View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions ssh selectively blocking
Log in to Ask a Question

ssh selectively blocking

networking

Currently I can SSH in to my server from several computers save for the one I use at work. I had thought it was an issue with our firewall but I'm curious:

My site itself isn't blocked and neither is the SSH port I am using. I also have no problems SSH'ing in to my other server(not @ linode) using the same port.

All I'm getting as a warning is: ssh connect to host : bad file number. Not knowing enough about how these protocols I am trying to figure out if this is a local issue or something related to the server.

13 Replies

It's probably a local issue, run ssh with -vvv flags and put the output here.

$ ssh -vvv li242-73.members.linode.com OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007 debug2: ssh_connect: needpriv 0 debug1: Connecting to li242-73.members.linode.com [127.0.0.1] port 22. debug1: connect to address 127.0.0.1 port 22: Connection refused ssh: connect to host li242-73.members.linode.com port 22: Bad file number

Work PC is a Windows client so I'm using msysgit's shell. I've tried grabbing the ssh log via Putty as well but Putty doesn't report anything, it just tells me connection refused and then it closes.

@jerdak:

debug1: Connecting to li242-73.members.linode.com [127.0.0.1] port 22.

Did you edit out your Linode's IP address, or does it actually say it's trying to connect to 127.0.0.1?

Darn windows, try setting logging to DEBUG in /etc/ssh/sshd_config then restart ssh and try connecting again and check /var/log/auth.log

Well I can't connect to your host via SSH from work or my linode:

> ssh -vvv li242-73.members.linode.com

OpenSSH_5.5p1 Debian-6, OpenSSL 0.9.8o 01 Jun 2010

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug2: ssh_connect: needpriv 0

debug1: Connecting to li242-73.members.linode.com [173.255.232.73] port 22.

debug1: connect to address 173.255.232.73 port 22: Connection refused

ssh: connect to host li242-73.members.linode.com port 22: Connection refused

Port 80 works, I can only guess you are either blocking port 22, don't have SSH setup correctly (or turned on) or you have iptables setup with some odd config and are trying to whitelist a set of IP addresses and have something wrong there.

> Did you edit out your Linode's IP address, or does it actually say it's trying to connect to 127.0.0.1?
Verbatim copy/paste from the console window. I noticed this earlier but I wasn't sure what the debug information was telling me. On the off chance this wasn't correct I used the raw IP:

$ ssh -vvv -p 16661 173.255.232.73
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug2: ssh_connect: needpriv 0
debug1: Connecting to 173.255.232.73 [173.255.232.73] port 16661.
debug1: connect to address 173.255.232.73 port 16661: The connection was aborted
ssh: connect to host 173.255.232.73 port 16661: Bad file number

> Darn windows, try setting logging to DEBUG in /etc/ssh/sshd_config then restart ssh and try connecting again and check /var/log/auth.log
Checked the log after doing this and nothing appeared.

> Well I can't connect to your host via SSH from work or my linode:
I'm sorry, that was my bad. I change the SSH port from 22 to 16661. The original post I made was for port 16661, I must have removed it when I was editing the string for post, it should have read:

ssh -vvv -p 16661 li242-73.members.linode.com

To be clear, I had the same errors using port 22. I changed it just before making my post on the off chance work was blocking port 22 traffic.

Oh, well in that case, yes, I can connect from both work and my Linode.

From your work, are you able to even use telnet to connect?

telnet li242-73.members.linode.com 16661

See if that connects or gets blocked. If that's blocked, then it's something your work's firewall is doing.

Will Putty's telnet mode suffice? Windows Vista disables Telnet and we lowly software engineers don't have administrative rights any more. :)

__edit: Nevermind, I forgot msysgit includes telnet. No I cannot connect via telnet using the command above.

Clearly I am not a networking guru but I was always under the impression that when you block a port it is blocked for all IPs. And yet I have no problem SSH'ing via port 22 and 16661 to my other server. Additionally the IP of my linode server can be accessed via the web and from a simple ping so it seems the IP itself isn't blocked.__

Try setting the SSH port for this linode you're having problems with to 22 and see if you can connect from work.

If that's still a problem then I can only think that what ever firewall they are using is doing something when trying to connect to that particular address. Have you tried connecting using the IP address instead of the hostname? Are the other servers you can connect to from work hosted by Linode? Do you have them setup the same as this server?

Also, have you ruled out any iptables rules on your server?

> Try setting the SSH port for this linode you're having problems with to 22 and see if you can connect from work.
No luck.

> Have you tried connecting using the IP address instead of the hostname?
Yes, I posted about it above in reference to someone asking if my domain name was actually resolving to 127.0.0.1. Using the actual IP doesn't work.

> Are the other servers you can connect to from work hosted by Linode? Do you have them setup the same as this server?
They aren't hosted on Linode but as far as the settings go things should be the same. I say "should" because my other server wasn't a full VPS. The base install was managed by the provider.

As far as the iptables go, I'm not sure. I haven't touched them since installing Ubuntu 10.10. I'm not familiar with using iptables so I'm sure I could have screwed something up but I had hoped that 'out of the box' things would just work.

I think that "out of the box" they are working. I think that for what ever reason, your company's firewall is doing something to the traffic that possibly your Linode's ssh server doesn't like or something else.

That's just my idea and opinion at this point. There are some much smarter guys in these forums than myself.

Are you able to possibly boot off of a Linux boot CD and get connected to the internet that way? Maybe see if you can get some additional information trying to connect via ssh from a Linux client.

If after setting the ssh logging to DEBUG a connection attempt doesn't log any new data then the connection isn't reaching the ssh daemon so I'd concur with everyone else sounds like your local firewall blocking it for some reason. Try switching to port 443 it's a rarely filtered port since it's used for https traffic (assuming your server isn't running a https website).

Pardon the delay. I tried port 443 without any luck. Seems I'm SOL for now. Thanks for all the help.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct