Re: SSH port 22 is invisible from the internet!! :(

Mon, 09 Apr 2007 13:12:27 -0700 

On Mon, Apr 09, 2007 at 07:33:31PM +0200, csanyipal wrote:
> On Mon, Apr 09, 2007 at 07:18:58PM +0200, Franck Joncourt wrote:
> 
> $ sudo telnet 127.0.0.1 22
> Trying 127.0.0.1...
> Connected to 127.0.0.1.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.3p2 Debian-9
> ^]
> Protocol mismatch.
> Connection closed by foreign host.

Good point. At least we know, your ssh server is running on port 22.
 
> > Afterwards, you could worry a bit more with iptables if it does not work.
> 
> If the present iptables setup don't work, then I have no idea further how to 
> setup iptables to solve this problem?
> 
> Any advices will be appreciated!
> 

Here is a piece of a script, which will allow you to connect through
ssh. (I have not checked out your iptables output)

###
# Flush rules
iptables -F
iptables -F -t nat
iptables -F -t mangle
        
# Remove user-defined chains
iptables -X
iptables -X -t nat
iptables -X -t mangle
        
# Reset counters
iptables -Z
iptables -Z -t mangle
iptables -Z -t nat

# Set policy for the filter table
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow ssh clients
iptables -A INPUT -i eth0 -p tcp --syn --dport 22 -m state --state NEW -j ACCEPT
###

Just written. So there may be some mistypes !

Otherwise, have you turned on the debug ?

[EMAIL PROTECTED]:~/smhfw$ ssh -v [EMAIL PROTECTED]
OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to sid [192.168.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/thialme/.ssh/identity type -1
debug1: identity file /home/thialme/.ssh/id_rsa type -1
debug1: identity file /home/thialme/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_4.3p2 Debian-9
[...]

-- 
Franck Joncourt
http://www.debian.org
http://smhteam.info/wiki/
GPG server : pgpkeys.mit.edu
Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE

Attachment: signature.asc
Description: Digital signature

Reply via email to