I can ping a server, but I can not ssh to it
15,631
The fact you can ping means that the ICMP
protocol is open and you can send and receive ICMP
requests.
But the nmap
command on port 33333
reports that this port is filtered, which means that there's something in the middle of the connection blocking it (most probably a firewall, either your provider's or your local machine's)
Related videos on Youtube
Author by
DanMetro
Updated on September 18, 2022Comments
-
DanMetro over 1 year
I can ping my server:
» ping -c 1 42.24.53.224 PING 42.24.53.224 (42.24.53.224) 56(84) bytes of data. 64 bytes from 42.24.53.224: icmp_seq=1 ttl=62 time=1.10 ms --- 42.24.53.224 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.103/1.103/1.103/0.000 ms
I can trace the route:
» traceroute 42.24.53.224 traceroute to 42.24.53.224 (42.24.53.224), 30 hops max, 60 byte packets 1 42.243.198.253 (42.243.198.253) 0.702 ms 0.751 ms 0.856 ms 2 42.16.36.44 (42.16.36.44) 0.757 ms 1.123 ms 1.500 ms 3 42.24.53.224 (42.24.53.224) 8.775 ms 8.725 ms 8.725 ms
I run a ssh in my server in a different port (to exclude firewall issues):
sudo /usr/sbin/sshd -ddd -p 33333
And I try to connect to it, but this hangs forever:
» ssh -p 33333 42.24.53.224
What other debugging could I perform?
EDIT
» nmap 42.24.53.224 -p 33333 Starting Nmap 7.01 ( https://nmap.org ) at 2018-03-23 10:36 CET Nmap scan report for 42.24.53.224 Host is up (0.0026s latency). PORT STATE SERVICE 33333/tcp filtered unknown Nmap done: 1 IP address (1 host up) scanned in 5.76 seconds
-
nKn about 6 yearsWhat's the output of
nmap 42.24.53.224 -p 33333
? -
Kamil Maciorowski about 6 yearsWhat do you mean by "to exclude firewall issues"? Usually firewalls block incoming connections by default, admins allow some ports only (you may think of it as of exceptions from the default rule). Technically there's no difference (other than numbers) between TCP ports
33333
and22
as far as firewall is concerned. You just tell your firewall to accept connections to one port or the other. So did you do this? Note it's the same if you connect to unused port, e.g.33334
. My first guess is: the firewall silently drops packets; it may be its default behavior. -
DanMetro about 6 years@KamilMaciorowski I meant, in case the firewall is selectively dropping connections to 22. But maybe you are right and it is dropping connections to all ports (except 80, which seems to work)
-
DanMetro about 6 years@nKn added to my question
-
nKn about 6 yearsWell, there you go,
ICMP
is open and that's why you can ping the server, but port33333
is filtered, which means that there's something in the middle of the connection blocking it (most probably a firewall, either your provider's or your local machine's) -
DanMetro about 6 years@nKn right, could accept that as answer
-