<html><body bgcolor="#FFFFFF"><div><br></div><div><br>On Mar 10, 2011, at 7:34, "Hal I. Tosis" <<a href="mailto:dmesg@frontier.com">dmesg@frontier.com</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div><span>Have you tried port scanning your public IP address to see if the port is truly open?</span><font class="Apple-style-span" color="#000000"><font class="Apple-style-span" color="#0023A3"><br></font></font></div></blockquote><div><br></div>One thing that comes to mind (someone else may have mentioned this) is that RR might be blocking inbound traffic to high ports on a residential link/account for security purposes. It doesn't mean there aren't any, but I can't think offhand of any well-known services running on ports > 9999 and I don't have an /etc/services handy.<div><br></div><div>If you haven't, I would try putting everything back to port 22 first and see if that works. Start with the simplest case/setup - usually the defaults - find success and incrementally build complexity until you reach your desired & working configuration.<br><div><br></div><div>-rj</div><br><blockquote type="cite"><div><span>Hal</span><br><span></span><br><span></span><br><span></span><br><span>On Thu, Mar 10, 2011 at 06:30:05AM -0500, Steve VanSlyck wrote:</span><br><blockquote type="cite"><span>I changed the port number from 22 to something else. I'm simply using</span><br></blockquote><blockquote type="cite"><span>31210 as an example. I did restart ssh. The command was service sshd</span><br></blockquote><blockquote type="cite"><span>restart. (The OS is CentOS 5.5.)</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>The changed port number was used in the client. I tested both from</span><br></blockquote><blockquote type="cite"><span>across town (with the updated port number) and from somewhere else on</span><br></blockquote><blockquote type="cite"><span>the planet, via an IRC friend.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>An incorrect port number was the first thing I assumed, so I changed it</span><br></blockquote><blockquote type="cite"><span>back (in ssh_config, sshd_config, on the router, and got the same</span><br></blockquote><blockquote type="cite"><span>result. My initial thinking is to take the router out of the mix since</span><br></blockquote><blockquote type="cite"><span>it's working inside 192.168.X.X but not from outside.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>On Wed, 2011-03-09 at 20:17 -0600, Richard Hornsby wrote:</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>On Mar 9, 2011, at 19:51 , Steve VanSlyck wrote:</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Well, I can ssh from the same box, and ssh from a box on the same</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>network, but cannot ssh from across town. The session times out</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Port forwarding is set up on the router (Linksys). Using fake port</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>numbers,</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>"fake port numbers"? port numbers matter, and unlike IP addresses, don't personally identify your machine. 22 is the normal port for SSH, it is listed in /etc/services, and is considered "well-known" for SSH. Are the port numbers in your email fake?</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>If you wish to change the port, that is your prerogative. There are a couple of things I can think of off hand:</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>1. After changing sshd_config, make sure you restart sshd. IIRC (it has been a while) on RH variants it is something like</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>/etc/init.d/rc.d/sshd restart</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>(oh how I miss the days of sending a process a simple HUP to make it re-read the config.)</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>2. You have to specify a non-standard port in your ssh client. It might be that you're able to log in locally because your client assumes 22, and you haven't restarted sshd yet. When you try to get in externally, the port forwarding isn't configured for 22 - it is set up for 31210 - but again, sshd isn't listening on 31210.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>These might be obvious, and they're related.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>If for some reason you want ssh to be on a non-standard port on the external facing side, you can always tell your router to port forward external:31210 to internal:22</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>I, however, wouldn't go changing it from 22 in the first place. Just makes things harder on myself and doesn't add any meaningful measure of security.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>-rj</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>I have sshd_config set to port 31210, ssh_config set to the same thing,</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>and the applications and gaming page on the router forwards port 31210</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>(same number for both start and end of the range) to IP 192.168.1.102,</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>which ifconfig reports as being the box's internal IP address:</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>[steve@localhost ~]$ ifconfig</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>eth0 Link encap:Ethernet HWaddr 00:11:85:65:41:38 </span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> inet addr:192.168.1.102 Bcast:192.168.1.255</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Mask:255.255.255.0</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> inet6 addr: fe80::211:85ff:fe65:4138/64 Scope:Link</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> RX packets:7360 errors:0 dropped:0 overruns:0 frame:0</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> TX packets:9076 errors:0 dropped:0 overruns:0 carrier:0</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> collisions:0 txqueuelen:1000 </span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> RX bytes:6045785 (5.7 MiB) TX bytes:1255649 (1.1 MiB)</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> Interrupt:177 Memory:f0300000-f0310000 </span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>lo Link encap:Local Loopback </span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> inet addr:127.0.0.1 Mask:255.0.0.0</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> inet6 addr: ::1/128 Scope:Host</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> UP LOOPBACK RUNNING MTU:16436 Metric:1</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> RX packets:1431 errors:0 dropped:0 overruns:0 frame:0</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> TX packets:1431 errors:0 dropped:0 overruns:0 carrier:0</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> collisions:0 txqueuelen:0 </span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> RX bytes:2303832 (2.1 MiB) TX bytes:2303832 (2.1 MiB)</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>[steve@localhost ~]$</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Ideas or thoughts?</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>_______________________________________________</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>colug-432 mailing list</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span><a href="mailto:colug-432@colug.net">colug-432@colug.net</a></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span><a href="http://lists.colug.net/mailman/listinfo/colug-432">http://lists.colug.net/mailman/listinfo/colug-432</a></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>_______________________________________________</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>colug-432 mailing list</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span><a href="mailto:colug-432@colug.net">colug-432@colug.net</a></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span><a href="http://lists.colug.net/mailman/listinfo/colug-432">http://lists.colug.net/mailman/listinfo/colug-432</a></span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>_______________________________________________</span><br></blockquote><blockquote type="cite"><span>colug-432 mailing list</span><br></blockquote><blockquote type="cite"><span><a href="mailto:colug-432@colug.net">colug-432@colug.net</a></span><br></blockquote><blockquote type="cite"><span><a href="http://lists.colug.net/mailman/listinfo/colug-432">http://lists.colug.net/mailman/listinfo/colug-432</a></span><br></blockquote><span>_______________________________________________</span><br><span>colug-432 mailing list</span><br><span><a href="mailto:colug-432@colug.net">colug-432@colug.net</a></span><br><span><a href="http://lists.colug.net/mailman/listinfo/colug-432">http://lists.colug.net/mailman/listinfo/colug-432</a></span><br></div></blockquote></div></body></html>