Scenario...
WiFi Network home = Can connect with my Digital Ocean servers fine via SSH;
WiFi Network work = Can't connect with my Digital Ocean servers via SSH;
WiFi Network work SSH debug:
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: connect to address xxx.xxx.xxx.xxx port 22: Connection timed out
ssh: connect to host xxx.xxx.xxx.xxx port 22: Connection timed out
Anyone?
Try to check with nc
nc -zvw4 your_host 22
If not open - probably 22 port not allowed in your network, you can ask your network administrator about it
on your server make forward from 443 to 22 via iptables, for example:
iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 22
Related
We have ubuntu server installed on our desktop machine. It is connected modem with ethernet port. We can access it with ssh via inside of our network. But can not from outside.
Here is what we've done so far:
We have static ip
My professor made this i dont know what it is
Our ubuntu server machine always picks 192.168.1.200
We have port forwarding
when I run ssh maviarge#213.XXXXXXX from our LAN which holds ubuntu server machine
maviarge#213.XXXXXXX's password:
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-104-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Thu 10 Mar 2022 08:45:36 AM UTC
System load: 0.07 Processes: 166
Usage of /: 2.0% of 438.13GB Users logged in: 1
Memory usage: 2% IPv4 address for docker0: 172.17.0.1
Swap usage: 0% IPv4 address for enp3s0: 192.168.1.200
Temperature: 50.0 C
* Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.
https://ubuntu.com/blog/microk8s-memory-optimisation
0 updates can be applied immediately.
But when I run ssh -v maviarge#213.XXXXXXX from outside of our wifi.
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data C:\\Users\\MaviArge/.ssh/config
debug1: Connecting to 213.XXXXXXX [213.XXXXXXX] port 22.
debug1: connect to address 213.XXXXXXX port 22: Connection timed out
ssh: connect to host 213.XXXXXXX port 22: Connection timed out
When I run ping 213.XXXXXXX from outside
Pinging 213.XXXXXXX with 32 bytes of data:
Reply from 213.XXXXXXX: bytes=32 time=67ms TTL=46
Reply from 213.XXXXXXX: bytes=32 time=97ms TTL=46
Reply from 213.XXXXXXX: bytes=32 time=107ms TTL=46
Reply from 213.XXXXXXX: bytes=32 time=124ms TTL=46
Ping statistics for 213.XXXXXXX:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 67ms, Maximum = 124ms, Average = 98ms
Saw this command on internet sudo lsof -i:22 and the output:
sudo lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 3290 root 4u IPv4 38814 0t0 TCP maviarge:ssh->host-213.XXXXXXX.reverse.superonline.net:58124 (ESTABLISHED)
sshd 3375 maviarge 4u IPv4 38814 0t0 TCP maviarge:ssh->host-213.XXXXXXX.reverse.superonline.net:58124 (ESTABLISHED)
sshd 4057 root 3u IPv4 71589 0t0 TCP *:ssh (LISTEN)
sshd 4057 root 4u IPv6 71591 0t0 TCP *:ssh (LISTEN)
sshd 5662 root 4u IPv4 74261 0t0 TCP maviarge:ssh->host-213.XXXXXXX.reverse.superonline.net:60472 (ESTABLISHED)
sshd 5746 maviarge 4u IPv4 74261 0t0 TCP maviarge:ssh->host-213.XXXXXXX.reverse.superonline.net:60472 (ESTABLISHED)
Also nmap scan:
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-10 05:17 EST
Nmap scan report for host-213.XXXXXXX.reverse.superonline.net (213.XXXXXXX)
Host is up (0.14s latency).
Not shown: 96 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp filtered ssh
25/tcp filtered smtp
5060/tcp filtered sip
5432/tcp open postgresql
Nmap done: 1 IP address (1 host up) scanned in 2.08 seconds
What's wrong?
have you try this
sudo ufw allow from any to any port 22 proto tcp
or
sudo ufw allow ssh
I have a google compute running CentOS 7, and I wrote up a quick test to try and communicate with it over port 9000 (from my home PC) - but I'm unexpectedly getting network errors.
This happens both with my test script (which attempts to send a payload) and even with plink.exe (which I'm just using to check the port availability).
>plink.exe -v -raw -P 9000 <external_IP>
Connecting to <external_IP> port 9000
Failed to connect to <external_IP>: Network error: Connection refused
Network error: Connection refused
FATAL ERROR: Network error: Connection refused
I've added my external IP to googles firewall (https://console.cloud.google.com/networking/firewalls) and set to allow ingress traffic over port 9000 (it's the lowest priority, at 1000)
I also updated firewalld in CentOS to allow TCP traffic over the port:
Redirecting to /bin/systemctl start firewalld.service
[foo#bar ~]$ sudo firewall-cmd --zone=public --add-port=9000/tcp --permanent
success
[foo#bar ~]$ sudo firewall-cmd --reload
success
I've confirmed my listener is running on port 9000
[foo#bar ~]$ netstat -npae | grep 9000
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1000 18381 1201/python3
By default, CentOS 7 doesn't use iptables (just to be sure, I confirmed it wasn't running)
Am I missing something?
NOTE: Actual external IP replaced with <external_IP> placeholder
Update:
If I nmap my listener over port 9000 from the CentOS 7 compute instance over a local IP, like 127.0.0.1 I get some results. Interestingly, if I make the same nmap call over the servers external IP -- nadda. So this has to be a firewall, right?
external call
[foo#bar~]$ nmap <external_IP> -Pn
Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-25 00:33 UTC
Nmap scan report for <external_IP>.bc.googleusercontent.com (<external_IP>)
Host is up (0.00043s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
3389/tcp closed ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 4.87 seconds
Internal Call
[foo#bar~]$ nmap 127.0.0.1 -Pn
Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-25 04:36 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.010s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
9000/tcp open cslistener
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
In this case software running on the backend VM must be listening any IP (0.0.0.0 or ::), your's is listening to "127.0.0.1:9000" and it should be "0.0.0.0:9000".
The way to fix that it's to change the service config to listen to 0.0.0.0 instead of 127.0.0.1 .
Cheers.
I logged in to a HPC using:
ssh -p 2222 user#hpc.edu
and then started Jupyter notebook using:
jupyter notebook --no-browser --port=9999
I got a url:
http://localhost:9999/?token=0518475c55eaafb82abce7d2d5344b48174012
Then I tried to access the Jupyter notebook remotely using my computer:
ssh -p 2222 user#hpc.edu -L 9999:localhost:9999 -N
The connection is refused after taking a long time:
channel 2: open failed: connect failed: Connection refused
I remember earlier being able to access the notebook by not putting
-p 2222
in the ssh command anywhere. But now I have to do it to ssh remotely. Is there any other change of command needed to access the jupyter notebook remotely?
EDIT:
I added -v -v to the command that I executed on my computer. Here is what it says:
password: debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 0 debug1: Authentication succeeded (keyboard-interactive). Authenticated to bridges.psc.edu ([128.182.108.57]:2222). debug1: Local connections to LOCALHOST:9999 forwarded to remote address localhost:9999 debug1: Local forwarding listening on ::1 port 9999. debug2: fd 4 setting O_NONBLOCK debug1: channel 0: new [port listener] debug1: Local forwarding listening on
127.0.0.1 port 9999. debug2: fd 5 setting O_NONBLOCK debug1: channel 1: new [port listener] debug2: fd 3 setting TCP_NODELAY debug1: Requesting no-more-sessions#openssh.com debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype keepalive#openssh.com want_reply 1 debug1: Connection to port 9999 forwarding to localhost port 9999 requested. debug2: fd 6 setting TCP_NODELAY debug2: fd 6 setting O_NONBLOCK debug1: channel 2: new [direct-tcpip] channel 2: open failed: connect failed: Connection refused debug2: channel 2: zombie debug2: channel 2: garbage collecting debug1: channel 2: free: direct-tcpip: listening port 9999 for localhost port 9999, connect from 127.0.0.1 port 54542 to
127.0.0.1 port 9999, nchannels 3 debug1: Connection to port 9999 forwarding to localhost port 9999 requested. debug2: fd 6 setting TCP_NODELAY debug2: fd 6 setting O_NONBLOCK debug1: channel 2: new [direct-tcpip] channel 2: open failed: connect failed: Connection refused
I had tried to follow this:
http://ipyrad.readthedocs.io/HPC_Tunnel.html
This one works for me. First, start Jupyter from your server using:
jupyter notebook --no-browser --port=7002
Then from your local machine, you can tunnel to Jupyter using the following code
ssh -N -f -L localhost:7001:localhost:7002 user#hpc.edu
Now you can access the Jupyter from your local machine by browsing localhost:7001
More details can be found here: here
I'm on a network which blocks all ports except 80 and 443. So, I'm trying to setup my remote machine to listen on port 80 or 443 (obviously done through some other network) but here's what I get:
ssh -i ~/.ssh/google_compute_engine dev#mymachine -p 80
ssh_exchange_identification: Connection closed by remote host
ssh -i ~/.ssh/google_compute_engine dev#mymachine -p 443
ssh_exchange_identification: read: Connection reset by peer
I already edited my /etc/ssh/sshd_config file and added Port 80 and Port 443 under Port 22 and restarted the ssh service as well. What am I missing here?
Also, mymachine is a machine hosted on google cloud compute engine.
I have a virtual machine located inside a private network.
So firstly, I should come in server.com and then come in my-machine.
I want to make ssh-tunnel from my laptop to my-machine.
ssh -v -A -nNT -L 40000:127.0.0.1:40000 login#server.com ssh -v -nNT -L 40000:127.0.0.1:40000 my-machine &
Now I want to test ssh-tunnel with netcat.
I run at my-machine:
nc -l 40000
At my laptop:
~ ❯❯❯ nc 127.0.0.1 40000
But it gives me:
debug1: Connection to port 40000 forwarding to 127.0.0.1 port 40000 requested.
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: connect failed: Connection refused
debug1: channel 2: free: direct-tcpip: listening port 40000 for 127.0.0.1 port 40000, connect from 127.0.0.1 port 49692 to 127.0.0.1 port 40000, nchannels 3
Why this happen and how to fix it? I expected that anything I type in my laptop console will appear in my-machine console.
What last string means? Especially 127.0.0.1 port 49692 why this port is used? I never type it.
debug1: channel 2: free: direct-tcpip: listening port 40000 for 127.0.0.1 port 40000, connect from 127.0.0.1 port 49692 to 127.0.0.1 port 40000, nchannels 3
Every TCP connection is point to point needs two pairs of IP addresses and ports. Reading all the message (not just the part you showed):
connect from 127.0.0.1 port 49692
So indeed you are connecting to the port 40000, but you are connecting from port 49692 (randomly assigned for your netcat or some of the forwarded steps).
How to fix this problem?
This double-jump forwarding does not work, because you need the second established before the first one.
Also you are using -N switch for the first command, which is preventing running the second ssh command.
But I would give it a shot with ProxyCommand, which will make you connect to the destination with single command directly from your host:
ssh -v -nNT -L 40000:127.0.0.1:40000 \
-oProxyCommand="ssh -W %h:%p login#server.com" my-machine &