192.168.0.1 port 48996 on 192.168.0.100 port 22 2) Here is the ssh verbose output =====(CLIENT SIDE)===== OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to yadav.duckdns.org [209.122.208.175] port 22. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load "/home/yadav/.ssh/id_rsa" as a RSA1 public key debug1: identity file /home/yadav/.ssh/id_rsa type 1 debug1: identity file /home/yadav/.ssh/id_rsa-cert type -1 debug1: identity file /home/yadav/.ssh/id_dsa type -1 debug1: identity file /home/yadav/.ssh/id_dsa-cert type -1 debug1: identity file /home/yadav/.ssh/id_ecdsa type -1 debug1: identity file /home/yadav/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/yadav/.ssh/id_ed25519 type -1 debug1: identity file /home/yadav/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-8 As you can see from the server output the connection gets established, but then the hang happens and I can't figure out what's going on? Someone suggested that sshd might be trying to do a reverse lookup and to add, 'UseDNS no' to /etc/ssh/sshd_config and restarting the daemon. This didn't work! Any ideas? I can't seem to find anything for my particular problem on the Internet.
run tcpdump on your server when you do the outside connect. you can tcpdump -i eth0 -n |grep 209.122.208.175 do you don't get a tonne of crap. You may have to change eth0 to what is appropriate. also see if you have any iptables odd rules, or any odd routing. -tl On Thu, Feb 12, 2015 at 11:22 PM, Dev Guy <devguy.ca@gmail.com> wrote:
Hi All,
I am having a real nagging problem with ssh. I setup dynamic dns so I could I connect to my box from outside.
My basic setup is a router connected to a cable modem. I've opened the firewall port 22 tcp/udp on my router.
However he is the problem I am having.
I can ssh into my box from inside my LAN like, ssh 192.168.0.100, works fine!
However when I try to ssh using my dynamic dns (or the external IP), ssh will hang and never return.
1) I've tried running my sshd in debug mode and here is the output =====(SERVER SIDE)=====
debug1: sshd version OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: key_parse_private2: missing begin marker debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: key_parse_private2: missing begin marker debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: key_parse_private2: missing begin marker debug1: read PEM private key done: type ECDSA debug1: private host key: #2 type 3 ECDSA debug1: private host key: #3 type 4 ED25519 debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d' Set /proc/self/oom_score_adj from 0 to -1000 debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Server will not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from 192.168.0.1 port 48996 on 192.168.0.100 port 22
2) Here is the ssh verbose output =====(CLIENT SIDE)=====
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to yadav.duckdns.org [209.122.208.175] port 22. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load "/home/yadav/.ssh/id_rsa" as a RSA1 public key debug1: identity file /home/yadav/.ssh/id_rsa type 1 debug1: identity file /home/yadav/.ssh/id_rsa-cert type -1 debug1: identity file /home/yadav/.ssh/id_dsa type -1 debug1: identity file /home/yadav/.ssh/id_dsa-cert type -1 debug1: identity file /home/yadav/.ssh/id_ecdsa type -1 debug1: identity file /home/yadav/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/yadav/.ssh/id_ed25519 type -1 debug1: identity file /home/yadav/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-8
As you can see from the server output the connection gets established, but then the hang happens and I can't figure out what's going on?
Someone suggested that sshd might be trying to do a reverse lookup and to add,
'UseDNS no'
to /etc/ssh/sshd_config and restarting the daemon. This didn't work!
Any ideas? I can't seem to find anything for my particular problem on the Internet.
--- Talk Mailing List talk@gtalug.org http://gtalug.org/mailman/listinfo/talk
Dev Guy wrote:
Hi All,
I am having a real nagging problem with ssh. I setup dynamic dns so I could I connect to my box from outside.
My basic setup is a router connected to a cable modem. I've opened the firewall port 22 tcp/udp on my router.
However he is the problem I am having.
I can ssh into my box from inside my LAN like, ssh 192.168.0.100, works fine!
However when I try to ssh using my dynamic dns (or the external IP), ssh will hang and never return.
I had a similar problem a few years ago on Bell DSL, the issue was I was SSHing into one of their FreeBSD routers (they fixed this issue a year ago by blocking incoming on port 22), I fixed it by change the SSH port to 2222.
On 02/13/2015 09:54 AM, Myles Braithwaite wrote:
However when I try to ssh using my dynamic dns (or the external IP), ssh will hang and never return.
I had a similar problem a few years ago on Bell DSL, the issue was I was SSHing into one of their FreeBSD routers (they fixed this issue a year ago by blocking incoming on port 22), I fixed it by change the SSH port to 2222.
How does something with an IP address go to the wrong device??? If you have your own public IP, that router should not be doing anything other than forwarding to your address.
I had this same problem. Up until a week or two ago port 22 worked fine. Then internally 22 was ok but externally it failed. (connection denied error). I even called Bell but they denied changing anything. As soon as I changed everything too port 2222 it all worked fine again! On 02/13/2015 09:54 AM, Myles Braithwaite wrote:
Dev Guy wrote:
Hi All,
I am having a real nagging problem with ssh. I setup dynamic dns so I could I connect to my box from outside.
My basic setup is a router connected to a cable modem. I've opened the firewall port 22 tcp/udp on my router.
However he is the problem I am having.
I can ssh into my box from inside my LAN like, ssh 192.168.0.100, works fine!
However when I try to ssh using my dynamic dns (or the external IP), ssh will hang and never return.
I had a similar problem a few years ago on Bell DSL, the issue was I was SSHing into one of their FreeBSD routers (they fixed this issue a year ago by blocking incoming on port 22), I fixed it by change the SSH port to 2222. --- Talk Mailing List talk@gtalug.org http://gtalug.org/mailman/listinfo/talk
-- _______________________________________________ Tim Carroll 3kids.net Cell 416 524 7721 50 King Edward Ave Toronto, Ontario, M4C 5J6 ___________________________
On 02/13/2015 10:18 AM, Tim Carroll wrote:
I had this same problem. Up until a week or two ago port 22 worked fine. Then internally 22 was ok but externally it failed. (connection denied error). I even called Bell but they denied changing anything. As soon as I changed everything too port 2222 it all worked fine again!
Perhaps they're blocking port 22. Try a TCP port 22 traceroute and see what happens. Try again with 2222.
The problem ended up being my router, once I updated the firmware everything started working and I was able to setup ssh access with a RSA key only. On Fri, Feb 13, 2015 at 10:29 AM, James Knott <james.knott@rogers.com> wrote:
On 02/13/2015 10:18 AM, Tim Carroll wrote:
I had this same problem. Up until a week or two ago port 22 worked fine. Then internally 22 was ok but externally it failed. (connection denied error). I even called Bell but they denied changing anything. As soon as I changed everything too port 2222 it all worked fine again!
Perhaps they're blocking port 22. Try a TCP port 22 traceroute and see what happens. Try again with 2222. --- Talk Mailing List talk@gtalug.org http://gtalug.org/mailman/listinfo/talk
-- Kind Regards, Rajinder Yadav SafetyNet Test Driven Development http://safetynet.devmentor.org
participants (5)
-
Dev Guy -
James Knott -
Myles Braithwaite -
ted leslie -
Tim Carroll