Join Log in
Score:0
Shugui avatar Server

Error SSH connection. Connection timed ou t

cn flag
Shugui

I am not able to connect via SSH to my server and I dont know the reasons.

SSHD its running and ports are open in UFW. I tried to change ports but the issue persist. Also tried differents machines and networks.

If I reboot the server, sometimes I can establish connection but after a time the problem comeback.

My sshd_config:

#   $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Port 1402
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
LogLevel VERBOSE

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
AllowTcpForwarding no
#GatewayPorts no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
KeepAlive yes
ClientAliveInterval 90000
ClientAliveCountMax 2
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem   sftp    /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#   X11Forwarding no
#   AllowTcpForwarding no
#   PermitTTY no
#   ForceCommand cvs server
PermitRootLogin no
PasswordAuthentication yes

I get a timeout error with: ssh [email protected] -p 1402

And nmap answer the following:

      user@linux:~$ nmap -p 1402 -Pn xx.xxx.xxx.xxx 
Starting Nmap 7.70 ( https://nmap.org ) at 2021-09-07 22:06 CEST
Nmap scan report for xx.xxx.xxx.xxx
Host is up.

PORT     STATE    SERVICE
1402/tcp filtered prm-sm-np

Nmap done: 1 IP address (1 host up) scanned in 6.99 seconds

Some ideas?

EDIT

UFW Config

    user@localhost:~$ sudo ufw status verbose
[sudo] password for user: 
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
1402/tcp                   LIMIT IN    Anywhere                  
3000/tcp                   ALLOW IN    Anywhere                  
9100/tcp                   ALLOW IN    Anywhere                  
12798/tcp                  ALLOW IN    Anywhere                  
6000/tcp                   ALLOW IN    Anywhere                  
60000/tcp                  ALLOW IN    Anywhere                  
1402/tcp (v6)              LIMIT IN    Anywhere (v6)             
3000/tcp (v6)              ALLOW IN    Anywhere (v6)             
9100/tcp (v6)              ALLOW IN    Anywhere (v6)             
12798/tcp (v6)             ALLOW IN    Anywhere (v6)             
6000/tcp (v6)              ALLOW IN    Anywhere (v6)             
60000/tcp (v6)             ALLOW IN    Anywhere (v6)
88
1 + 6
ssh
Michael Hampton avatar
cz flag
Michael Hampton
Check your firewalls.
0
Reply
Shugui avatar
cn flag
Shugui
Done, UFW is fine and the firewall from my hosting too
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
But you didn't post a copy of them in your post.
0
Reply
Shugui avatar
cn flag
Shugui
Added UFW config. Changed 1402 port configuration from LIMIT IN to ALLOW IN and still with no connection
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
What about the other firewall?
0
Reply
George Y avatar
vn flag
George Y
you should firstly check if the port is open. Try to connect to the port using `telnet` from your local machine. If it enters the dialog mode press `Ctrl`+`]` to exit, otherwise the port is unreachable. Then you should check all the firewall settings including inside your Linux, and outside it(some Cloud service would set a default firewall for you)
0
Reply
Shugui avatar
cn flag
Shugui
@GeorgeY nmap answer fine as I posted, but telnet (telnet xx.xxx.xxx.xx 1402) answer with: Unable to connect to remote host: Connection timed out. How is this possible? Not an expert here
0
Reply
George Y avatar
vn flag
George Y
@Shugui use telnet on the exact same machine, and if you still cannot open it, the problem is on your `sshd`.
0
Reply
Score:-1
George Y avatar Server
vn flag
George Y 
KeepAlive yes
ClientAliveInterval 90000
ClientAliveCountMax 2

These three lines indicate that if within 90000*2 seconds there is no TCP package from the client, it will cut the connection automatically.

This is a protection mechanism by SSH. Either you change the parameter or use Bitvise ssh Client instead, which would automatically send TCP Ping-Pong heartbeat packages to the server.

0 + 1
Michael Hampton avatar
cz flag
Michael Hampton
This is all true, but it's completely irrelevant to the question.
0
Reply
Shugui avatar
cn flag
Shugui
I agree with @MichaelHampton. I changed those parameters in case the problem was caused by the ssh-client, but not the case
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.