Linux blocking port-forwarded connection to SSH service
I'm trying to connect to my computer's SSH service from outside my network (Internet). The router is a Sagemcom 5655. In the router I configured port-forwarding as I did many times before in my life, but this time is not working.
Protocol: TCP External port: 9092 Forward to internal port: 22 Internal address: 192.168.1.141
The SSH server is working, I use it almost every day on my local network. But when I try to connect from the outside nothing happens.
This is how I connect to the server: my-user@internet-address -p 9092
The only thing I see is a log in /var/log/audit/audit.log that I don't understand:
type=CRYPTO_KEY_USER msg=audit(1574265360.622:648): pid=6212 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:eb:31:df:3b:11:5f:0f:b8:ae:5a:84:65:58:4b:b1:83:48:d8:9a:d3:d6:1c:42:45:d3:9e:2a:3f:75:79:e6:7b direction=? spid=6212 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1574265360.622:649): pid=6212 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:25:0f:2c:39:d4:e0:e1:31:fa:cf:4a:2c:4d:1c:91:17:05:b2:94:5c:00:75:6e:28:76:3c:0d:18:48:a3:a3:93 direction=? spid=6212 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1574265360.622:650): pid=6212 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:17:2e:8f:02:82:78:ac:ed:eb:06:dd:93:6c:1a:a2:bc:4d:74:ee:c0:18:c1:23:39:5c:e1:a1:0d:04:9a:b6:98 direction=? spid=6212 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
Is there any chance that something like SE Linux on my Fedora box may be blocking the connection?
I checked /etc/ssh/sshd_config and there's nothing strange. Also, I'm trying to connect with a normal user NOT root.
This is the output of iptables -nvL INPUT
pkts bytes target prot opt in out source destination
21396 14M LIBVIRT_INP all -- * * 0.0.0.0/0 0.0.0.0/0
16280 14M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
181 12188 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
4935 271K INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
4935 271K INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
13 520 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
1582 80252 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
When I go in the router's management system I can see the "Public IP address" as 200.80.*.*** (the * are just numbers I'm hidding, not wildcards!). I also see that my router is configured to reply to PING. But when I ping or portscan that IP nothing happends.
I have also tested connecting from the outside, connecting my laptop to 4G from my phone's internet connection. Same results.
Thanks!
Solution 1:
Try putting your sshd process into VERBOSE logging mode (eg: LogLevel VERBOSE in /etc/ssh/sshd_config) on your endpoint and then look in /var/log/auth.log (for Ubuntu -- Redhat derivative is probably a different file). This should point to any pubkey errors, protocol, cipher or file/directory permission errors involving the authorized_keys file.
secondly, on the endpoint, install tcpdump and have it listen to the ssh traffic on port 22 (or whatever port you have the daemon on ) with something like this: tcpdump -nn -s0 -A port 22. This will tell you what is connecting to that port regardless of firewall or SELinux issues.
Attempt a connect. Those two pieces should give you some indication of where the problem lies. if tcpdump is quiet, your router is not forwarding the connection properly or there is another hop in between which is blocking the connection.