0

I set up a server to self host and cannot ssh into it, and I'm having trouble debugging the issue. This is the error I get when I run ssh with verbose logging:

OpenSSH_9.4p1, OpenSSL 3.1.2 1 Aug 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 2: include /etc/ssh/ssh_config.d/*.conf matched no files
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/insomnia/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/insomnia/.ssh/known_hosts2'
debug2: resolving "databunker.monster" port 22
debug3: resolve_host: lookup databunker.monster:22
debug3: ssh_connect_direct: entering
debug1: Connecting to databunker.monster [96.245.8.33] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: connect to address 96.245.8.33 port 22: Connection timed out
ssh: connect to host databunker.monster port 22: Connection timed out

I only get this issue when I try sshing into either the domain or the public IP. When I use the private IP on my local network, I can ssh into it without issue.

I have a Verizon CR1000B router and have set the following in my network settings:

  • Under Advanced > Security & Firewall > Port Forwarding I have original port=22, protocol=TCP, Fwd to port=22, and Schedule=Always
  • Under Advanced > Security & Firewall > Port Forwarding Rules I have Protocol=TCP, Source Ports=Any, Destination Ports=Single with 22 set as the port.

I don't have any iptables rules set on the server. Also worth mentioning is that I have only tried sshing into the server from computers that are connected to the internet through the same network.

Improve this question
0

1 Answer 1

Reset to default
1

This is likely a deficiency in your router (Try ssh'ing in from an external IP to verify). I posit that the port mapping is only active from packets traversing the WAN Interface. This is related (but not identical) to "hairpin NAT".

The problem is, of-course, at the TCP level - we know this because you are getting a Connection timed out message - so we know its something to do with the packet handling/forwarding/NAT.

Improve this answer
5
  • I'll try sshing when I'm away from home tomorrow and report my results.
    – Anthony Bias
    Commented Sep 7, 2023 at 2:12
  • I tried sshing into the server while connected to the WIFI network if my university 20 miles away and ran into the same error.
    – Anthony Bias
    Commented Sep 7, 2023 at 20:23
  • It might be a bug in your router (If your router is running buggy software and has an ssh server on port 22 it might be misbehaving). What happens if you try mapping another port [ eg 2222] externally to 22 on your SSH server, and then ssh with "-p 2222" to use the alternative port?
    – davidgo
    Commented Sep 7, 2023 at 20:51
  • Also, just to confirm - have you checked the PC running SSH is able to reach the Internet? While I would assume this is the case, if its not, that would be your issue.
    – davidgo
    Commented Sep 7, 2023 at 20:51
  • Something else that won't fix the problem, but might help - on the ssh box (run locally), try run "tcpdump -n port 22" - then telnet in and see the traffic flow - this could help you ascertain if ssh packets are seen entering and/or leaving the box.
    – davidgo
    Commented Sep 7, 2023 at 20:53

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .