Did that occur to you before? Your (new) Internet connection seems to work instantly, but then you recognize, that you do not succeed with ssh connections. (Search engine question: “Why does my SSH connection not work?”) That may have different reasons.
- The ISP block connections on certain destination ports like 22.
If you can, get the sshd you want to connect to, to also answer on port 23 e.g. . You achieve this with an additional line like this in sshd_config there: “Port 23”.
Usually the “Port 22” has not been explicit there so far, so if you add another Port line, you would also have to make that “Port 22” explicit, otherwise that sshd will not answer on port 22 any longer. - The ISP does not like TOS flags in IP packets, that do not equal 0, or they just don’t like the TOS flag chosen by your openssh.
The following bullets should actually be “2.1” …, but blogger doesn’t easily support this, and I am just to lazy to enforce it HTML-wise.
- If you are using Linux and iptables, this may be your quickiest way to achieve this:
iptables -t mangle -A PREROUTING -p TCP –dport 22 -j TOS –set-tos 0x0
It did not work for me though, so I had to find another way. - I decided to adapt openssh to my needs, and here is the recipe:
Get yourself an openssh TAR ball, unpack it, configure it!
Add this line to config.h : “#define IP_TOS_IS_BROKEN 1” in order to leave the TOS flag untouched!
Build it, and install it to a safe place, i.e. not necessarily to the standard place, so you will still be able to use the standard installation! - A friend of mine built himself a utility to run on the router (a FRITZ!Box 7050 router) and selectively adapt the TOS flag according to his needs.
Migrating the utility to our FRITZ!Box 7390 models cost us too much time though, so we abandoned that solution.
If you are still interested in this approach, he might forward his sources to you, so let us know!
Leave a Reply