Fwd: SSHD not connecting from outside(real) IP

Fwd: SSHD not connecting from outside(real) IP

[João Paulo]

[-- Attachment #1: Type: text/plain, Size: 795 bytes --]

Hello all,
I have a mystery and I need help. I have openssh(Cygwin) installed and 
working just fine in here.
I can connect normally from any of my machines to the server using local 
IPs. Ex: ssh localhost or ssh 192.168.0.2. BUT, when using my external 
IP(over internet->real IP) it times out.
I can validate that the service is up and running on 
http://www.canyouseeme.org/ on the port FW I did for this service.
Port 22 is correctly FW to my SSHD server. On windows, I can only see an 
entry on Security Events(attached) and nothing else after that. (Means 
it is reaching my machine)
I have tried to reinstall Cygwin, change ports. sshd_config is in 
default, disable firewall, AV. I ran out of ideas......
I had this working fine on previous window 7, now I am on Windows 10.
Thanks.




[-- Attachment #2: Event.txt --]
[-- Type: text/plain, Size: 2043 bytes --]

Nome do Log:   Security
Fonte:         Microsoft-Windows-Security-Auditing
Data:          04/01/2016 14:03:31
Identificação do Evento:4798
Categoria da Tarefa:Gerenciamento de conta de usuário
Nível:         Informações
Palavras-chave:Sucesso da Auditoria
Usuário:       N/D
Computador:    BatComputador
Descrição:
A associação a um grupo local do usuário foi enumerada.

Entidade:
	ID de Segurança:		BATCOMPUTADOR\JP
	Nome da Conta:		JP
	Domínio da Conta:		BATCOMPUTADOR
	ID de Logon:		0x239B0DF

Usuário:
	ID de Segurança:		BATCOMPUTADOR\cyg_server
	Nome da Conta:		cyg_server
	Domínio da Conta:		BATCOMPUTADOR

Informações do Processo:
	ID do Processo:		0x7ac
	Nome do Processo:		C:\cygwin64\bin\ssh.exe
XML de Evento:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4798</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>13824</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8020000000000000</Keywords>
    <TimeCreated SystemTime="2016-01-04T16:03:31.476257500Z" />
    <EventRecordID>20680</EventRecordID>
    <Correlation ActivityID="{366A6DA1-4679-0002-A26D-6A367946D101}" />
    <Execution ProcessID="824" ThreadID="5860" />
    <Channel>Security</Channel>
    <Computer>BatComputador</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="TargetUserName">cyg_server</Data>
    <Data Name="TargetDomainName">BATCOMPUTADOR</Data>
    <Data Name="TargetSid">S-1-5-21-4249706122-4236901496-3004814693-1017</Data>
    <Data Name="SubjectUserSid">S-1-5-21-4249706122-4236901496-3004814693-1000</Data>
    <Data Name="SubjectUserName">JP</Data>
    <Data Name="SubjectDomainName">BATCOMPUTADOR</Data>
    <Data Name="SubjectLogonId">0x239b0df</Data>
    <Data Name="CallerProcessId">0x7ac</Data>
    <Data Name="CallerProcessName">C:\cygwin64\bin\ssh.exe</Data>
  </EventData>
</Event>

[-- Attachment #3: Type: text/plain, Size: 218 bytes --]

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: SSHD not connecting from outside(real) IP

[Nem W Schlecht]

Do you have a firewall rule set up for SSHD?  (Control Panel ->
Administrative Tools -> Windows Firewall with Advanced Security ->
Inbound Rules)

Is the Profile set to "Private" - if so, set it to "ALL" (Properties
on the rule, then "Advanced" select all at the top).

You could always *temporarily* disable the windows firewall to see if
that's the issue (make sure to turn it back on again, though!!!)

This shouldn't be a problem though, I would think, since SSHD should
just think it is talking to your router and nothing else, even though
you are remote (since you're using a port forwarding rule).

Are the "Port", "AddressFamily", and "ListenAddress" lines commented
out at the top of your /etc/sshd_config?  (They should be.)



On Mon, Jan 4, 2016 at 2:05 PM, João Paulo <joaoptc@gmail.com> wrote:
> Hello all,
> I have a mystery and I need help. I have openssh(Cygwin) installed and
> working just fine in here.
> I can connect normally from any of my machines to the server using local
> IPs. Ex: ssh localhost or ssh 192.168.0.2. BUT, when using my external
> IP(over internet->real IP) it times out.
> I can validate that the service is up and running on
> http://www.canyouseeme.org/ on the port FW I did for this service.
> Port 22 is correctly FW to my SSHD server. On windows, I can only see an
> entry on Security Events(attached) and nothing else after that. (Means it is
> reaching my machine)
> I have tried to reinstall Cygwin, change ports. sshd_config is in default,
> disable firewall, AV. I ran out of ideas......
> I had this working fine on previous window 7, now I am on Windows 10.
> Thanks.

-- 
Nem W Schlecht
 "Perl did the magic.  I just waved the wand."

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Fwd: SSHD not connecting from outside(real) IP

[João Paulo]

Yep, yep to all.
I have tried that all.
Also changed ports. I thought this could be a SIP block. But I can see 
the service on canyouseeme on all ports I tried.
And I troubleshoot it all. Disabled the firewall rules (service 
blocked), enable it again(active). And that same with Router Port FW, 
cygwin service.
I am really out of ideas.
One thing I didn't mention. I have a ADSL modem: it DMZ to DDWRT. And 
then I FW the port to my server. I have a lot of fail points, but I 
tested them all !
Thanks.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Fwd: SSHD not connecting from outside(real) IP

[Adam Dinwoodie]

On Mon, Jan 04, 2016 at 06:05:32PM -0200, João Paulo wrote:
> Hello all,
> I have a mystery and I need help. I have openssh(Cygwin) installed
> and working just fine in here.
> I can connect normally from any of my machines to the server using
> local IPs. Ex: ssh localhost or ssh 192.168.0.2. BUT, when using my
> external IP(over internet->real IP) it times out.
> I can validate that the service is up and running on
> http://www.canyouseeme.org/ on the port FW I did for this service.
> Port 22 is correctly FW to my SSHD server. On windows, I can only
> see an entry on Security Events(attached) and nothing else after
> that. (Means it is reaching my machine)
> I have tried to reinstall Cygwin, change ports. sshd_config is in
> default, disable firewall, AV. I ran out of ideas......
> I had this working fine on previous window 7, now I am on Windows 10.
> Thanks.

To check I'm understanding you correctly: you're using Cygwin on your
Windows 10 machine to run an sshd service, you're attempting to connect
to this using SSH from another machine, this works when the other
machine is within your local network but not when the other machine is
external.

If that's the case, I think it's very unlikely that Cygwin is the
problem  -- if Cygwin were the problem, I would expect connections to
fail on your local network too.  To check that, can you run a packet
capture on the system running Cygwin sshd while you attempt to connect?
I expect it will show no received packets, which means the problem lies
elsewhere in your network.

For packet capture I normally use Wireshark, but alternatives are
available (doing it on your router would be ideal if it supports that).

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Fwd: SSHD not connecting from outside(real) IP

[João Paulo]

Just run wireshark in here, and that is what I got:
3686    466.550797    192.168.1.2    187.114.55.X    TCP    62 [TCP 
Retransmission] 50346 → 22 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

1.2 is my local server. 187.144.55.X is my real IP. The connection is 
reaching my machine on port 22. Detail that I am trying to connect on 
the same macine as the server (1.2) If I use ssh 192.1168.1.2 it works, 
but if I use 187.144.55.x it doesnt. Any other suggestion?
Thanks.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Fwd: SSHD not connecting from outside(real) IP

[Jack]

On 2016.01.04 20:16, João Paulo wrote:
> 
> Just run wireshark in here, and that is what I got:
> 3686    466.550797    192.168.1.2    187.114.55.X    TCP    62 [TCP  
> Retransmission] 50346 → 22 [SYN] Seq=0 Win=65535 Len=0 MSS=1460  
> SACK_PERM=1
> 
> 1.2 is my local server. 187.144.55.X is my real IP. The connection is  
> reaching my machine on port 22. Detail that I am trying to connect on  
> the same macine as the server (1.2) If I use ssh 192.1168.1.2 it  
> works, but if I use 187.144.55.x it doesnt. Any other suggestion?
> Thanks.

Have you tried connecting to the external IP from a machine that is  
external to your local net?  I have vague memories of strange issues if  
you try to connect to your public IP from inside.  However, if your  
router is running DDWRT, then you should be able to get some some  
better detail from the router itself about what it is doing with that  
request.

Jack
--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Fwd: SSHD not connecting from outside(real) IP

[Oleg Volkov]

04.01.2016 22:05, João Paulo writes:
> Hello all,
> I have a mystery and I need help. I have openssh(Cygwin) installed and
> working just fine in here.
> I can connect normally from any of my machines to the server using local
> IPs. Ex: ssh localhost or ssh 192.168.0.2. BUT, when using my external
> IP(over internet->real IP) it times out.
> I can validate that the service is up and running on
> http://www.canyouseeme.org/ on the port FW I did for this service.
> Port 22 is correctly FW to my SSHD server. On windows, I can only see an
> entry on Security Events(attached) and nothing else after that. (Means
> it is reaching my machine)
> I have tried to reinstall Cygwin, change ports. sshd_config is in
> default, disable firewall, AV. I ran out of ideas......
> I had this working fine on previous window 7, now I am on Windows 10.
> Thanks.

Try to issue the `traceroute' command to your real IP over the Internet 
from a Linux computer and specify packet length 1452. If it fails, then 
maybe a misconfigured router (e.g. CISCO) on the way has a lesser MTU 
set and large packets sent by SSH do not get through. If your Internet 
service provider indeed has this problem, then "MSS FIX 1452" command 
issued on a CISCO router may fix it.

Oleg

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Fwd: SSHD not connecting from outside(real) IP

[João Paulo]

Guys,
thanks a lot for all the tips.
Ended up being a firewall issue on my modem.
I could connect from a machine on US (I am in Brazil) from work, and no 
were else. I started to map the incoming ports on the router and notice 
that it was actually not reaching the router. That lead me to conclude 
the problem was on the modem. I call the ISP, they told me they do not 
block anything (afffffffffffffffffff hate those guys so much !!!!!!!) 
and if I need any assistance on that matter, I had to call the 
manufacture of the modem. I tried that already, but the firmware is 
modified by ISP. This is a ridiculous situation ! I end up finding a 
team that has created a modified version of the modem that provides 
access to the firewall interface. Just select default rule to accept and 
voila ! Seems the ISP is really not blocking, but this is a hell of a 
crappy FW !
Now I can connect to my server by my phone, and from the remote 
locations I have access. I really can't connect on the server from any 
LAN machine using my WAN IP. I could not understand why of that.
Anyhow, thanks a lot for all the tips and troubleshooting steps. That 
lead me to a resolution !
Thanks !!!

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Fwd: SSHD not connecting from outside(real) IP

[Lee]

On 1/4/16, Adam Dinwoodie wrote:
> On Mon, Jan 04, 2016 at 06:05:32PM -0200, João Paulo wrote:
>> Hello all,
>> I have a mystery and I need help. I have openssh(Cygwin) installed
>> and working just fine in here.
>> I can connect normally from any of my machines to the server using
>> local IPs. Ex: ssh localhost or ssh 192.168.0.2. BUT, when using my
>> external IP(over internet->real IP) it times out.
>> I can validate that the service is up and running on
>> http://www.canyouseeme.org/ on the port FW I did for this service.
>> Port 22 is correctly FW to my SSHD server. On windows, I can only
>> see an entry on Security Events(attached) and nothing else after
>> that. (Means it is reaching my machine)
>> I have tried to reinstall Cygwin, change ports. sshd_config is in
>> default, disable firewall, AV. I ran out of ideas......
>> I had this working fine on previous window 7, now I am on Windows 10.
>> Thanks.
>
> To check I'm understanding you correctly: you're using Cygwin on your
> Windows 10 machine to run an sshd service, you're attempting to connect
> to this using SSH from another machine, this works when the other
> machine is within your local network but not when the other machine is
> external.
>
> If that's the case, I think it's very unlikely that Cygwin is the
> problem  -- if Cygwin were the problem, I would expect connections to
> fail on your local network too.  To check that, can you run a packet
> capture on the system running Cygwin sshd while you attempt to connect?
> I expect it will show no received packets, which means the problem lies
> elsewhere in your network.
>
> For packet capture I normally use Wireshark, but alternatives are
> available (doing it on your router would be ideal if it supports that).

Just be aware that a wireshark capture on the target machine captures
packets _before_ they're processed by the windows firewall, so if
wireshark shows the packets reaching the machine make sure to also
check the windows firewall log.

Regards,
Lee

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple