I have a workstation with Win 10 on which I installed OpenSSH server. If I try to connect to it (from another machine with Win 10 using ssh in a command prompt) I see it gives the following error:
ssh: connect to host Test3 port 22: Connection timed out
On wireshark Syn packets are sent but no answer is received back.
If I dissable Windows firewall on destination then connection is established.
I want to leave the firewall enabled and disable only ssh port.
You can easily use netsh.exe.
netsh advfirewall firewall add rule name="Open SSH Port 22" dir=in action=allow protocol=TCP localport=22 remoteip=any
You can also change remoteip to a specific host:
remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>
I found on microsoft site a link which allow to do it using graphical interface.
I solved my problem performing the following steps as administrator:
Open the Group Policy Management Console / File/ Add snap-in / Windows Defender Firewall with Advanced Security(or Windows Settings/ Windows Defender Firewall / Advanced settings).
Inbound Rules / Actions / New rule
Rule Type / Port / Next
TCP / Specific port: 22 / Next
Allow the connection / Next / Next
Name / Open ssh port 22 / Finish
Related
I was updating the ssh port of an Oracle Cloud Infrastructure machine
I changed /etc/ssh/sshd_config
The port was
#Port 22
I changed it to
Port 40531
Then
restarted the sshd service systemctl restart sshd
open the port on the OCI Web
however, now I cannot connect.
ssh -vvv -p 40531 -i ~/.ssh/vm.key opc#129.xxx.xxx.xxx
OpenSSH_8.2p1, OpenSSL 1.1.1e 17 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 129.xxx.xxx.xxx is address
debug2: ssh_connect_direct
debug1: Connecting to 129.xxx.xxx.xxx [129.xxx.xxx.xxx] port 40531.
debug1: connect to address 129.xxx.xxx.xxx port 40531: Connection timed out
ssh: connect to host 129.xxx.xxx.xxx port 40531: Connection timed out
I saw a Cloud Shell but I'm not sure if it can be used to connect to the machine to perform maintenance tasks
Is there a way to connect to the VM from the web oci interface to fix the ssh issues?
I used to use a VPS service that has a web console from which you can enter to fix problems like this
is there something like this in OCI?
Note:
SELinux was disabled on the machine
if you are about to do this on your machine, remember to update the SELinux configuration prior restart the sshd service or you will be locked out, another option is to disable SELinux totally (this is what I did)
The changes above described worked well, the only thing that was causing issues on my side
(I don't really know why) is that I was connected from a VPN
After I disconnected the VPN and tried to connected again it worked
Update:
I figured out why the ssh using a different port was not working. The VPN I use is a corporate VPN which has very strict inbound and outbound rules, The VPN outbound rules were blocked by the TCP on port 40xxx.
Update:
if you are struggling with a VM you can connect using the below instruction
Creating the Instance Console Connection
Before you can connect to the serial console or VNC console, you need to create the instance console connection.
To create the console connection for an instance
Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances.
Click the instance that you're interested in.
Under Resources, click Console Connection.
Click Create Console Connection.
Upload the public key (.pub) portion for the SSH key. You can browse to a public key file on your computer or paste your public key into the text box.
Click Create Console Connection.
When the console connection has been created and is available, the state changes to Active.
Thanks to #bmuthuv for the info
You can connect to Serial Console of the VM where you could get access to GRUB Menu during a Reboot operation. You can subsequently use typical Linux commands to get to Shell from Grub. You can subsequently undo anything you would like to.
Serial Console connection can be created on OCI Web Console in the Instance's page.
I am ssh-ing onto a remote desktop. Since I have to connect over the internet, I have exposed the ssh port (22) on the remote side using ngrok, and everything is working great. I connect to the desktop using the command
ssh username#2.tcp.ngrok.io -p portno
where I get the portno from the remote side, when I start the ngrok service from the line that says
Forwarding tcp://2.tcp.ngrok.io:portno -> localhost:22
However, everytime I start a new ngrok session on the remote side, a new portno is generated. Now, unless I have a secondary connection open (typically using teamviewer), I would not be able to know what that port number is.
How can I start the ngrok service with a fixed portno. This is because I want to have the ngrok service on startup as I would have to restart my remote desktop a couple of times and still want to connect to the desktop using ssh.
Thanks.
You'll need to reserve a TCP address on ngrok, which will give you a fixed address.
To associate a tunnel with a reserved TCP address, you should include the remote-addr option in your ngrok config when starting the tunnel.
An example from the docs: ngrok tcp --region=us --remote-addr 1.tcp.ngrok.io:20301 22
I want to connect to a remote server (host1) that accessible only from it's private network.
Another server (host2) is accessible from the Internet.
I opened a tunnel to host2 using PuTTY and tested it's working with Firefox (also checked that I got different IP address).
How can I connect to host1 using the tunnel I created?
I tried to configure proxy (to the tunnel I created - localhost) in PuTTY but it's not working.
The error I got: "Server unexpectedly closed network connection"
Pay attention that the host is the computer name in the network.
You connect to the local tunnel end directly, no "proxy" setting is needed.
This typically means that you use "localhost" as a Host Name. And a port according to your tunnel configuration.
See my guide for tunneling SFTP/SCP session. It's for WinSCP, but just use PuTTY instead of WinSCP in section Connecting through the tunnel.
I have Apache installed on Windows 7. It's running successfully - I can connect to it from the local host. The problem is that none of the other computers on the local wireless network don't connect.
I have configured the \apache\conf\httpd.conf to "Allow from all" and to "Listen 80"
I disabled the Firewall for Port 80
Also, the command netstat -abn shows:
TCP 0.0.0.0:80 0.0.0.0: LISTENING
Can anyone think of a reason that prevents me to connect from another machine?
Try using the repair option on the firewall - sometimes the wizard there will add additional rules which resolve the issue.
i'm trying to block/allow the 80 port to block/allow internet access in browsers.
i referred to this article http://support.microsoft.com/kb/947709 about netsh commands.
my command was :
netsh advfirewall firewall add rule name=”allow80” protocol=TCP dir=out localport=80 action=block
the cmd asked me for admin rights, after running with admin rights, running the commands returns ok. but i does absolutely nothing, i'm still allowed to browse the web.
what can be wrong?
change localport=80 to remoteport=80
It seems that you set the local port as tcp 80, but you build an outgoing rule, technically the local port is the source port for this kind of rule because you start a connection to the remote port (destination port) tcp 80 to any site on internet, you must change the localport to remoteport parameter.
Regards.