I can ping a server, but I can not ssh to it
15,631
The fact you can ping means that the ICMP protocol is open and you can send and receive ICMP requests.
But the nmap command on port 33333 reports that this port is filtered, which means that there's something in the middle of the connection blocking it (most probably a firewall, either your provider's or your local machine's)
Related videos on Youtube
06 : 51
Part 2: Ansible Configuration Host and SSH
07 : 45
How to Fix the SSH “Connection Refused” Error
12 : 59
How to Enable SSH on a Raspberry Pi (and connect via IP)
58 : 21
How to troubleshoot SSH Issues in real time
02 : 33
I can ping a server, but I can not ssh to it
Author by
DanMetro
Updated on September 18, 2022Comments
-
DanMetro over 1 year
I can ping my server:
» ping -c 1 42.24.53.224 PING 42.24.53.224 (42.24.53.224) 56(84) bytes of data. 64 bytes from 42.24.53.224: icmp_seq=1 ttl=62 time=1.10 ms --- 42.24.53.224 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.103/1.103/1.103/0.000 msI can trace the route:
» traceroute 42.24.53.224 traceroute to 42.24.53.224 (42.24.53.224), 30 hops max, 60 byte packets 1 42.243.198.253 (42.243.198.253) 0.702 ms 0.751 ms 0.856 ms 2 42.16.36.44 (42.16.36.44) 0.757 ms 1.123 ms 1.500 ms 3 42.24.53.224 (42.24.53.224) 8.775 ms 8.725 ms 8.725 msI run a ssh in my server in a different port (to exclude firewall issues):
sudo /usr/sbin/sshd -ddd -p 33333And I try to connect to it, but this hangs forever:
» ssh -p 33333 42.24.53.224What other debugging could I perform?
EDIT
» nmap 42.24.53.224 -p 33333 Starting Nmap 7.01 ( https://nmap.org ) at 2018-03-23 10:36 CET Nmap scan report for 42.24.53.224 Host is up (0.0026s latency). PORT STATE SERVICE 33333/tcp filtered unknown Nmap done: 1 IP address (1 host up) scanned in 5.76 seconds-
nKn about 6 yearsWhat's the output of
nmap 42.24.53.224 -p 33333? -
Kamil Maciorowski about 6 yearsWhat do you mean by "to exclude firewall issues"? Usually firewalls block incoming connections by default, admins allow some ports only (you may think of it as of exceptions from the default rule). Technically there's no difference (other than numbers) between TCP ports
33333and22as far as firewall is concerned. You just tell your firewall to accept connections to one port or the other. So did you do this? Note it's the same if you connect to unused port, e.g.33334. My first guess is: the firewall silently drops packets; it may be its default behavior. -
DanMetro about 6 years@KamilMaciorowski I meant, in case the firewall is selectively dropping connections to 22. But maybe you are right and it is dropping connections to all ports (except 80, which seems to work)
-
DanMetro about 6 years@nKn added to my question
-
nKn about 6 yearsWell, there you go,
ICMPis open and that's why you can ping the server, but port33333is filtered, which means that there's something in the middle of the connection blocking it (most probably a firewall, either your provider's or your local machine's) -
DanMetro about 6 years@nKn right, could accept that as answer
-
