[SOLVED] SSH always times out when connecting from outside

Caio · 2010-03-08 23:11:16

I'm trying to set up SSH so that I can connect to my PC from college. Problem is, whenever I try to connect to it from somewhere else, it just times out. From inside the LAN it works fine. This is what netstat -na outputs when the daemon is running:

[caio@pts4 ~][0]$ netstat -na | grep 5900
tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      
tcp        0      0 192.168.1.100:57790     <my IP address>:5900    TIME_WAIT

(I've changed the ssh port to 5900.)

I looked around all day and couldn't solve it. Any ideas?

Last edited by Caio (2010-03-15 21:01:30)

Peasantoid · 2010-03-08 23:13:27

If dorm traffic is being sent through a NATing router (likely), it won't work because the router won't know who to send incoming traffic to.

Caio · 2010-03-08 23:16:55

Sorry, I didn't explain it right - what I want is to connect to my home computer when I'm in college. I'm at home right now. I am using a router, but I've forwarded this port, and it seems to be working fine (canyouseeme.org says it's ok).

For the record, the router is a Linksys WRT54G v8 and the modem is a Gigaset 201A.

Last edited by Caio (2010-03-08 23:30:54)

Daenyth · 2010-03-09 00:16:07

Make sure you have the keep alive setting on. Does it drop you when you're idle? Or does it do it in the middle of traffic?

Caio · 2010-03-09 01:40:37

It doesn't even connect. I run ssh user@IP -p 5900 and it just hangs for a while then says it timed out.

Daenyth · 2010-03-09 02:53:20

Try running with -vvv to see what's going on

fukawi2 · 2010-03-09 03:00:54

Are you running iptables? What is the config if so?
What is your /etc/hosts.allow?
Does your college even allow port 5900 outbound?
Can you connect from other external places (not your college)?

Last edited by fukawi2 (2010-03-09 03:01:47)

Caio · 2010-03-09 09:20:39

$ ssh guest@<my IP> -p 5900 -vvv
OpenSSH_4.3p2 Debian-9etch3, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to <my IP> [<my IP>] port 5900.
debug1: connect to address <my IP> port 5900: Connection timed out
ssh: connect to host <my IP> port 5900: Connection timed out

Not running iptables. I tried using other ports and had a friend try to connect, but he couldn't either (same problem).

hosts.allow is just

#
# /etc/hosts.allow
#

sshd: ALL

# End of file

crankyadmin · 2010-03-09 09:41:25

what do you get if you connect from the machine that the ssh server is running via the loopback address?

ssh -vvv username@127.0.0.1 -p 5900

Last edited by crankyadmin (2010-03-09 09:41:48)

Caio · 2010-03-09 10:02:07

It works fine:

[caio@pts0 ~][0]$ ssh -vvv guest@127.0.0.1 -p 5900
OpenSSH_5.3p1, OpenSSL 0.9.8m 25 Feb 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug3: cipher ok: arcfour [arcfour,blowfish-cbc]
debug3: cipher ok: blowfish-cbc [arcfour,blowfish-cbc]
debug3: ciphers ok: [arcfour,blowfish-cbc]
debug2: ssh_connect: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 5900.
debug1: Connection established.
debug1: identity file /home/caio/.ssh/id_rsa type -1
debug1: identity file /home/caio/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 520 bytes for a total of 541
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: arcfour,blowfish-cbc
debug2: kex_parse_kexinit: arcfour,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: zlib@openssh.com,zlib,none
debug2: kex_parse_kexinit: zlib@openssh.com,zlib,none
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client arcfour hmac-md5 zlib@openssh.com
debug2: mac_setup: found hmac-md5
debug1: kex: client->server arcfour hmac-md5 zlib@openssh.com
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 565
debug2: dh_gen_key: priv key bits set: 121/256
debug2: bits set: 489/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 709
debug3: put_host_port: [127.0.0.1]:5900
debug3: put_host_port: [127.0.0.1]:5900
debug3: check_host_in_hostfile: filename /home/caio/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug1: checking without port identifier
debug3: check_host_in_hostfile: filename /home/caio/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/caio/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host [127.0.0.1]:5900
debug3: check_host_in_hostfile: filename /home/caio/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/caio/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host [127.0.0.1]:5900
The authenticity of host '[127.0.0.1]:5900 ([127.0.0.1]:5900)' can't be established.
RSA key fingerprint is c7:2a:48:3b:56:28:94:72:76:0a:29:db:4a:62:9f:90.
Are you sure you want to continue connecting (yes/no)

crankyadmin · 2010-03-09 10:04:53

Try,

sshd : ALL : ALLOW

in your hosts.allow

fukawi2 · 2010-03-09 10:12:22

Install tcpdump and run this while your friend tries to connect:

tcpdump -lnn -i eth0 port 5900

(Assuming your network card is eth0)

This will show if the packets are reaching your computer (therefore the problem is your computer) or if they're not (problem is modem/isp etc)

Last edited by fukawi2 (2010-03-09 10:13:09)

zeitgeist.at · 2010-03-09 18:12:05

i'm having the same problem.. i've forwarded port 22 and i can connect from the local network, but everything coming from outside is timing out

edit: solved, was trying to connect from the same network with the external ip which apparently doesn't work that way

Last edited by zeitgeist.at (2010-03-09 21:17:50)

Caio · 2010-03-09 22:03:31

Tried using crankyadmin's modified line and tcpdump. tcpdump didn't output anything while my friend tried to connect, so I guess that means the problem is my modem or ISP? I'm guessing the modem (or router?), since I've heard of people with the same ISP who can use ssh just fine.

brenix · 2010-03-09 23:04:50

This definitely sounds like it might be an issue with your ISP blocking incoming traffic to that port since its commonly used for VNC.. I would try changing the SSH port/Forwarding to 22 first and see if your friend connect. If it still doesn't work.. try a high non well-known port like 12000 and see what happens. Also double check your IP address and the port forwarding one more time to ensure you got the right IP if its set through DHCP...

Caio · 2010-03-10 00:15:29

Just tried both 22 and 12000, still no good. Port forwarding looks fine to me.

(damn!)

brenix · 2010-03-10 00:37:42

brenix wrote:

This definitely sounds like it might be an issue with your ISP blocking incoming traffic

Oops... Didn't see the fact you checked canyouseeme.org..

Have you checked the configuration on the Gigaset modem?? I noticed it seems to have a built in/integrated SPI-based firewall..

Caio · 2010-03-12 17:08:40

Just checked. The firewall is off. Is there something else in the modem that could be causing this?

fukawi2 · 2010-03-13 02:01:49

Caio wrote:

Just checked. The firewall is off. Is there something else in the modem that could be causing this?

I think you should have the server *on* since it is probably what is going the NAT from the outside to the inside....

mcsilva · 2010-03-13 17:04:47

In your college, all desktops have direct connection to internet, or do they use a proxy?

Darakian · 2010-03-15 11:09:01

I had this same issue the other day. On a fresh install Archlinux has SSH noted in the hosts.deny file. Just remove the line in there to enable ssh from all.

Caio · 2010-03-15 21:01:18

It works! I think it was fukawi2's tip. Thank you all so much, you've been very helpful.

Arch Linux

#1 2010-03-08 23:11:16

[SOLVED] SSH always times out when connecting from outside

#2 2010-03-08 23:13:27

Re: [SOLVED] SSH always times out when connecting from outside

#3 2010-03-08 23:16:55

Re: [SOLVED] SSH always times out when connecting from outside

#4 2010-03-09 00:16:07

Re: [SOLVED] SSH always times out when connecting from outside

#5 2010-03-09 01:40:37

Re: [SOLVED] SSH always times out when connecting from outside

#6 2010-03-09 02:53:20

Re: [SOLVED] SSH always times out when connecting from outside

#7 2010-03-09 03:00:54

Re: [SOLVED] SSH always times out when connecting from outside

#8 2010-03-09 09:20:39

Re: [SOLVED] SSH always times out when connecting from outside

#9 2010-03-09 09:41:25

Re: [SOLVED] SSH always times out when connecting from outside

#10 2010-03-09 10:02:07

Re: [SOLVED] SSH always times out when connecting from outside

#11 2010-03-09 10:04:53

Re: [SOLVED] SSH always times out when connecting from outside

#12 2010-03-09 10:12:22

Re: [SOLVED] SSH always times out when connecting from outside

#13 2010-03-09 18:12:05

Re: [SOLVED] SSH always times out when connecting from outside

#14 2010-03-09 22:03:31

Re: [SOLVED] SSH always times out when connecting from outside

#15 2010-03-09 23:04:50

Re: [SOLVED] SSH always times out when connecting from outside

#16 2010-03-10 00:15:29

Re: [SOLVED] SSH always times out when connecting from outside

#17 2010-03-10 00:37:42

Re: [SOLVED] SSH always times out when connecting from outside

#18 2010-03-12 17:08:40

Re: [SOLVED] SSH always times out when connecting from outside

#19 2010-03-13 02:01:49

Re: [SOLVED] SSH always times out when connecting from outside

#20 2010-03-13 17:04:47

Re: [SOLVED] SSH always times out when connecting from outside

#21 2010-03-15 11:09:01

Re: [SOLVED] SSH always times out when connecting from outside

#22 2010-03-15 21:01:18

Re: [SOLVED] SSH always times out when connecting from outside

Board footer