[TW] SSH No route to host

Bob Williams

29 Jul 2022 29 Jul '22

06:05

Operating system Tumbleweed; desktop KDE Plasma. I can ssh into my desktop machine from my phone (using JuiceSSH) using the local LAN address 192.168.178.48 When I try to ssh to my ISP static address, I get 'no route to host'. This also happens to a colleague trying to connect from another city (ie. from outside my LAN). I have moved my ssh port to a higher number, no longer 22. This is set in /etc/ssh/sshd_config and /etc/services. The port is forwarded to this machine in my router (Fritz!Box 7530). The higher port is opened in firewalld with protocol TCP. I get the same 'no route to host' if I disable the firewall. I am not convinced the port is really open to the world, although ssh within the LAN is working. Nmap scan report for aaa-bbb-ccc-ddd.dsl.in-addr.zen.co.uk (aaa.bbb.ccc.ddd) Host is up (0.0060s latency). Not shown: 995 filtered tcp ports (no-response) PORT STATE SERVICE 113/tcp closed ident 873/tcp open rsync 1080/tcp closed socks 5060/tcp open sip 8089/tcp open unknown When I visit https://www.whatsmyip.org/port-scanner/ and ask it to scan my ssh port number it times out, whereas for comparison it confirms 873 immediately. SSH from elsewhere into this machine used to work (running Leap, but I doubt that makes a difference). Have I forgotten a setting somewhere? Are there other tests to run? Bob -- Bob Williams No HTML please. Plain text preferred. https://useplaintext.email/

Show replies by date

Andrei Borzenkov

29 Jul 29 Jul

06:45

On 29.07.2022 09:05, Bob Williams wrote:

...

Operating system Tumbleweed; desktop KDE Plasma.

I can ssh into my desktop machine from my phone (using JuiceSSH) using the local LAN address 192.168.178.48

When I try to ssh to my ISP static address, I get 'no route to host'.

You try to ssh from where? Show complete command and its full output including subsequent shell prompt. Assuming you are trying it from openSUSE system (which is unclear) show also ip a ip r ip -6 r

...

This also happens to a colleague trying to connect from another city (ie. from outside my LAN).

I have moved my ssh port to a higher number, no longer 22. This is set in /etc/ssh/sshd_config and /etc/services. The port is forwarded to this machine in my router (Fritz!Box 7530).

The higher port is opened in firewalld with protocol TCP.

I get the same 'no route to host' if I disable the firewall.

I am not convinced the port is really open to the world, although ssh within the LAN is working.

Nmap scan report for aaa-bbb-ccc-ddd.dsl.in-addr.zen.co.uk (aaa.bbb.ccc.ddd) Host is up (0.0060s latency). Not shown: 995 filtered tcp ports (no-response) PORT STATE SERVICE 113/tcp closed ident 873/tcp open rsync 1080/tcp closed socks 5060/tcp open sip 8089/tcp open unknown

When I visit https://www.whatsmyip.org/port-scanner/ and ask it to scan my ssh port number it times out, whereas for comparison it confirms 873 immediately.

SSH from elsewhere into this machine used to work (running Leap, but I doubt that makes a difference).

Have I forgotten a setting somewhere? Are there other tests to run?

Bob

Bob Williams

08:20

On Fri, 29 Jul 2022 09:45:30 +0300 Andrei Borzenkov wrote:

...

On 29.07.2022 09:05, Bob Williams wrote:

...
Operating system Tumbleweed; desktop KDE Plasma.

I can ssh into my desktop machine from my phone (using JuiceSSH) using the local LAN address 192.168.178.48

When I try to ssh to my ISP static address, I get 'no route to host'.

You try to ssh from where?

I'm using two devices to ssh into my desktop machine, which is running openSUSE TW. Firstly from my Android phone using the JuiceSSH app, and secondly my son in a remote city, who is running Arch.

...

Show complete command and its full output including subsequent shell prompt. Assuming you are trying it from openSUSE system (which is unclear) show also

Neither system is openSUSE (one Android, one Arch). Only the server I am trying to connect to is running openSUSE. Which is the machine I'm using now to access this list.

...

ip a ip r ip -6 r

Do you want the result of those commands on the openSUSE ssh server that I am trying to connect with? If so: bob@antikythera:~> ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp5s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 30:5a:3a:0d:93:ea brd ff:ff:ff:ff:ff:ff inet 192.168.178.48/24 brd 192.168.178.255 scope global dynamic noprefixroute enp5s0 valid_lft 730688sec preferred_lft 730688sec inet6 2a02:8010:666c:0:1094:7c28:f086:e375/64 scope global temporary dynamic valid_lft 7086sec preferred_lft 3486sec inet6 2a02:8010:666c:0:7220:6aa4:b821:9c1a/64 scope global temporary deprecated dynamic valid_lft 7086sec preferred_lft 0sec inet6 2a02:8010:666c:0:325a:3aff:fe0d:93ea/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 7086sec preferred_lft 3486sec inet6 fe80::325a:3aff:fe0d:93ea/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: wlp2s0: mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 36:c3:f9:84:17:1c brd ff:ff:ff:ff:ff:ff permaddr 9c:fc:e8:b3:a4:de 09:14 bob@antikythera:~> bob@antikythera:~> ip r default via 192.168.178.1 dev enp5s0 proto dhcp src 192.168.178.48 metric 100 192.168.178.0/24 dev enp5s0 proto kernel scope link src 192.168.178.48 metric 100 09:17 bob@antikythera:~> bob@antikythera:~> ip -6 r ::1 dev lo proto kernel metric 256 pref medium 2a02:8010:666c::/64 dev enp5s0 proto ra metric 100 pref medium 2a02:8010:666c::/48 via fe80::de39:6fff:fe4f:dd67 dev enp5s0 proto ra metric 100 pref medium fe80::/64 dev enp5s0 proto kernel metric 1024 pref medium default via fe80::de39:6fff:fe4f:dd67 dev enp5s0 proto ra metric 100 pref medium 09:18 bob@antikythera:~>

...

...
This also happens to a colleague trying to connect from another city (ie. from outside my LAN).

I have moved my ssh port to a higher number, no longer 22. This is set in /etc/ssh/sshd_config and /etc/services. The port is forwarded to this machine in my router (Fritz!Box 7530).

The higher port is opened in firewalld with protocol TCP.

I get the same 'no route to host' if I disable the firewall.

I am not convinced the port is really open to the world, although ssh within the LAN is working.

Nmap scan report for aaa-bbb-ccc-ddd.dsl.in-addr.zen.co.uk (aaa.bbb.ccc.ddd) Host is up (0.0060s latency). Not shown: 995 filtered tcp ports (no-response) PORT STATE SERVICE 113/tcp closed ident 873/tcp open rsync 1080/tcp closed socks 5060/tcp open sip 8089/tcp open unknown

When I visit https://www.whatsmyip.org/port-scanner/ and ask it to scan my ssh port number it times out, whereas for comparison it confirms 873 immediately.

SSH from elsewhere into this machine used to work (running Leap, but I doubt that makes a difference).

Have I forgotten a setting somewhere? Are there other tests to run?

Bob

Regards Bob -- Bob Williams No HTML please. Plain text preferred. https://useplaintext.email/

Andrei Borzenkov

12:26

On 29.07.2022 11:20, Bob Williams wrote:

...

On Fri, 29 Jul 2022 09:45:30 +0300 Andrei Borzenkov wrote:

...
On 29.07.2022 09:05, Bob Williams wrote:

...
Operating system Tumbleweed; desktop KDE Plasma.

I can ssh into my desktop machine from my phone (using JuiceSSH) using the local LAN address 192.168.178.48

When I try to ssh to my ISP static address, I get 'no route to host'.

You try to ssh from where?

I'm using two devices to ssh into my desktop machine, which is running openSUSE TW. Firstly from my Android phone using the JuiceSSH app, and secondly my son in a remote city, who is running Arch.

This does not really answer the question. Where these devices are connected? Are they in the same LAN as server? Are they connected to different network?

...

...
Show complete command and its full output including subsequent shell prompt. Assuming you are trying it from openSUSE system (which is unclear) show also

Neither system is openSUSE (one Android, one Arch). Only the server I am trying to connect to is running openSUSE. Which is the machine I'm using now to access this list.

Good, so post this from Arch. Linux is Linux.

...

...
ip a ip r ip -6 r

Do you want the result of those commands on the openSUSE ssh server that I am trying to connect with? If so:

That surely may become helpful, but "no route to host" is usually client problem.

Bob Williams

13:42

On Fri, 29 Jul 2022 15:26:29 +0300 Andrei Borzenkov wrote:

...

On 29.07.2022 11:20, Bob Williams wrote:

...
On Fri, 29 Jul 2022 09:45:30 +0300 Andrei Borzenkov wrote:

...
On 29.07.2022 09:05, Bob Williams wrote:

...
Operating system Tumbleweed; desktop KDE Plasma.

I can ssh into my desktop machine from my phone (using JuiceSSH) using the local LAN address 192.168.178.48

When I try to ssh to my ISP static address, I get 'no route to host'.

You try to ssh from where?

I'm using two devices to ssh into my desktop machine, which is running openSUSE TW. Firstly from my Android phone using the JuiceSSH app, and secondly my son in a remote city, who is running Arch.

This does not really answer the question. Where these devices are connected? Are they in the same LAN as server? Are they connected to different network?

The Android phone is in the same LAN as the server. The other machine (Arch Linux) is 50 miles away and not under my direct control.

...

...
...
Show complete command and its full output including subsequent shell prompt. Assuming you are trying it from openSUSE system (which is unclear) show also

Neither system is openSUSE (one Android, one Arch). Only the server I am trying to connect to is running openSUSE. Which is the machine I'm using now to access this list.

Good, so post this from Arch. Linux is Linux.

I'll ask the remote user to send me the result of these commands.

...

...
...
ip a ip r ip -6 r

Do you want the result of those commands on the openSUSE ssh server that I am trying to connect with? If so:

That surely may become helpful, but "no route to host" is usually client problem.

That is interesting. I didn't realise that. -- Bob Williams No HTML please. Plain text preferred. https://useplaintext.email/

Carlos E. R.

13:47

On 2022-07-29 15:42, Bob Williams wrote:

...

On Fri, 29 Jul 2022 15:26:29 +0300 Andrei Borzenkov wrote:

...
On 29.07.2022 11:20, Bob Williams wrote:

...
On Fri, 29 Jul 2022 09:45:30 +0300 Andrei Borzenkov wrote:

...
On 29.07.2022 09:05, Bob Williams wrote:

...
Operating system Tumbleweed; desktop KDE Plasma.

I can ssh into my desktop machine from my phone (using JuiceSSH) using the local LAN address 192.168.178.48

When I try to ssh to my ISP static address, I get 'no route to host'.

You try to ssh from where?

I'm using two devices to ssh into my desktop machine, which is running openSUSE TW. Firstly from my Android phone using the JuiceSSH app, and secondly my son in a remote city, who is running Arch.

This does not really answer the question. Where these devices are connected? Are they in the same LAN as server? Are they connected to different network?

The Android phone is in the same LAN as the server. The other machine (Arch Linux) is 50 miles away and not under my direct control.

You can disconnect the WiFi on the phone, and thus test access from truly outside. I do that for testing access to my mini-server, but I use a laptop thethered to my phone, thus using Linux. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)

Andrei Borzenkov

13:56

On 29.07.2022 16:42, Bob Williams wrote:

...

On Fri, 29 Jul 2022 15:26:29 +0300 Andrei Borzenkov wrote:

...
On 29.07.2022 11:20, Bob Williams wrote:

...
On Fri, 29 Jul 2022 09:45:30 +0300 Andrei Borzenkov wrote:

...
On 29.07.2022 09:05, Bob Williams wrote:

...
Operating system Tumbleweed; desktop KDE Plasma.

I can ssh into my desktop machine from my phone (using JuiceSSH) using the local LAN address 192.168.178.48

When I try to ssh to my ISP static address, I get 'no route to host'.

You try to ssh from where?

I'm using two devices to ssh into my desktop machine, which is running openSUSE TW. Firstly from my Android phone using the JuiceSSH app, and secondly my son in a remote city, who is running Arch.

This does not really answer the question. Where these devices are connected? Are they in the same LAN as server? Are they connected to different network?

The Android phone is in the same LAN as the server.

Connection to external IP address from within LAN which is target of port forwarding most likely does not work. It depends on how your router handles these requests and whether it will mangle source IP address. You should never test port forwarding from within the same LAN where forwarding target is located.

Bob Williams

13:56

On Fri, 29 Jul 2022 15:26:29 +0300 Andrei Borzenkov wrote:

...

Good, so post this from Arch. Linux is Linux.

The remote client reports: ip a 13:43:33 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno1: mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether e0:d5:5e:40:18:ca brd ff:ff:ff:ff:ff:ff altname enp0s31f6 3: wlp4s0: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether c8:58:c0:c7:9b:d3 brd ff:ff:ff:ff:ff:ff inet 192.168.1.99/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp4s0 valid_lft 4137sec preferred_lft 3237sec inet6 fe80::ca58:c0ff:fec7:9bd3/64 scope link valid_lft forever preferred_lft forever ip r 14:46:36 default via 192.168.1.1 dev wlp4s0 proto dhcp src 192.168.1.99 metric 3003 192.168.1.0/24 dev wlp4s0 proto dhcp scope link src 192.168.1.99 metric 3003 ip -6 r 14:47:03 ::1 dev lo proto kernel metric 256 pref medium fe80::/64 dev wlp4s0 proto kernel metric 256 pref medium default via fe80::1:1 dev wlp4s0 proto ra metric 1024 expires 29sec hoplimit 64 pref medium -- Bob Williams No HTML please. Plain text preferred. https://useplaintext.email/

Daniel Morris

09:00

On Fri, Jul 29, 2022 at 07:05:46AM +0100, Bob Williams wrote:

...

Operating system Tumbleweed; desktop KDE Plasma.

I can ssh into my desktop machine from my phone (using JuiceSSH) using the local LAN address 192.168.178.48

When I try to ssh to my ISP static address, I get 'no route to host'. This also happens to a colleague trying to connect from another city (ie. from outside my LAN).

I have moved my ssh port to a higher number, no longer 22. This is set in /etc/ssh/sshd_config and /etc/services. The port is forwarded to this machine in my router (Fritz!Box 7530).

So are you connecting to port 22 and then having the Fritz!Box 7530 port-forward to the higher port number of the static IP of your machine inside your LAN? Or also using the higher number from outside the LAN. You can do either, but you need to do so consistently in your command line options or .ssh/config. eg, each of these is legit, but needs a different port forward rule at the Fritz!Box 7530: ssh -p 22 ---> Fritz!Box7530 ---> staticip_tw_sshd listening on 7890 ssh -p 7890 ---> Fritz!Box7530 ---> staticip_tw_sshd listening on 7890 ssh -p 7890 ---> Fritz!Box7530 ---> staticip_tw_sshd listening on 1234 Are you sure your TW machine has a static IP itself inside the LAN as the target for the port forward? Does it match in the 7530's port-forward table? Also assume you've restarted/SIGHUP sshd since moving the port? I have a 7530 on one network and this works fine for me, also with ssh traffic moved off a 22/common port to avoid umpteen probes cluttering my logs. To help with debugging, use "ssh -v ..." to connect from the client/Arch, just to check the chatter between machines. In the past I found various encryption algorithms weren't enabled/allowed on a particular versions of RHEL or Debian that stopped key based login, and similar on low-power single board targets. Daniel

Bob Williams

10:01

On Fri, 29 Jul 2022 10:00:42 +0100 Daniel Morris wrote:

...

On Fri, Jul 29, 2022 at 07:05:46AM +0100, Bob Williams wrote:

...
Operating system Tumbleweed; desktop KDE Plasma.

I can ssh into my desktop machine from my phone (using JuiceSSH) using the local LAN address 192.168.178.48

When I try to ssh to my ISP static address, I get 'no route to host'. This also happens to a colleague trying to connect from another city (ie. from outside my LAN).

I have moved my ssh port to a higher number, no longer 22. This is set in /etc/ssh/sshd_config and /etc/services. The port is forwarded to this machine in my router (Fritz!Box 7530).

So are you connecting to port 22 and then having the Fritz!Box 7530 port-forward to the higher port number of the static IP of your machine inside your LAN? Or also using the higher number from outside the LAN. You can do either, but you need to do so consistently in your command line options or .ssh/config.

Incoming connections use the higher port number. The Fritz!Box 7530 routes that to the same higher port number of the machine inside the LAN.

...

eg, each of these is legit, but needs a different port forward rule at the Fritz!Box 7530:

ssh -p 22 ---> Fritz!Box7530 ---> staticip_tw_sshd listening on 7890 ssh -p 7890 ---> Fritz!Box7530 ---> staticip_tw_sshd listening on 7890 ssh -p 7890 ---> Fritz!Box7530 ---> staticip_tw_sshd listening on 1234

I am using the second example above (but with a different port number, obviously).

...

Are you sure your TW machine has a static IP itself inside the LAN as the target for the port forward? Does it match in the 7530's port-forward table?

Yes. The Fritz!Box 7530 is configured to supply the same IP to this machine every time.

...

Also assume you've restarted/SIGHUP sshd since moving the port?

Yes. The move to a higher port number was don several years ago, and I have been able to login remotely in the past. This is the first time I have attempted it since moving to a Tumbleweed system on this machine. I have checked all the config files I can think of.

...

I have a 7530 on one network and this works fine for me, also with ssh traffic moved off a 22/common port to avoid umpteen probes cluttering my logs.

To help with debugging, use "ssh -v ..." to connect from the client/Arch, just to check the chatter between machines. In the past I found various encryption algorithms weren't enabled/allowed on a particular versions of RHEL or Debian that stopped key based login, and similar on low-power single board targets.

Daniel

-- Bob Williams No HTML please. Plain text preferred. https://useplaintext.email/

Freek de Kruijf

09:16

Op vrijdag 29 juli 2022 08:05:46 CEST schreef Bob Williams:

...

Operating system Tumbleweed; desktop KDE Plasma.

I can ssh into my desktop machine from my phone (using JuiceSSH) using the local LAN address 192.168.178.48

When I try to ssh to my ISP static address, I get 'no route to host'. This also happens to a colleague trying to connect from another city (ie. from outside my LAN).

I have moved my ssh port to a higher number, no longer 22. This is set in /etc/ssh/sshd_config and /etc/services. The port is forwarded to this machine in my router (Fritz!Box 7530).

I also have a Fritz!Box and I have a port forward on it from a few higher ports to port 22 on a few systems in my LAN. So I don't need to specify a port when I use the local 192.168 addresses. Also the firewalld specifications are standard and open the ssh ports on these systems. I can use "ssh -p xx user@dns_name" to access these systems, both from my systems in my LAN as from systems somewhere in the internet. The main use from outside is using "rsync -e 'ssh -p xxx' folder user@dns_name:/folder_remote/" Occasionally I also experience error messages like "no route to host", but I simply test on return code and repeat the command. Within 10 times it will succeed. Lately, due to another problem, I needed to investigate access problems and I used "sudo /sbin/traceroute -T -p x -m y -n dns_name". With -T you send TCP- SYN, -p x, x is the port you try to access and which has a listener, -m y limits the number of packets send, default is 30 and -n gives only IP addresses. This might give you some indication where it gets stuck. On my system to Fritz!Box, via dns_name (global IP address), and back to my system, qq is the port forwarded to my port 22. $ sudo /sbin/traceroute -T -p qq -m 5 -n dns_name traceroute to dns_name (149.143.xx.yy), 5 hops max, 60 byte packets 1 192.168.178.1 0.603 ms 0.599 ms 0.630 ms 2 149.143.xx.yy 3.360 ms 3.321 ms 3.310 ms 3 149.143.xx.yy 5.029 ms 4.990 ms 5.025 ms As you see it gets a reply after 3 hops. -- fr.gr. member openSUSE Freek de Kruijf

Bob Williams

10:12

On Fri, 29 Jul 2022 11:16:09 +0200 Freek de Kruijf wrote:

...

Lately, due to another problem, I needed to investigate access problems and I used "sudo /sbin/traceroute -T -p x -m y -n dns_name". With -T you send TCP- SYN, -p x, x is the port you try to access and which has a listener, -m y limits the number of packets send, default is 30 and -n gives only IP addresses. This might give you some indication where it gets stuck.

On my system to Fritz!Box, via dns_name (global IP address), and back to my system, qq is the port forwarded to my port 22. $ sudo /sbin/traceroute -T -p qq -m 5 -n dns_name traceroute to dns_name (149.143.xx.yy), 5 hops max, 60 byte packets 1 192.168.178.1 0.603 ms 0.599 ms 0.630 ms 2 149.143.xx.yy 3.360 ms 3.321 ms 3.310 ms 3 149.143.xx.yy 5.029 ms 4.990 ms 5.025 ms As you see it gets a reply after 3 hops.

I'm not familiar with traceroute, but the result of the command you gave looks promising: bob@antikythera:~> sudo /sbin/traceroute -T -p 8197 -m 5 -n 51.148.xx.yy traceroute to 51.148.143.104 (51.148.143.104), 5 hops max, 60 byte packets 1 192.168.178.1 3.808 ms 3.772 ms 3.760 ms 2 51.148.xx.yy 6.360 ms 6.349 ms 6.337 ms 3 51.148.xx.yy 3004.722 ms !H 3004.711 ms !H 3004.696 ms !H 11:05 bob@antikythera:~> What does !H in the third line mean? The manpage doesn't mention it. -- Bob Williams No HTML please. Plain text preferred. https://useplaintext.email/

Andrei Borzenkov

12:36

On 29.07.2022 13:12, Bob Williams wrote: ...

...

bob@antikythera:~> sudo /sbin/traceroute -T -p 8197 -m 5 -n 51.148.xx.yy traceroute to 51.148.143.104 (51.148.143.104), 5 hops max, 60 byte packets 1 192.168.178.1 3.808 ms 3.772 ms 3.760 ms 2 51.148.xx.yy 6.360 ms 6.349 ms 6.337 ms 3 51.148.xx.yy 3004.722 ms !H 3004.711 ms !H 3004.696 ms !H 11:05 bob@antikythera:~>

What does !H in the third line mean? The manpage doesn't mention it.

Host unreachable. 13 51.148.143.104 63.072 ms 58.125 ms 59.895 ms 14 51.148.143.104 3056.713 ms !H 3045.398 ms !H 3036.229 ms !H So host 51.148.143.104 returns "host unreachable" when it forwards connection request to port 8197. Assuming that host 51.148.143.104 is your router, you need to check its port forwarding configuration. It does not look related to openSUSE at all, unless host 51.148.143.104 runs openSUSE.

Freek de Kruijf

13:41

Op vrijdag 29 juli 2022 12:12:40 CEST schreef Bob Williams:

...

On Fri, 29 Jul 2022 11:16:09 +0200

I'm not familiar with traceroute, but the result of the command you gave looks promising:

bob@antikythera:~> sudo /sbin/traceroute -T -p 8197 -m 5 -n 51.148.xx.yy traceroute to 51.148.143.104 (51.148.143.104), 5 hops max, 60 byte packets 1 192.168.178.1 3.808 ms 3.772 ms 3.760 ms 2 51.148.xx.yy 6.360 ms 6.349 ms 6.337 ms 3 51.148.xx.yy 3004.722 ms !H 3004.711 ms !H 3004.696 ms !H 11:05 bob@antikythera:~>

What does !H in the third line mean? The manpage doesn't mention it.

It means you got an answer back from that host with an ICMP packet meaning host not reachable. See https://networkengineering.stackexchange.com/questions/16454/difference-betw... -- fr.gr. member openSUSE Freek de Kruijf

Dave Howorth

10:27

On Fri, 29 Jul 2022 07:05:46 +0100 Bob Williams wrote:

...

Operating system Tumbleweed; desktop KDE Plasma.

I can ssh into my desktop machine from my phone (using JuiceSSH) using the local LAN address 192.168.178.48

When I try to ssh to my ISP static address, I get 'no route to host'. This also happens to a colleague trying to connect from another city (ie. from outside my LAN).

Is this an ssh problem or something broader? Can you, for example, ping your server from outside? Or use rsync?

...

I have moved my ssh port to a higher number, no longer 22. This is set in /etc/ssh/sshd_config and /etc/services. The port is forwarded to this machine in my router (Fritz!Box 7530).

What does the 7530 log contain when you try to access your server? Does it see the access? Does it accept or reject it?

...

The higher port is opened in firewalld with protocol TCP.

I get the same 'no route to host' if I disable the firewall.

I am not convinced the port is really open to the world, although ssh within the LAN is working.

Nmap scan report for aaa-bbb-ccc-ddd.dsl.in-addr.zen.co.uk (aaa.bbb.ccc.ddd) Host is up (0.0060s latency). Not shown: 995 filtered tcp ports (no-response) PORT STATE SERVICE 113/tcp closed ident 873/tcp open rsync 1080/tcp closed socks 5060/tcp open sip 8089/tcp open unknown

When I visit https://www.whatsmyip.org/port-scanner/ and ask it to scan my ssh port number it times out, whereas for comparison it confirms 873 immediately.

SSH from elsewhere into this machine used to work (running Leap, but I doubt that makes a difference).

Have I forgotten a setting somewhere? Are there other tests to run?

Bob

Bob Williams

12:26

On Fri, 29 Jul 2022 11:27:15 +0100 Dave Howorth wrote:

...

On Fri, 29 Jul 2022 07:05:46 +0100 Bob Williams wrote:

...
Operating system Tumbleweed; desktop KDE Plasma.

I can ssh into my desktop machine from my phone (using JuiceSSH) using the local LAN address 192.168.178.48

When I try to ssh to my ISP static address, I get 'no route to host'. This also happens to a colleague trying to connect from another city (ie. from outside my LAN).

Is this an ssh problem or something broader? Can you, for example, ping your server from outside? Or use rsync?

I think it's just an ssh problem. I have asked someone else to ping this address from outside. ping works from here (ie. from behind my router, inside the LAN, I can ping my external IP) bob@antikythera:~> ping -c3 51.148.xx.yy PING 51.148.xx.yy (51.148.xx.yy) 56(84) bytes of data. 64 bytes from 51.148.xx.yy: icmp_seq=1 ttl=63 time=4.15 ms 64 bytes from 51.148.xx.yy: icmp_seq=2 ttl=63 time=5.88 ms 64 bytes from 51.148.xx.yy: icmp_seq=3 ttl=63 time=3.84 ms --- 51.148.xx.yy ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 3.835/4.621/5.884/0.901 ms 13:21 bob@antikythera:~>

...

...
I have moved my ssh port to a higher number, no longer 22. This is set in /etc/ssh/sshd_config and /etc/services. The port is forwarded to this machine in my router (Fritz!Box 7530).

What does the 7530 log contain when you try to access your server? Does it see the access? Does it accept or reject it?

The 7530 doesn't appear to log these events. I'll see if I can increase the logging level somewhere. -- Bob Williams No HTML please. Plain text preferred. https://useplaintext.email/

Carlos E. R.

13:52

On 2022-07-29 14:26, Bob Williams wrote:

...

On Fri, 29 Jul 2022 11:27:15 +0100 Dave Howorth wrote:

...
On Fri, 29 Jul 2022 07:05:46 +0100 Bob Williams wrote:

...
Operating system Tumbleweed; desktop KDE Plasma.

I can ssh into my desktop machine from my phone (using JuiceSSH) using the local LAN address 192.168.178.48

When I try to ssh to my ISP static address, I get 'no route to host'. This also happens to a colleague trying to connect from another city (ie. from outside my LAN).

Is this an ssh problem or something broader? Can you, for example, ping your server from outside? Or use rsync?

I think it's just an ssh problem. I have asked someone else to ping this address from outside. ping works from here (ie. from behind my router, inside the LAN, I can ping my external IP)

But ping from outside only involves your router, not your server. There are some pings that can be told to use the ssh port (I don't remember which one), but that is similar to the traceroute you did. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)

Bob Williams

30 Jul 30 Jul

10:18

New subject: [TW] [SOLVED] SSH No route to host

It works! I have two network interfaces on the server machine, ethernet and wireless. When I started this thread, I was only using the ethernet connection. Today I activated the wireless interface as well, and was immediately able to ssh to my external IP address 51.148.xx.yy. Both interfaces have the same port forwarding rules configured in the router, but different LAN addresses, obviously. I have no idea why one interface accepted the external login request and the other didn't, but I'm happy that it's now working. Thank you to everyone who offered help and advice. Regards Bob -- Bob Williams No HTML please. Plain text preferred. https://useplaintext.email/

634

Age (days ago)

635

Last active (days ago)

List overview

Download

17 comments

6 participants

participants (6)

Andrei Borzenkov
Bob Williams
Carlos E. R.
Daniel Morris
Dave Howorth
Freek de Kruijf

[TW] SSH No route to host

tags

participants (6)