0

Having trouble SSH'ing to an internal server that is outside of an enterprise level firewall. I have a fresh install of Fedora 17. Here is the command I'm running:

ssh root@<example-domain.my-company-server.net>

Unfortunately, I get this error response:

ssh: connect to host <example-domain.my-company-server.net> port 22: Connection timed out

I've turned off my local firewall, browsers are connecting to the web fine, and Socks5 proxy is correctly configured. I've hit a brick wall at this point and don't know how to proceed. I can't SSH to the server ... Is it my fault, or could it be a problem beyond my immediate control (like the corporate firewall, or the server configuration)??

New to SSH and would appreciate any help! Thanks and Cheers.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
Eric Hepperle - CodeSlayer2010
  • 135
  • 1
  • 1
  • 8
  • 1
    Check `sudo iptables -L` and make sure there are no filters at all. – David Schwartz Jan 30 '13 at 00:48
  • Is the Fedora 17 the client computer you are using to connect to the remote ssh server? Please clarify. – Daniel t. Jan 30 '13 at 01:01
  • Outside a firewall as in not behind the firewall therefore not blocked? The first thing you need to check is that you have SSHD running and listening to port 22. – Bart Silverstrim Jan 30 '13 at 03:11
  • Maybe something along the lines of sudo yum install openssh-server ? – Bart Silverstrim Jan 30 '13 at 03:14
  • @DavidSchwartz: Hi David. Below is the result of that command. I'm not sure what you mean by filters, because I've been a linux user for 3 years, but I'm sort of newbie when it comes to linux administration. Don't be afraid of offending me with too much information. ;) Thanks for your help! :) `Chain INPUT (policy ACCEPT)` `target prot opt source destination` `Chain FORWARD (policy ACCEPT)` `target prot opt source destination` `Chain OUTPUT (policy ACCEPT)` `target prot opt source destination` – Eric Hepperle - CodeSlayer2010 Jan 30 '13 at 15:45
  • @Danielt.: Yes the Fedora 17 client is the one that is trying to SSH to the server. Here's a bit more clarification: My supervisor doesn't have time to pursue this so he has tasked me with it. My client is part of a corporate intranet. He has told me there is a corp. firewall and that I have no access to change it. He wants me to "tunnel" (unfamiliar term) through the firewall by configuring **OpenSSH** on my client to get to the public corp. production server out in the cloud. Hope that helps explain things a bit more. :) – Eric Hepperle - CodeSlayer2010 Jan 30 '13 at 15:50
  • @BartSilverstrim: Thanks for the suggestion. I ran `/sbin/service sshd status` and the response contained **"active (running)"**. Further research let to me editing **/etc/ssh/sshd_config**. I found "**# Port 22**" within, uncommented, saved, rebooted -- no go. Still can't ssh. I don't get any error ... cursor just blinks for about 30 seconds, then stays fixed solid ad infinitum. Appreciate your pointing me in that direction ... other ideas?? – Eric Hepperle - CodeSlayer2010 Jan 30 '13 at 16:14
  • @BartSilverstrim: Almost forgot: This was weird. When I rebooted after editing the config file, I got this error message before the logon screen: **Could not create ICE listening sockets: Cannot establish any listening sockets.** ... Another piece of the puzzle? – Eric Hepperle - CodeSlayer2010 Jan 30 '13 at 16:34
  • The firewall settings? http://alensiljak.blogspot.com/2012/08/enabling-ssh-server-on-fedora-17.html – Bart Silverstrim Jan 30 '13 at 16:37
  • @BartSilverstrim: Thanks for the link! I didn't get any errors with the 1st two commands, so I'm assuming it either worked or had no effect (proved by **sshd status**) since I verified it was sshd was running. Regarding the third command, my **local firewall is completely disabled**. Thanks again for your help. – Eric Hepperle - CodeSlayer2010 Jan 30 '13 at 19:28
  • This question is off-topic under current topicality rules. – HopelessN00b Jan 21 '15 at 21:37

2 Answers2

0

Yes, it may be your corporate firewall blocking the port to SSH.

You have to try and access the machine from a place outside the firewall perimeter.

fboaventura
  • 1,135
  • 11
  • 16
  • Thanks for the response. I feel like if I was reading my post as someone else, I might think "This guy is trying to hack the corporate intranet and/or do something illegal. That is not the case. My company actually owns the server that I am trying to ssh to, it's just that neither me, nor my supervisor know why the SSH connection keeps hanging, aside from a **vague guess that it is _proabably_ the corporate firewall**. I'm getting real frustrated because I've got to show some results soon, but haven't been able to do any development because I can't access the dev server. lol. :) – Eric Hepperle - CodeSlayer2010 Jan 30 '13 at 16:21
  • I want to add that I have a request into LINUX IT support onsite here to test and see if they are able to SSH to the server in question. However, as yet there has been no response from them. Aslo, in response to your suggestion, that's not a viable solution because **_the project requires that I be able to develop on the server from within the corp. intranet_**. Thanks. – Eric Hepperle - CodeSlayer2010 Jan 30 '13 at 16:23
  • Since you don't seem to have access to the corporate firewall, it will be virtually impossible to troubleshoot this problem without help of your firewall staff. Everything points toward a firewall blocking. – fboaventura Jan 30 '13 at 20:41
  • You are correct. It turns out (IT just replied back) there is a new security policy regarding SSH which requires tunneling, that neither I nor my manager were aware of. :P [I'm marking your answer as correct because you're the only one who posted one. Though, if @BartSilverstrim had a votable answer I would have selected him because I feel his answers were most helpful] **THANKS TO YOU & EVERYONE WHO HELPED ON THIS ISSUE!** – Eric Hepperle - CodeSlayer2010 Jan 30 '13 at 22:19
0

I know it's been awhile but I felt I needed to revisit this post to clarify something. It seems now that time has passed and I've learned a little more, that the real problem was my lack of understanding of ssh tunneling. Here are some things that I learned, which may help other newbie LAMP programmers and Network Admins who don't already know this stuff:

1) Port Forwarding and SSH Tunneling ARE THE SAME THING.

2) Basic tunneling from the command line takes this format:

ssh -l<username> -p<ftp_port> <localhost_alias>

Thanks again to everyone who contributed to furthering my understanding on these things. As a community, we help each other grow.

Cheers.

Eric Hepperle - CodeSlayer2010
  • 135
  • 1
  • 1
  • 8