Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
 Post subject: ssh selectively blocking
PostPosted: Mon Mar 07, 2011 12:10 pm 
Offline
Senior Newbie

Joined: Mon Mar 07, 2011 11:36 am
Posts: 6
Currently I can SSH in to my server from several computers save for the one I use at work. I had thought it was an issue with our firewall but I'm curious:

My site itself isn't blocked and neither is the SSH port I am using. I also have no problems SSH'ing in to my other server(not @ linode) using the same port.

All I'm getting as a warning is: ssh connect to host <myhost>: bad file number. Not knowing enough about how these protocols I am trying to figure out if this is a local issue or something related to the server.


Top
   
 Post subject:
PostPosted: Mon Mar 07, 2011 2:56 pm 
Offline
Senior Member

Joined: Sun Mar 07, 2010 7:47 pm
Posts: 1970
Website: http://www.rwky.net
Location: Earth
It's probably a local issue, run ssh with -vvv flags and put the output here.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue


Top
   
 Post subject:
PostPosted: Mon Mar 07, 2011 3:04 pm 
Offline
Senior Newbie

Joined: Mon Mar 07, 2011 11:36 am
Posts: 6
Code:
$ ssh -vvv li242-73.members.linode.com
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug2: ssh_connect: needpriv 0
debug1: Connecting to li242-73.members.linode.com [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host li242-73.members.linode.com port 22: Bad file number


Work PC is a Windows client so I'm using msysgit's shell. I've tried grabbing the ssh log via Putty as well but Putty doesn't report anything, it just tells me connection refused and then it closes.


Top
   
 Post subject:
PostPosted: Mon Mar 07, 2011 3:26 pm 
Offline
Senior Member
User avatar

Joined: Sun Aug 10, 2008 11:26 am
Posts: 104
Location: ~$
jerdak wrote:
debug1: Connecting to li242-73.members.linode.com [127.0.0.1] port 22.


Did you edit out your Linode's IP address, or does it actually say it's trying to connect to 127.0.0.1?


Last edited by funkytastic on Mon Mar 07, 2011 3:28 pm, edited 2 times in total.

Top
   
 Post subject:
PostPosted: Mon Mar 07, 2011 3:27 pm 
Offline
Senior Member

Joined: Sun Mar 07, 2010 7:47 pm
Posts: 1970
Website: http://www.rwky.net
Location: Earth
Darn windows, try setting logging to DEBUG in /etc/ssh/sshd_config then restart ssh and try connecting again and check /var/log/auth.log

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue


Top
   
 Post subject:
PostPosted: Mon Mar 07, 2011 3:32 pm 
Offline
Senior Member

Joined: Thu May 21, 2009 3:19 am
Posts: 336
Well I can't connect to your host via SSH from work or my linode:

Quote:
ssh -vvv li242-73.members.linode.com
OpenSSH_5.5p1 Debian-6, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to li242-73.members.linode.com [173.255.232.73] port 22.
debug1: connect to address 173.255.232.73 port 22: Connection refused
ssh: connect to host li242-73.members.linode.com port 22: Connection refused


Port 80 works, I can only guess you are either blocking port 22, don't have SSH setup correctly (or turned on) or you have iptables setup with some odd config and are trying to whitelist a set of IP addresses and have something wrong there.


Top
   
 Post subject:
PostPosted: Mon Mar 07, 2011 3:37 pm 
Offline
Senior Newbie

Joined: Mon Mar 07, 2011 11:36 am
Posts: 6
Quote:
Did you edit out your Linode's IP address, or does it actually say it's trying to connect to 127.0.0.1?

Verbatim copy/paste from the console window. I noticed this earlier but I wasn't sure what the debug information was telling me. On the off chance this wasn't correct I used the raw IP:

Code:
$ ssh -vvv -p 16661 173.255.232.73
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug2: ssh_connect: needpriv 0
debug1: Connecting to 173.255.232.73 [173.255.232.73] port 16661.
debug1: connect to address 173.255.232.73 port 16661: The connection was aborted
ssh: connect to host 173.255.232.73 port 16661: Bad file number



Quote:
Darn windows, try setting logging to DEBUG in /etc/ssh/sshd_config then restart ssh and try connecting again and check /var/log/auth.log

Checked the log after doing this and nothing appeared.

Quote:
Well I can't connect to your host via SSH from work or my linode:

I'm sorry, that was my bad. I change the SSH port from 22 to 16661. The original post I made was for port 16661, I must have removed it when I was editing the string for post, it should have read:

Code:
ssh -vvv -p 16661 li242-73.members.linode.com


To be clear, I had the same errors using port 22. I changed it just before making my post on the off chance work was blocking port 22 traffic.


Top
   
 Post subject:
PostPosted: Mon Mar 07, 2011 3:46 pm 
Offline
Senior Member

Joined: Thu May 21, 2009 3:19 am
Posts: 336
Oh, well in that case, yes, I can connect from both work and my Linode.

From your work, are you able to even use telnet to connect?

telnet li242-73.members.linode.com 16661

See if that connects or gets blocked. If that's blocked, then it's something your work's firewall is doing.


Top
   
 Post subject:
PostPosted: Mon Mar 07, 2011 4:09 pm 
Offline
Senior Newbie

Joined: Mon Mar 07, 2011 11:36 am
Posts: 6
Will Putty's telnet mode suffice? Windows Vista disables Telnet and we lowly software engineers don't have administrative rights any more. :)

edit: Nevermind, I forgot msysgit includes telnet. No I cannot connect via telnet using the command above.

Clearly I am not a networking guru but I was always under the impression that when you block a port it is blocked for all IPs. And yet I have no problem SSH'ing via port 22 and 16661 to my other server. Additionally the IP of my linode server can be accessed via the web and from a simple ping so it seems the IP itself isn't blocked.


Top
   
 Post subject:
PostPosted: Mon Mar 07, 2011 4:23 pm 
Offline
Senior Member

Joined: Thu May 21, 2009 3:19 am
Posts: 336
Try setting the SSH port for this linode you're having problems with to 22 and see if you can connect from work.

If that's still a problem then I can only think that what ever firewall they are using is doing something when trying to connect to that particular address. Have you tried connecting using the IP address instead of the hostname? Are the other servers you can connect to from work hosted by Linode? Do you have them setup the same as this server?

Also, have you ruled out any iptables rules on your server?


Top
   
 Post subject:
PostPosted: Mon Mar 07, 2011 4:36 pm 
Offline
Senior Newbie

Joined: Mon Mar 07, 2011 11:36 am
Posts: 6
Quote:
Try setting the SSH port for this linode you're having problems with to 22 and see if you can connect from work.

No luck.

Quote:
Have you tried connecting using the IP address instead of the hostname?

Yes, I posted about it above in reference to someone asking if my domain name was actually resolving to 127.0.0.1. Using the actual IP doesn't work.

Quote:
Are the other servers you can connect to from work hosted by Linode? Do you have them setup the same as this server?

They aren't hosted on Linode but as far as the settings go things should be the same. I say "should" because my other server wasn't a full VPS. The base install was managed by the provider.

As far as the iptables go, I'm not sure. I haven't touched them since installing Ubuntu 10.10. I'm not familiar with using iptables so I'm sure I could have screwed something up but I had hoped that 'out of the box' things would just work.


Top
   
 Post subject:
PostPosted: Mon Mar 07, 2011 4:42 pm 
Offline
Senior Member

Joined: Thu May 21, 2009 3:19 am
Posts: 336
I think that "out of the box" they are working. I think that for what ever reason, your company's firewall is doing something to the traffic that possibly your Linode's ssh server doesn't like or something else.

That's just my idea and opinion at this point. There are some much smarter guys in these forums than myself.

Are you able to possibly boot off of a Linux boot CD and get connected to the internet that way? Maybe see if you can get some additional information trying to connect via ssh from a Linux client.


Top
   
 Post subject:
PostPosted: Mon Mar 07, 2011 6:22 pm 
Offline
Senior Member

Joined: Sun Mar 07, 2010 7:47 pm
Posts: 1970
Website: http://www.rwky.net
Location: Earth
If after setting the ssh logging to DEBUG a connection attempt doesn't log any new data then the connection isn't reaching the ssh daemon so I'd concur with everyone else sounds like your local firewall blocking it for some reason. Try switching to port 443 it's a rarely filtered port since it's used for https traffic (assuming your server isn't running a https website).

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue


Top
   
 Post subject:
PostPosted: Mon Mar 14, 2011 10:42 am 
Offline
Senior Newbie

Joined: Mon Mar 07, 2011 11:36 am
Posts: 6
Pardon the delay. I tried port 443 without any luck. Seems I'm SOL for now. Thanks for all the help.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group