Join the community today
Register Now

Security Sysadmin ssh timing out on a different isp on the same laptop

Discussion in 'System Administration' started by leoadhemartan, Jul 10, 2019.

  1. leoadhemartan

    leoadhemartan New Member

    5
    1
    3
    Jun 28, 2019
    Ratings:
    +1
    Local Time:
    1:51 PM
    I configured my ssh to use keys and a custom port...

    $ ssh -i ~/.ssh/samplekey [email protected] -p 11211
    This works on my office ISP with a static IP.

    However, running the same command on the same laptop on my home ISP with dynamic dns, I'm getting:
    ssh: connect to host example.com port 11211: Connection timed out

    Is this a result of an ip block? How do I query all ip addresses that are in the blacklist?

    I can log into the wordpress dashboard with no issues on my home isp.

    Thanks
     
  2. eva2000

    eva2000 Administrator Staff Member

    41,668
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,413
    Local Time:
    3:51 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    How did you change SSH port ? Did you make changes to CSF Firewall SSH port whitelisting in /etc/csf/csf.conf as well ?

    11211 is know memcached server port reserved so wouldn't be usually used for SSH connections and CSF Firewall blocks connections to that port on 11211. Centmin Mod though on initial install will whitelist your ISP IP used during install so that port 11211 access would work which is probably why your static IP works if you used that during Centmin Mod initial install.

    I'd use centmin.sh menu option 16 to change your SSH port from 11211 to something else. The menu option will prompt first for existing SSH port number which for you is 11211 and then prompt for desired new SSH port number and make appropriate CSF Firewall changes.

    FYI, CSF Firewall default ports CSF - Centmin Mod LEMP stack CSF Firewall default port listing
     
  3. leoadhemartan

    leoadhemartan New Member

    5
    1
    3
    Jun 28, 2019
    Ratings:
    +1
    Local Time:
    1:51 PM
    I edited /etc/ssh/sshd_config and restarted ssh.

    The actual port number is somewhere in teh 1000-1200 range. The 11211 was just an arbitrary placeholder.

    I had no issues logging in from my office isp (static ip) but if I log in using the same laptop on my home isp, that's when the timing out is happening.
     
  4. eva2000

    eva2000 Administrator Staff Member

    41,668
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,413
    Local Time:
    3:51 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    change /etc/ssh/sshd_config port back to 22 then use centmin.sh menu option 16 to change your SSH port from 22 to something else. The menu option will prompt first for existing SSH port number which for you is 22 and then prompt for desired new SSH port number and make appropriate CSF Firewall changes. It's appropriate CSF Firewall changes you were missing by manually editing /etc/ssh/sshd_config standalone
     
  5. leoadhemartan

    leoadhemartan New Member

    5
    1
    3
    Jun 28, 2019
    Ratings:
    +1
    Local Time:
    1:51 PM
    That did the trick!

    I really should get in the habit of doing things inside centmin first before digging into the files.

    Thanks!
     
    • Like Like x 1
  6. eva2000

    eva2000 Administrator Staff Member

    41,668
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,413
    Local Time:
    3:51 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x