Eu tenho o sshd rodando na porta 8000 rodando em um Linux Mint 17.2 Rafaela.
$ sudo netstat -tnlp | grep :8000
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 839/sshd
tcp6 0 0 :::8000 :::* LISTEN 839/sshd
$
Eu posso ssh do meu PC para si mesmo no localhost. Mesmo para ssh -p 8000 127.0.0.1
.
$ ssh -p 8000 localhost
The authenticity of host '[localhost]:8000 ([127.0.0.1]:8000)' can't be established.
ECDSA key fingerprint is 0d:bb:dd:87:b2:4a:72:3a:97:de:7d:2d:fe:52:05:6d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:8000' (ECDSA) to the list of known hosts.
mudd@localhost's password:
Eu tenho a porta 8000 encaminhada no meu roteador para o meu PC. Verifiquei isso usando o teste de conectividade do servidor SSH . Ele foi capaz de se conectar ao meu PC e recuperar a impressão digital sshd.
Connected to myhost.duckdns.org:8000
Server fingerprint is 2EA4035592EF0D0BE8527A6849BE42D5
Isso foi confirmado pela seguinte mensagem de log em /var/log/auth.log.
Sep 5 18:47:21 desktop sshd[4442]: Received disconnect from 50.116.26.68: 11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) [preauth]
Mas não consigo me conectar se usar o mesmo nome de host e porta do meu PC. Não há mensagens de log quando a conexão é recusada.
$ ssh -vvv -p 8000 myhost.duckdns.org
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to myhost.duckdns.org [111.222.333.444] port 8000.
debug1: connect to address 111.222.333.444 port 8000: Connection refused
ssh: connect to host myhost.duckdns.org port 8000: Connection refused
$
Não estou executando o firewall do ufw .
$ sudo ufw status
Status: inactive
$
Aqui estão as linhas sem comentário do meu ssh_conf:
Port 8000
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
Aqui estão as linhas sem comentário do meu ssh_conf:
Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
Corri sudo tcpdump port 8000
e obtive o seguinte ao testar a partir do teste de conectividade do servidor SSH .
20:34:25.412135 IP li477-68.members.linode.com.50538 > 192.168.10.10.8000: Flags [S], seq 569792316, win 29200, options [mss 1460,sackOK,TS val 522115066 ecr 0,nop,wscale 7], length 0
20:34:25.412181 IP 192.168.10.10.8000 > li477-68.members.linode.com.50538: Flags [S.], seq 1436050940, ack 569792317, win 28960, options [mss 1460,sackOK,TS val 3115491 ecr 522115066,nop,wscale 7], length 0
20:34:25.464245 IP li477-68.members.linode.com.50538 > 192.168.10.10.8000: Flags [.], ack 1, win 229, options [nop,nop,TS val 522115082 ecr 3115491], length 0
20:34:25.464893 IP li477-68.members.linode.com.50538 > 192.168.10.10.8000: Flags [P.], seq 1:28, ack 1, win 229, options [nop,nop,TS val 522115082 ecr 3115491], length 27
20:34:25.464938 IP 192.168.10.10.8000 > li477-68.members.linode.com.50538: Flags [.], ack 28, win 227, options [nop,nop,TS val 3115504 ecr 522115082], length 0
20:34:25.488193 IP 192.168.10.10.8000 > li477-68.members.linode.com.50538: Flags [P.], seq 1:44, ack 28, win 227, options [nop,nop,TS val 3115510 ecr 522115082], length 43
20:34:25.489932 IP 192.168.10.10.8000 > li477-68.members.linode.com.50538: Flags [.], seq 44:1492, ack 28, win 227, options [nop,nop,TS val 3115511 ecr 522115082], length 1448
20:34:25.541411 IP li477-68.members.linode.com.50538 > 192.168.10.10.8000: Flags [.], ack 44, win 229, options [nop,nop,TS val 522115105 ecr 3115510], length 0
20:34:25.541481 IP 192.168.10.10.8000 > li477-68.members.linode.com.50538: Flags [P.], seq 1492:1692, ack 28, win 227, options [nop,nop,TS val 3115523 ecr 522115105], length 200
20:34:25.545375 IP li477-68.members.linode.com.50538 > 192.168.10.10.8000: Flags [P.], seq 28:676, ack 44, win 229, options [nop,nop,TS val 522115105 ecr 3115510], length 648
20:34:25.581765 IP 192.168.10.10.8000 > li477-68.members.linode.com.50538: Flags [.], ack 676, win 237, options [nop,nop,TS val 3115534 ecr 522115105], length 0
20:34:25.596528 IP li477-68.members.linode.com.50538 > 192.168.10.10.8000: Flags [.], ack 1692, win 274, options [nop,nop,TS val 522115122 ecr 3115511], length 0
20:34:25.635013 IP li477-68.members.linode.com.50538 > 192.168.10.10.8000: Flags [P.], seq 676:948, ack 1692, win 274, options [nop,nop,TS val 522115133 ecr 3115534], length 272
20:34:25.635043 IP 192.168.10.10.8000 > li477-68.members.linode.com.50538: Flags [.], ack 948, win 247, options [nop,nop,TS val 3115547 ecr 522115133], length 0
20:34:25.652925 IP 192.168.10.10.8000 > li477-68.members.linode.com.50538: Flags [P.], seq 1692:2540, ack 948, win 247, options [nop,nop,TS val 3115551 ecr 522115133], length 848
20:34:25.722014 IP li477-68.members.linode.com.50538 > 192.168.10.10.8000: Flags [P.], seq 948:964, ack 2540, win 296, options [nop,nop,TS val 522115159 ecr 3115551], length 16
20:34:25.761772 IP 192.168.10.10.8000 > li477-68.members.linode.com.50538: Flags [.], ack 964, win 247, options [nop,nop,TS val 3115579 ecr 522115159], length 0
20:34:25.814129 IP li477-68.members.linode.com.50538 > 192.168.10.10.8000: Flags [P.], seq 964:1016, ack 2540, win 296, options [nop,nop,TS val 522115187 ecr 3115579], length 52
20:34:25.814202 IP 192.168.10.10.8000 > li477-68.members.linode.com.50538: Flags [.], ack 1016, win 247, options [nop,nop,TS val 3115592 ecr 522115187], length 0
20:34:25.814396 IP 192.168.10.10.8000 > li477-68.members.linode.com.50538: Flags [P.], seq 2540:2592, ack 1016, win 247, options [nop,nop,TS val 3115592 ecr 522115187], length 52
20:34:25.868770 IP li477-68.members.linode.com.50538 > 192.168.10.10.8000: Flags [P.], seq 1016:1116, ack 2592, win 296, options [nop,nop,TS val 522115203 ecr 3115592], length 100
20:34:25.869212 IP li477-68.members.linode.com.50538 > 192.168.10.10.8000: Flags [F.], seq 1116, ack 2592, win 296, options [nop,nop,TS val 522115203 ecr 3115592], length 0
20:34:25.870699 IP 192.168.10.10.8000 > li477-68.members.linode.com.50538: Flags [F.], seq 2592, ack 1117, win 247, options [nop,nop,TS val 3115606 ecr 522115203], length 0
20:34:25.922969 IP li477-68.members.linode.com.50538 > 192.168.10.10.8000: Flags [.], ack 2593, win 296, options [nop,nop,TS val 522115220 ecr 3115606], length 0
Isso é tudo o que recebo ao executar ssh -vvv -p 8000 myhost.duckdns.org
.
20:36:38.940822 IP 192.168.10.10.35369 > fl-71-53-144-158.dhcp.embarqhsd.net.8000: Flags [S], seq 1068206726, win 29200, options [mss 1460,sackOK,TS val 3148873 ecr 0,nop,wscale 7], length 0
20:36:38.941219 IP fl-71-53-144-158.dhcp.embarqhsd.net.8000 > 192.168.10.10.35369: Flags [R.], seq 0, ack 1068206727, win 0, length 0
Alguma sugestão ??