[GLLUG] A weird networking problem. Help!

Tim Woodall t at woodall.me.uk
Thu Jun 22 17:09:32 UTC 2017

On Thu, 22 Jun 2017, Alain Williams via GLLUG wrote:

> On Thu, Jun 22, 2017 at 05:28:45PM +0100, Greater London Linux UUG wrote:
>> I have the most bizarre networking problem and I'm struggling to think
>> what could possibly be causing it (other than a failing hack attempt by
>> the NSA or the like - I don't think I'd be interesting enough for anyone
>> to deliberately try to intercept my communications though)
>> The symptoms manifest as failing (outbound, haven't tried inbound while
>> it's happening) SSH connections. The SSH connections seem to fail to
>> anywhere.  But http and https connections to the same host work fine.
>> (and there's no MITM certificate interception happening). Running ssh
>> and telling it to connect to a non ssh service fails in the way you
>> expect. Running SSH to an ssh service "hangs" and eventually times out.
> Have you tried connecting with telnet:
> telnet machine.name 22
> This might not tell much, but is such a simple test that it is not worth not doing.
> This will tell you if it is a ssh problem or a routing/connectivity issue.

I hadn't tried that - but I have done ssh -p 80 a.domain and I see:
ssh_exchange_identification: Connection closed by remote host

Which suggests that ssh is outgoing on port 80 and the webserver doesn't
understand it and closes the connection. I've run a tcpdump capture on
the destination box for the ssh and I'll see what that shows but the
firewall logs don't show any SYN packets arriving.


More information about the GLLUG mailing list