[PLUG] ssh issue: seeking explanation and resolution

Louis Kowolowski louisk at cryptomonkeys.org
Fri Apr 10 22:33:03 UTC 2015


I would strongly suggest that you disable password/passphrase auth and use public key.

Common tools don’t care what port a service listens on, they scan them all and respond based on what information comes back. As such, many (perhaps even most now) now consider changing ports to be a waste of time.



> On Apr 9, 2015, at 7:09 AM, Rich Shepard <rshepard at appl-ecosys.com> wrote:
> 
>   The last business trip had ssh issues because I did not change the ssh
> port number on my LAN firewall; Russell graciously brought that error to my
> attention. Changed the firewall port number, reset it, and tested remote
> access at the local library branch. Thought all would work as previously.
> 
>   That's not the case. Here I am, again 500 miles away, and when I tried to
> ssh to my server to access mail and files, the attempts failed. traceroute
> would reach a Frontier Tigard router then stop. Hmm-m-m. That should have
> been fixed with the firewall ssh port number corrected.
> 
>   Searching the Web for an answer I came upon this site:
> <http://www.infobyip.com/sshservertest.php>. Entered the sub-domain name and
> port number, clicked the 'Check' button, and a couple of seconds later was
> rewarded with:
> 
> Connected to <domainname>:<port number>
> PASS Server fingerprint is B971680C85D08A84CF882D9F9E0DAE6A
> 
>   Back to a v.t. and re-try. Now I get a message that the new IP address
> (Frontier chages them every hour from about 17:30 one day to 06:50 the next
> day) is not recognized as an allowed host, but the passphrase prompt is
> presented. Entering that string allows me entry to my server, obviously,
> because I'm sending this message from it.
> 
>   My question is why ssh and traceroute might now be failing until the web
> site tests the connection, then it works from a shell? The next question is
> what I might do to avoid having this extra step when remotely connecting
> since that has not happened prior to my changing the ssh port number and the
> authentification from password to passphrase. Perhaps they have nothing to
> do with the issue but it's a hassle I'd much like to resolve.
> 
>   Will check later this afternoon when meetings are over and I'm back in the
> hotel.
> 
> TIA,
> 
> Rich
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug

--
Louis Kowolowski                                louisk at cryptomonkeys.org <mailto:louisk at cryptomonkeys.org>
Cryptomonkeys:                                   http://www.cryptomonkeys.com/ <http://www.cryptomonkeys.com/>

Making life more interesting for people since 1977

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20150410/0d583fef/attachment-0001.asc>


More information about the PLUG mailing list