Access Server via SSH When IP Address Is Blocked - ssh

The entire scenario of my situation seems 10/10 sketchy, I'll admit. So I won't bother convincing you this isn't a malicious attempt to access a server that isn't mine - I'll simply say once, that this is a legitimate need for assistance.
That said, basically my problem goes back to me being a little too restrictive when it came to SSH access to my CentOS 6 server. Basically I restricted access to my custom SSH port from only two IP addresses - one being my home address, and one being my work address - via iptables. The problem is, I no longer work where I do, and my home IP address changed ever since I upgraded my internet.
Obviously this means I no longer am able to connect to my server via SSH since I don't own that IP address anymore.
My question is, is there anything I can do to access this server? I have no console access, but I do at least know the IP address I used to use to log into the server (maybe possible to spoof an IP address, but I have no clue). The only other thing I can think of is I have DirectAdmin installed on the server and can still login with the admin account. Other than that, I've got nothing.
If anyone has any idea on what I can do, it would be greatly appreciated.

You can change the SSH port number from Directadmin file editor (if you have root password),
Then restart the sshd service from service manager
And you can connect to SSH via new port number!

Related

OpenVPN GUI connects to VPN but IP does not change

I never used VPNs, I know what they are and how they work in general, but I never had to use one in practice; now I need to use it to connect to a machine in my university lab, my teacher provided the configuration file and the other needed files to set it up.
I installed the OpenVPN GUI with admin privileges, I imported the config file (".ovpn" file in my case) and launched (always as admin) the connection, which immediately works and I am assigned a new IP address. However, if I quickly check on "whatIsMyIP.com" or on Google, the IP is unchanged, it's still my original IP.
Now I also tried with other random VPNs downloaded from VPNBook, and they work, meaning that I can see that the IP changes as soon as I turn them on. I really cannot understand what I am doing wrong (my professor told me that he tried connecting through a VPN as well and it worked for him, so the problem must be on my client side)...
PLUS: when this problem of the unchanged IP is fixed, I am supposed to use ssh to connect to the remote machine. I was asked to generate a pair of public+private keys, passed the public to my teacher who added it on the machine and then connect through the command:
"ssh username#hostname"
Besides the fact that it does not work due to the VPN not changing the IP, I get the error "No address associated with hostname", so I understand it cannot resolve the given hostname, nonetheless my professor gave me only that: is it correct that I can ssh to the remote machine by only having the hostname or (as I believe) I also need the IP, which I can associate with the hostname and then connect?

Change the "IP Address" portion of a local Apache2 server to some consistent string

I have an Apache2 server running in Debian 9.
I am using it to host a custom MediaWiki Wiki.
To navigate to the Wiki I use something of this form "10.200.200.20/mediawiki" where the Apache2 server is running on 10.200.200.20.
This works fine however sometimes the IP Address (10.200.200.20) will change and then everyone on the local network navigating to the Wiki will have to be notified and use the new IP Address which is a hassle.
I wish to change it to something consistent, for example "OurWikiServer/mediawiki" it doesn't really matter that much as long as it can always be found at the same place.
I know this is possible as the MediaWiki installation was previously maintained by someone else who used XAMPP in Windows 7 and it was configured to be found at "stringHere/mediawiki" on the local network.
I have tried changing it in /etc/hosts and can get it changing on individual machines as expected, however have no idea how to get it working network wide.
The best way to do this is to define the IP of this station static. This can be done via reservation in DHCP server or assign IP outside of the DHCP IPs. Also consider adding small DNS server to provide hostname instead of IP

PuTTY Cannot connect to a friend's server even though not blacklisted

Disclaimer
I know there are a LOT of similar questions to this one, but they all seem to be unanswered or their answers do not solve the problem for me.
My friend is hosting a server from home and I have been helping him to run a game server on it. I was able to connect using PuTTY, WinSCP and the game we were hosting, but due to a former admin logging in without permission, my IP was accidentally blacklisted from the server. Now I get timed out whenever I try to connect to the server with either of the programs mentioned above.
My friend, who is hosting the server from home, told me that my IP does not appear on the blacklist and nor does any other IP address in our country.
This is not caused by the game's banning system because I cannot even access the server console through PuTTY.
If you are able to ping that server Ip from your end that means there is an issues with the SSH port. Please check SSH port of your server and check that is enable at your server and your ISP end.

Google Cloud SQL Authorized Network can't connect

I'm trying to connect to my Google Cloud SQL instance from my desktop but am getting the following error:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
According to the docs this means that the client's IP isn't authorised to access the instance. I have done the standard "what's my ip" google search and added the IP to the "Authorised Networks" list of the instance (as well as a bunch of variations and /x ranges - none have worked, yes I restarted the instance). I have set a root password and even tried connecting with the necessary SSL certs - yields the same error.
I can connect to other (non-google) sql databases, I can ping the database, and I'm not behind any significant firewalls.
How i'm typically trying to connect (also tried SSL):
mysql --host=the.instance.ip.add --user=root --password
Nothing I try seems to work.
I feel like I must be missing something obvious - any suggestions welcome (this is a nightmare).
Could you check again if you have authorized the correct IP address.
If using your desktop from home, you may be having a private IP address for the desktop. What you really need to authorize is the public IP address.
The "what's my ip" search on Google doesn't currently work properly when the ISP is proxying the web traffic transparently. Better information on the IP seems to be provided by Proxy Test from http://www.lagado.com/proxy-test.
Make sure that the IP you are using is the public IP, keep in mind that this can change from time to time depending on your Internet provider. The easiest way to authorize any network is to add 0.0.0.0/0 to the witelist
I check my ip addres in this page https://www.whatismyip.com/es/

Able to RDP into remote server, but not able to ping or telnet

We have a Win Server 2008 box being hosted (dedicated) for us.
I need to connect to one of it's DB's from a server in our LAN.
What started out as a "sure, I'll just throw that together for you real quick" project has turned into a week-long hair-pulling pile of WTF :)
I am able to RDP into that server without fail or issue.
When I tried to connect to the DB, I got a generic "could not connect" error, so I went hunting.
Telnet attemtps and pings time out.
Since then, we have tried endless variations of firewall settings (including wide open), and still ... no go.
In addition to our firewall, the hosting provider also has a firewall layer.
We turned on all logging, and we don't even see any connection attempts at our FW.
We then had the hosting provider turn on all logging, and they don't see any connection attempts either!
Hrmmmph
I'm at a complete loss.
Any suggestions?
BTW, while I'm comfortable enough with all this to explore and make changes, my experience with firewalls and stuff is fairly limited, so don't hesitate to dumb it down ;)
It is hard to give just one answer to this question, because the interim results of the problem analysis lead to different steps that you need to do next. It will more likely be a step by step help with tracing down the problem.
Do not trust any firewall setting (esp. not any that someone else did, and again esp. not if you don't know him), unless you tested it. Firewall settings are tricky and even experienced professionals get them wrong now and then.
In the guide below, I will write <win2008server> in commands where you have to put the name or IP of the windows 2008 server to which you want to connect. On the other side, I will use the expression "office PC" when I mean your workstation PC in the office from where you are trying to connect to the win2008server.
STEP 1: Checking the Endpoints
1.) Can you telnet to the RDP port?
On your office PC, try this on a command prompt:
telnet <win2008server> 3389
This is to make sure that DNS name resulution works for telnet, as well as network hardware and routing. It should, because you can use RDP to establish this connection. However, anything can get in between, like the telnet command being in any way configured nonstandard or being replaced for whatever reason on a company pc (sysadmins have strange ideas at times...).
2.) Can you telnet locally on the win2008server to the database?
When logged in using RDP on the win2008server, open a command prompt on the server and issue the command
telnet <win2008server> <database port>
That means you are trying to connect from the server to itself. This is to make sure the database port is open on the server.
STEP 2: Checking the Firewalls of the Endpoints
If for 1.) and 2.), your answer is yes it works, you have to test if either the remote side can not be reached or your location can not connect to the internet on the port you are testing (database port). You do this by replacing the respective other side with any other host on the internet for which you know it's reachable or can reach other servers. Typically, you google for a port checker ;)
3.) Check if the win2008server can be reached from another location than yours:
3.1.) Check if the RDP port of the win2008server can be reached from a third party location:
Google for port checker and take the first result (e.g. http://www.yougetsignal.com/tools/open-ports/ ). Type in the name or IP address of the win2008server and the RDP port, usually 3389 . Click on "check" and wait for the success or the timeout.
3.2.) Check if the database port of the win2008server can be reached from a third party location:
Do the same as in 3.1.), just with the database port instead of the RDP port.
4.) Check if you can connect to an outside server on the database port:
For this to work, you need to know a server or create one, which is somewhere outside on the internet, and which listens on the database port. You typically do this by keeping your private PC at home run and accessible through RDP or SSH, and there you open a server and configure your private internet router to forward the connection correctly.
Another way to do this test is webspace with SSH access. Many webspace providers nowadays allow for an SSH login (usually any webspace at $4/month and above).
Let's assume you have SSH access to any such third party place. You can use nc (netcat) there to open a server socket on the database port with this command:
nc -l <database port>
If it's your private PC at home, you usually have to also configure your private router and set up a dynamic DNS name for your internet access for the whole story to work out. You do not have this extra work with a webspace based SSH login. However, there you can not test ports below 1024 because you do not have the privileges. Good luck with this ;)
After you got this, try connecting to the port that you opened:
4.1.) From your office PC with
telnet <third party location> <database port>
4.2.) If 4.1.) does not work, also try with the port checker, because you might have gotten something wrong with setting up the server. Look at 3.) for this, and use the <third party location> and <database port> with the port checker (fourth party check).
STEP 3: Blaming ;)
At least one of the things should have failed by now and you can start calling people and letting them know about your tests and the results. You should be able to combine the results logically, but never start with that. Think about how to convey the information. Start out with your findings and then let them have a moment for their own conclusion. It can be difficult to tell someone in another company or department that their firewall isn't configured correctly. They might deny this even in the presence of proof. Be patient. Explain your findings again. Hint at the conclusion. This can be the trickiest part of the whole problem solution.
I have to say that today I had the same problem.
My solution was just to edit secpol.msc and disable all the FW profiles; then, run services.msc and also disable Windows Firewall service.
After this server was pingable for me.