PuTTy connection is not possible!!

[turbo67]

I cannot access to linux server remotely from my PC. I found that the port is open by using "firewall-cmd --list-port" command, but I cannot reach the server from my PC. I tried to use tcping.exe but it said no response.
I can reach another linux server which is on the same network as the server by using PuTTy, and the connection between the two servers is possible using ssh command with the port opened.
I do not know the reason why I cannot access to the server from my PC.

[TrevorH]

Running firewall-cmd --list-port does not tell you that the port is open. It tells you there is a hole in your firewall that lets connections through but doens't tell you if there's an application actually *listening* on that port. Use e.g. ss -antup | grep ssh to see the actual ports that are being used by your ssh daemon. You'll also want to checks that you have routing set up correctly.

[turbo67]

Running firewall-cmd --list-port does not tell you that the port is open. It tells you there is a hole in your firewall that lets connections through but doens't tell you if there's an application actually *listening* on that port. Use e.g. ss -antup | grep ssh to see the actual ports that are being used by your ssh daemon. You'll also want to checks that you have routing set up correctly.

Thank you so much. "ss -antup | grep ssh" shows as followings.
tcp LISTEN 0 128 *:8012 *:* users:(("sshd",pid=1517,fd=3))
tcp LISTEN 0 128 *:22 *:* users:(("sshd",pid=1517,fd=5))
tcp LISTEN 0 128 :::8012 :::* users:(("sshd",pid=1517,fd=4))
tcp LISTEN 0 128 :::22 :::* users:(("sshd",pid=1517,fd=6))

It seems that the port 8012 is open. What do I check next?
Thank you in advance!!

[jlehtone]

It seems that the port 8012 is open.

It shows that sshd does listen ports 22/tcp and 8012/tcp. The 22 is the default port, the 8012 you must have added to the config.

Selinux can prevent a process from using a port. I presume 8012 has been allowed for sshd explicitly.

For me the plain "firewall-cmd --list-port" shows nothing, yet the port 22 is open.
A default setting on (the default) zone "public" of firewalld is to have "service" ssh.
Firewall service ssh opens port 22/tcp. The service can be modified.

Another way to check what you have is to say:

Code: Select all

iptables -S

You say that you can ssh from a machine in the same network, but not from a machine in remote network.
Do you attempt to reach the same port in both cases?

Your server could have a configuration to allow ssh-access only from link-local network(s).
More likely your organization has another firewall between the server-network and WAN.

[turbo67]

You say that you can ssh from a machine in the same network, but not from a machine in remote network.
Do you attempt to reach the same port in both cases?
: I can reach another server with 8022 port from my PC using PuTTy, but cannot the server with the 8012 port opened.
The default port 22 is not forbidden for the two servers from remote access. As I said, the two servers are on the same network line.

Your server could have a configuration to allow ssh-access only from link-local network(s).
More likely your organization has another firewall between the server-network and WAN.
: No. One is possible to access whereas one is not possible to access.

I tried to change the port 8012 to the port 22022 arbitrarily, but it also failed.

Running "iptables -S | grep tcp" shows,
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22022 -m conntrack --ctstate NEW -j ACCEPT.

What is the reason for that?

[hunter86_bg]

From windows try to do:
1. open cmd.exe
2. Try to telnet

Code: Select all

telnet server-ip-or-fqdn 22

Note: replace with your IP or fqdn

[turbo67]

From windows try to do:
1. open cmd.exe
2. Try to telnet

Code: Select all

telnet server-ip-or-fqdn 22

Note: replace with your IP or fqdn

I cannot reach the server using telnet. The curious thing is that the port is not open in my PC whereas the port is open in the server.
Anyway thank you for your comment!!

[nsolovan]

Hey @turbo67,

From the other linux server, do a nmap [IP] where IP is the server you're trying to SSH to it.
Let us know the output.

Cheers,
N

[turbo67]

Hey @turbo67,

From the other linux server, do a nmap [IP] where IP is the server you're trying to SSH to it.
Let us know the output.

Cheers,
N

Running "nmap xxx.xxx.xxx.xxx" shows as the followings.
==============================================================
Starting Nmap 5.51 ( http://nmap.org ) at 2018-11-30 23:22 KST
Nmap scan report for xxx.xxx.xxx.xxx
Host is up (0.95s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http

Nmap done: 1 IP address (1 host up) scanned in 49.67 seconds
==============================================================
Do you guess what the problem is?

Thank you in advance.

[TrevorH]

Have you tried to change the port on which sshd listens? If so then did you tell selinux about the new port number? Did you open the port in firewalld?