Sorry about the really basic question. I have Windows 10 with cygwin set up with openssh and the application allowed by my firewall. I am trying to set up the keypair but cannot connect to the host. The host has ssh enabled by default.
Tried turning off firewall, have tried using two different network connections (mobile hotspot and home network).
This may be a clue? The first and only time I connected was with Cygwin early yesterday, it did initially connect but at the password prompt even though I entered pwd correctly it denied access and disconnected. Since then I have only had timeouts….except for one other time, the first time I tried with PuTTy instead of Cygwin and same thing happened.
No problem pinging:
$ ping ***.***.***.*
Pinging ***.***.***.* with 32 bytes of data:
Reply from ***.***.***.*: bytes=32 time=171ms TTL=58
Reply from ***.***.***.*: bytes=32 time=283ms TTL=58
Reply from ***.***.***.*: bytes=32 time=115ms TTL=58
Reply from ***.***.***.*: bytes=32 time=123ms TTL=58
Ping statistics for ***.***.***.*:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 115ms, Maximum = 283ms, Average = 173ms
I have also tried connecting via IP but same result, my host has also confirmed user@ is not required, just the IP or domain.
When I try to connect to my host I get an error:
$ ssh -vvv www.domain.com.au
OpenSSH_7.5p1, OpenSSL 1.0.2k 26 Jan 2017
debug1: Reading configuration data /etc/ssh_config
debug2: resolving "www.domain.com.au" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to www.domain.com.au [***.***.***.*] port 22.
debug1: connect to address ***.***.***.* port 22: Connection timed out
ssh: connect to host www.domain.com.au port 22: Connection timed out
However I can connect to other hosts no problem.
Here is the nmap port info:
`$ nmap www.domain.com.au
Starting Nmap 7.40 ( httpsnmap.org ) at 2017-07-02 10:45 tra
Nmap scan report for www.domain.com.au (***.***.***.*)
Host is up (0.11s latency).
rDNS record for ***.***.***.*: server-2-r57.ipv4.au.syrahost.com
Not shown: 976 filtered ports
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp open ftp
25/tcp open smtp
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
5000/tcp open upnp
10000/tcp closed snet-sensor-mgmt
10001/tcp closed scp-config
10002/tcp closed documentum
10003/tcp closed documentum_s
10004/tcp closed emcrmirccd
10009/tcp closed swdtp-sv
10010/tcp closed rxapi
10012/tcp closed unknown
10024/tcp closed unknown
10025/tcp closed unknown
10082/tcp closed amandaidx
Nmap done: 1 IP address (1 host up) scanned in 14.10 seconds.
Any ideas how I can debug this? My IP is not blocked and I can connect to the domain via FTP on port 21 no worries.
Debugging: SSH to localhost
$ ssh -v localhost
OpenSSH_7.5p1, OpenSSL 1.0.2k 26 Jan 2017
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/jpols/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jpols/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jpols/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jpols/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jpols/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jpols/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jpols/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jpols/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5
debug1: match: OpenSSH_7.5 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'jpols'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:wywfb93uyAAcCFJeZ/68LZvn2Ym26v+0k7Ii3OAfrMc
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256vn2Ym26v+0k7Ii3OAfrMc.
Are you sure you want to continue connecting (yes/no)?
Debugging: Telnet to remote
$ telnet domain.com.au 22
Trying ***.***.***.*...
telnet: Unable to connect to remote host: Connection timed out
Debugging:
Tried changing sshd_config
port to 2222
. No luck, back using 22
again now.
Debugging: Nmap Traceroute
jpols@MrComputer ~
$ nMAP --traceroute -Pn -p 22 www.domain.com.au
Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-03 14:56 tra
Nmap scan report for www.domain.com.au (***.***.***.*)
Host is up (0.047s latency).
rDNS record for ***.***.***.*: server-2-r57.ipv4.au.syrahost.com
PORT STATE SERVICE
22/tcp filtered ssh
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
1 0.00 ms ***.***.*.*
2 32.00 ms ***.**.***.5
3 32.00 ms 097.pth0304.pth.iprimus.net.au (***.***.***.**)
4 32.00 ms ae1.csr01.mlganxd.wa.m2core.net.au (***.***.116.57)
5 32.00 ms ae5.csr01.prthpri.wa.m2core.net.au (***.***.116.49)
6 47.00 ms xe-0-2-0-21.pthpe01.pth.m2core.net.au (***.**.207.70)
7 32.00 ms ten-2-0-4.bdr01.per05.wa.vocus.net.au (***.**.207.208)
8 32.00 ms ten-0-0-0-1.cor02.per02.wa.vocus.net.au (***.**.206.38)
9 32.00 ms ge-0-0-3.bdr02.per02.wa.VOCUS.net.au (***.**.206.95)
10 ... 11
12 32.00 ms server-2-r57.ipv4.au.syrahost.com (***.***.***.*)
Nmap done: 1 IP address (1 host up) scanned in 6.38 seconds
The output above shows port 22 as filtered, my router and pc firewalls are temporarily disabled, anyone know how to debug the source of the filter?
Not sure if this is the right way to check but my external IP is showing port 22 open with a checker tool but my devices static IP is showing closed, is it accurate using a tool for the internal (device) ip? I'm at my wits end here but not giving up, the router has a rule setting port 22 as open for the device…what more can I do? See image:
router rule to open ssh (port 22)
Image Showing firewall status
Debugging: Note that since I posted this issue I have changed routers and internet service from ADSL to Fibre but still experiencing the same issue.
Have added inbound/outbound rules to allow port 22 in firewall just in case, no change.
Debugging: Traceroute
|------------------------------------------------------------------------------------------|
| WinMTR statistics |
| Host - % | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
| ***.***.*.* - 0 | 66 | 66 | 1 | 3 | 25 | 3 |
| ***.**.***.5 - 0 | 66 | 66 | 12 | 15 | 37 | 16 |
| 097.pth0304.pth.iprimus.net.au - 0 | 65 | 65 | 12 | 15 | 31 | 17 |
| ae1.csr01.mlganxd.wa.m2core.net.au - 0 | 66 | 66 | 13 | 16 | 38 | 14 |
| ae5.csr01.prthpri.wa.m2core.net.au - 0 | 66 | 66 | 13 | 17 | 44 | 17 |
| xe-0-2-0-21.pthpe01.pth.m2core.net.au - 0 | 65 | 65 | 13 | 16 | 36 | 15 |
| ten-2-0-4.bdr01.per05.wa.vocus.net.au - 0 | 66 | 66 | 13 | 15 | 37 | 13 |
| ten-0-0-0-1.cor02.per02.wa.vocus.net.au - 0 | 66 | 66 | 13 | 16 | 46 | 14 |
| ge-0-0-3.bdr02.per02.wa.VOCUS.net.au - 0 | 65 | 65 | 13 | 15 | 31 | 15 |
| No response from host - 100 | 13 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 13 | 0 | 0 | 0 | 0 | 0 |
| ******-***.ipv4.au.****host.com - 0 | 65 | 65 | 13 | 16 | 40 | 19 |
|________________________________________________|______|______|______|______|______|______|
WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider
Best Answer
I have resolved this issue and am annoyed to say that the host was blocking me the whole time even though the said they weren't. It took tier two support to fix (actually check??).
Thanks for all the help guys, gonna leave this here as it extensively details different debugging approaches for SSH with windows and Cygwin that may prove useful to someone in the future.