Re: ssh times out trying to login to machine outside the LAN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 2006.3.18, at 06:24 PM, James Wilkinson wrote:

Joel Rees wrote:
I'm pretty sure the ssh configurations are all pretty much stock.
Just looked at the configuration files and didn't see anything that I
can recall changing.

I can ssh in and out on the local LAN.

My cohorts at a different company say they can log in and out. (The
box in question is at yet a third company.) They had the admin on the
box in question check the logs, and that admin suggested that my
company's firewall was to blame. (3rd information.)

So I brought my workstation home and set it running static local IP
here, and NAT redirected port 22 to the workstation. Still get
timeouts. But, as I say, I can ssh both in and out of the box on the
local LAN, challenge, password, etc.

I'm a bit confused about that last paragraph.

You, too? (Sorry.)

 You're trying to SSH
*from* a box at work *to* your workstation (which is temporarily at
home)? (You're not trying to connect to the computer at the third
company from home?)

It's the latter case, trying to connect to the third company's box from either home or work.

They have another test server set up, and I can't connect to that one from work, but I can connect from home.

Try pinging the server in question.

They've shut ping off on the box. (Since I don't talk directly with them, I can't really second guess them on that.)

Run
traceroute server.example.com
which will show you if your packets are actually making it to the
server in question.

Well, dns lookup finds them. traceroute loses it's way about the 14th hop. Web browser finds their apache test page. ssh does not complain about lack of resolution, it just hangs.

Try
telnet google.com 80
and see if you get a connection. (Won't work if you're forced to use a
proxy, won't help if there's a transparent proxy in the way).

Connects, and GET / HTTP/1.0 gets the apache test page. No proxies as far as I know, but then again if I were guessing I'd guess they've got the box I'm trying to connect to behind a NATting firewall.

(Sorry I'm being vague, but I really don't want to mess up their efforts at security, even if I would not do it that way. And, yes, I know that the very points I'm being vague about are the ones where things are probably going south for my attempts to connect. But I need to be able to tell my bosses so with confidence.)

It is quite possible, after all, that your company firewall is to blame.
If the admins have set it up on a "block everything and unblock when
needed" basis, this might be intentional.

That's what the second company (the one we work directly with) was suggesting, I believe. And, yes, it is intentional. The third company is limiting ssh by IP. They were supposed to have opened the firewall for the second company's contractors (including my company), but that doesn't seem to be working. The second company's people are (if I understand it) able to connect.

Oh, I get the same results from my Mac boxes at home, so now I'm pretty sure the problem is not with the FC settings.

Thanks.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux