[TriLUG] SSH denying access from specific IP

Aaron S. Joyner aaron at joyner.ws
Tue Jul 13 21:21:41 EDT 2004


Chris Bullock wrote:

>I have a problem accessing specific server.  I have couple hosts on my
>network running ssh on various ports.  If I try to ssh into my favorite
>host it times out, however if I try another host on the network it works
>fine.  On a secoond note, if I try to access my network from a different
>IP I have no problems accessing any host om my network.
>
>I have cleaned out my ssh_known files and there are no firewalls running
>on the host in question.
>
>[cgb at arby cgb]$ ssh $host -p 66666 -v
>OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090703f
>debug1: Reading configuration data /etc/ssh/ssh_config
>debug1: Applying options for *
>debug1: Rhosts Authentication disabled, originating port will not be
>trusted.
>debug1: Connecting to $host [IP address] port 66666.
>debug1: connect to address 65.40.234.60 port 66666: Connection timed out
>ssh: connect to host $host port 66666: Connection timed out
>[cgb at arby cgb]$
>
>No I am not trying to use port 66666.  Does anyone think maybe my ISP is
>blocking certain outgoing port numbers?
>
>--chris
>
>=====
>Chris Bullock
>http://saltwaterfreak.kicks-ass.net:81
>
>
>		
>__________________________________
>Do you Yahoo!?
>Yahoo! Mail - You care about security. So do we.
>http://promotions.yahoo.com/new_mail
>  
>
Check for reverse DNS resolution.  That will cause ssh to "appear" to 
time out.  It usually will connect after the DNS times out, something 
like 120 seconds (2 mins) usually.  This is a quick way to check it out:
host 1.2.3.4  # (use your IP address)
This should return something like this:
1.198.42.209.in-addr.arpa domain name pointer bobjr.joyner.ws.

It's entirely possible that the reason one hosts works but the other 
doesn't is something like a hosts file entry, different DNS servers, a 
lack of DNS servers on the one machine, etc.  If you can't track down 
specifically why the DNS doesn't work, post back to the list with what 
works and doesn't and perhaps we can track it down.  :)

Aaron S. Joyner



More information about the TriLUG mailing list