ISP blocks the use of ssh?

4

1

I fail to use ssh connecting to my remote machine, the detail situation is as following:

  1. The remote machine is behind a firewall, but can be connected using ssh with port 45992. I used to connect to it before without any problem.

  2. My current internet looks like only supports http service, because I can surf the web but nothing else works

This is what I got when I tried to use ssh:

user@machinename:~$ ssh -p 45992 xxx.xxx.xxx.xxx -v
OpenSSH_5.5p1 Debian-4ubuntu6, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 45992.

then it just stuck here.

What the ISP may have done? And is there any way to get my ssh working again?

zhanwu

Posted 2011-08-31T10:46:51.143

Reputation: 853

The ISP's are dismantling the internet and not forwarding SSH traffic. This is part of the planned destruction of the internet. Sorry for your loss. We tried to warn you with net nutrality, but nobody cares. You don't need SSH. Use something else. You will probably have to build it yourself using port 80 on tcp, the goats can't block that one or else websites won't resolve. – Eric Leschinski – 2017-02-05T01:04:20.267

2I had this problem at a university I was attending. All KEX_INIT packets were mangled. I asked why and they told me "SSH is not supported." At the same time, people would play WoW between classes. Jerks. – amphetamachine – 2011-08-31T11:00:27.827

exactly same here – zhanwu – 2011-08-31T11:06:24.840

Answers

3

Here's a part of my remote machine's /etc/ssh/sshd_config:

Port 22
Port 443

In other words, I connect to my remote machine at port 443, which is usually used by HTTPS. 

ssh piskvor@remotemachine.example.net -p 443

I've found that most places that employ traffic filtering won't mess with HTTPS (or traffic on HTTPS' port).

Piskvor left the building

Posted 2011-08-31T10:46:51.143

Reputation: 2 277

53 is another good port to try out. It is used by DNS so most places will leave it untouched. – jeffgao – 2011-09-01T17:14:38.193

@jeffgao: Interesting suggestion - 99% of DNS traffic happens on 53/udp though; I've seen firewalls blocking 53/tcp. Moreover, some places will block any outbound traffic on port 53, only allowing the use of their internal nameserver. – Piskvor left the building – 2011-09-02T10:03:43.113

That's true. But on the other side, my home ISP on which my ssh server locates blocks incoming http/https traffics. Port 53 is very unlikely to be blocked by my ISP. Also DNS primarily using upd makes it easy to differentiate ssh traffic from DNS requests on my router to perform QoS. – jeffgao – 2011-09-02T15:47:34.933

1

1) Ask your ISP (consult their T&Cs etc)

2) Run a simple service (e.g. echo service) on that port and try connecting with telnet client or netcat. SSH is more complex to diagnose, so start with something simple.

RedGrittyBrick

Posted 2011-08-31T10:46:51.143

Reputation: 70 632

>

  • I am trying to get information from the ISP, but no response yet; 2) I am sure that the remote machine is working well, and it is reachable with (only) port 45992, because I can connect to it when I use 3G internet.

    • Just curious what the ISP did – zhanwu – 2011-08-31T17:13:16.283

    Asked: 2011-08-31T10:46:51.143

    Viewed: 3 043 times

    Active: 2011-08-31T12:45:57.443