Centos 4.6 -- SSH is not accessible outside the LAN

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
jkoebel
Posts: 3
Joined: 2009/01/09 00:00:36

Centos 4.6 -- SSH is not accessible outside the LAN

Postby jkoebel » 2009/01/09 00:05:05

Hey everyone. I've never really tried to do much with Linux before, I'm primarily a Windows admin, but my new job has me administering a stack of Windows servers, and a single Linux server running the most important service out of them all, some custom casino-management software.

The vendor needs to be able to get in via SSH to copy databases back and forth and such. But, SSH is not accessible outside our LAN segment, where it works perfectly.

I've performed the following troubleshooting steps, which comprise approximately 100% of the knowledge I have of Linux network troubleshooting:

1-sshd is running (service sshd status) and restarted it.
2-verified the service is running on the right port (22)
3-verified that the port forwarding at the router was correct
4-verified there's nothing in /etc/hosts.deny
5-verified that the server is listening on the correct address (the ListenAddress line is commented out as # ListenAddress 0.0.0.0, I assume that means it's listening on the default of all addresses)
6-verified that ssh works perfectly over the LAN
7-verified there are no entries in iptables -L
8-cloned the server's port on the managed switch and watched the "SYN" from the attempted SSH connection pass from the router to the server, and watched the server not even bother sending an ACK.

I'm not entirely sure which of the ~4 sshx_configy files it's supposed to be looking at, so I made sure every one of them didn't have anything about listenaddress or port. there's ssh_config, sshd_config, sshd_config~ and sshd_config.org all in the same folder.

Any suggestions?

Stuff is clearly getting into my LAN segment from the outside world (seen in #8), but it's just stopping dead at this server.

User avatar
toracat
Forum Moderator
Posts: 7230
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Centos 4.6 -- SSH is not accessible outside the LAN

Postby toracat » 2009/01/09 00:31:44

Do you see anything in the server logs that may give you hints? For example /var/log/secure, /var/log/audit/ ...

jkoebel
Posts: 3
Joined: 2009/01/09 00:00:36

Re: Centos 4.6 -- SSH is not accessible outside the LAN

Postby jkoebel » 2009/01/09 00:41:00

Thanks for that! I learned where the logs are, now.

Nothing really. When I do service sshd restart while connected via ssh. it doesn't drop the connection and it tells me in /var/log/secure it had an error binding to 0.0.0.0 port 22 because it's already in use -- but it's in use by sshd, like it should be, and other clients are successfully authenticating over the LAN (all the slot machines use SSH on the back end).

Nothing in audit at all.

jkoebel
Posts: 3
Joined: 2009/01/09 00:00:36

Re: Centos 4.6 -- SSH is not accessible outside the LAN

Postby jkoebel » 2009/01/09 00:52:43

The server can't seem to PING anything off the local network either. Hmm. It fails.

I think I have narrowed it down more, but not sure where to go even less now.

User avatar
toracat
Forum Moderator
Posts: 7230
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Re: Centos 4.6 -- SSH is not accessible outside the LAN

Postby toracat » 2009/01/09 01:47:37

jkoebel wrote:
it tells me in /var/log/secure it had an error binding to 0.0.0.0 port 22 because it's already in use

This is related to the fact that both ipv4 and ipv6 are enabled. It is harmless but if you want to get rid of it and you don't need ipv6, just disable ipv6.

If you are seeing no sign of ssh connection attempt in the logs, chances are packets are not reaching the server at all. Maybe you need to double-check port forwarding at the router to see if it is set up correctly? Or something else is blocking at the level of the router?

fast928
Posts: 1
Joined: 2010/07/03 17:52:56

Re: Centos 4.6 -- SSH is not accessible outside the LAN

Postby fast928 » 2010/07/03 17:59:53

I know this is a bit old. I'm having the same problem as you described here. Firewall is off and does not matter
what service I'm attempting to access. Web ssh or simply pinging. Internally I can do them all but outside our
network I cannot. As you described I cannot ping any outside ip's from the machine, only internal lan ip's.
I'm running 5 linux machines and have never seen this before.

Did you ever resolve this problem?

Thanks