Re: SSH port 22 is invisible from the internet!! :(

To: debian-user@lists.debian.org
Subject: Re: SSH port 22 is invisible from the internet!! :(
From: csanyipal <csanyipal@csanyi-pal.info>
Date: Mon, 9 Apr 2007 21:21:35 +0200
Message-id: <[🔎] 20070409192135.GC14316@csanyi-pal.info>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20070409185640.GL10335@wasteland.homelinux.net>
References: <[🔎] 20070409130132.GA11076@csanyi-pal.info> <[🔎] 20070409135323.GH10335@wasteland.homelinux.net> <[🔎] 20070409161206.GC11300@csanyi-pal.info> <[🔎] 20070409185640.GL10335@wasteland.homelinux.net>

On Mon, Apr 09, 2007 at 08:56:40PM +0200, Jochen Schulz wrote:

> Hm, weird setup. So you get a non-public IP address on eth0 via DHCP and
> a "static" public address for ppp0?

Exactly!

> > I do:
> > $ sudo tcpdump -vv -i ppp0 "port 22"
> > tcpdump: listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
> > 
> > so if you could, please try to connect with ssh to my system!
> 
> Done (twice). Got a timeout again.

Sorry, I exit from tcpdump but now I'm run it again!

> If you can see either both incoming and outgoing packets or no packets
> at all, your setup is fine and someone else is dropping them. If you see
> only incoming packets, it's your fault.

Could you try to login again, please?

> In any case, I would now try to let sshd listen on another port that is
> probably not filtered (like 443).

Done:

sshd_config: Port 443
iptables script: -A block -i ppp0 -p tcp --dport 443 -j ACCEPT

But, if I run iptables -L then I can't see opened port 443! Why?

Chain block (2 references)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:sip 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:sip 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:1720 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:rplay 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:6680:6699 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:1234 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:9433 
ACCEPT     0    --  anywhere             anywhere            state NEW 
DROP       0    --  anywhere             anywhere


> You should definitely remove that test user *now*. To debug connection

Done.

-- 
Regards, Paul Csányi

Reply to:

Follow-Ups:
- Re: SSH port 22 is invisible from the internet!! :(
  - From: Jochen Schulz <ml@well-adjusted.de>

References:
- SSH port 22 is invisible from the internet!! :(
  - From: csanyipal <csanyipal@csanyi-pal.info>
- Re: SSH port 22 is invisible from the internet!! :(
  - From: Jochen Schulz <ml@well-adjusted.de>
- Re: SSH port 22 is invisible from the internet!! :(
  - From: csanyipal <csanyipal@csanyi-pal.info>
- Re: SSH port 22 is invisible from the internet!! :(
  - From: Jochen Schulz <ml@well-adjusted.de>

Prev by Date: Re: SSH port 22 is invisible from the internet!! :(
Next by Date: permission of shadow file and upgrade the kernel
Previous by thread: Re: SSH port 22 is invisible from the internet!! :(
Next by thread: Re: SSH port 22 is invisible from the internet!! :(
Index(es):
- Date
- Thread