Solved

Unable to connect from work via ssh over putty

Posted on 2010-11-26
13
750 Views
Last Modified: 2012-05-10
I'm trying to connect from work to my router at home, I think I'm getting block some how. however I found an open wireless network and was able to connect fine with the same settings. Here are my setting: my router is buffalo WHZ-HP-G300NH running dd-wrt firmware. I enable ssh on my router port 22 and I setup putty on port 443 on my router I have the remote port also set setup port 443. I'm using cable at home and again this settings work on open networks but not at work. The reason I know it works was because I did a test on whatsmyip.org before and after I connected to my router and the browser displayed my public IP when I was connected. My ip does not change unless I reboot my cable modem so far has not change. when I connect from work a get a connection time out.  I think a software on my work laptop is blocking me. I did a netstat and port 443 is listening.  I think this may have something to do with the proxy over here at work.
0
Comment
Question by:toroblanco2002
  • 7
  • 2
  • 2
  • +2
13 Comments
 
LVL 22

Accepted Solution

by:
Matt V earned 125 total points
ID: 34218038
Chances are work is blocking all non web traffic (anything except 80 and 443).

I know this is the case where I work, I cannot ssh/telnet to anything outside the office.
0
 
LVL 3

Author Comment

by:toroblanco2002
ID: 34218142
So there's no thing I could do?
0
 
LVL 14

Assisted Solution

by:small_student
small_student earned 125 total points
ID: 34218230
0
 
LVL 76

Expert Comment

by:arnold
ID: 34218832
You could also be blocked by your ISP at home.

IMHO, if your employer has setup firewall rules to prevent access to the outside, you should consider whether it is absolutely necessary for you to access your home router/network from work.

The other option if your employer provides you with a VPN connection from home, is to establish the connection and then use it to connect to your home system.  This will only work if your home system gets an IP on the employer's LAN.
0
 
LVL 3

Author Comment

by:toroblanco2002
ID: 34218889
small student, thank you for the links, I read the first article but base on what I understand the article is basing the tutorial on how to forward traffic once you connect to a remote host on port22 and then forward that traffic to another remote host on another port. correct me if I'm wrong I not very familiar with ssh I'm just trying to learn now. But in my case I'm not able to connect to a remote host.  I'm getting a connection time out.

regards
0
 
LVL 3

Author Comment

by:toroblanco2002
ID: 34218952
Arnold,
Thank you for your suggestion but the vpn here looks like is setup as host to gateway and blocking vpn traffic internally only outside vpn connections are allow.  I just want to setup the ssh so I can check my web mail.

regards
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 3

Author Comment

by:toroblanco2002
ID: 34218967
I think I'm going to give up on this one thank you all for your assistance and prompt response.
0
 
LVL 3

Author Comment

by:toroblanco2002
ID: 34218982
I will be giving points soon...
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 125 total points
ID: 34219433
I mean that your system from home will establish a permanent VPN connection to your location.  Once you are at the location from which you want to access the home system, you would need to use the VPN IP your home system was assigned.
0
 
LVL 14

Expert Comment

by:small_student
ID: 34219964
Hi ToroBlanco

Actually you can connect to your SSH by using a different port, that is the idea of port forwarding, you can use port 80 to tunnel your connection.

Another solution is to have your home router listen on another port for SSH instead of port 22 which is blocked by your Employer network.

So you have two solutions, but Arnold points that it is more ethical to play by your employer rules, some places take such measures seriously and might consider this illegal (Port forwarding does bypass your firewall).
 
0
 
LVL 10

Assisted Solution

by:lanboyo
lanboyo earned 125 total points
ID: 34220257
I still fail to understand what you are doing....

Putty will allow you to port forward thru a ssh connection.

First set up a remote host to run a ssh server. By default the remote server will listen on port 22, but you can configure the server to listen on a different port.

Test putty from your remote location. If you do not get a logon to the ssh server your port forwarding rules are irrelevant. Corporate networks may very well block outbound connections on various tcp ports like 22. You can change the listening port on your server, or do port translation on your router to make it so your ssh connection leaves your pc on some other tcp port that the router lets out. What works in your network? If AOL instant message works there , try tcp port 5190.

So pc tcp 5190 ------------->server listening on 5190 or
pc tcp 5190 --------------------> netgear changes port to -------22----> server running ssh

Eventually you get a log in, and you log in.  Close putty.

Now start working on the port forwarding. If you have a specific host port to connect to set that up. If you want to tunnel your web traffic and use the ssh session as a proxy, you will need to set up a dynamic connection.

At this point you will need to point your client at localhost on the appropriate port. For a web browser set it up as a socks proxy on the appropriate port. You can set firefox to send dns thru the ssh connection so that it resolves hostnames as if it were the ssh server.

It should be noted that by design, you are deliberately making it impossible for your company to read your traffic, and it is just as easy to configure this connection to allow incoming traffic, where you allow external entities to connect to your corporate network. Given that your corporate network guys cannot tell if you are trying to access a home server or open up corporate infrastructure to industrial spies, don't act shocked when they fire you.
0
 
LVL 3

Author Comment

by:toroblanco2002
ID: 34223548
lanboyo,  I know that port 443 is listening at work that's for sure so, what you are saying is... I can setup my router to listen on a different port other than 22.  So here's my question can I setup my router to listen on port 443 instead of port 22 and leave the source port on putty as port 443 and setup the remote port setting on my router as port 443.  Can I do that?   I'm not sure if that will work but I'm giving up I this this is the last thing I'm going to try.   I will post back in a few minutes.....
0
 
LVL 3

Author Closing Comment

by:toroblanco2002
ID: 34223569
Hey guys thank you for all the suggestions I know some of the suggestions will work if security was not that tight at work. But I know it does work on any other public network because I already try and it work perfect.  Thank you small student for the links very interesting I'm sure I will need them in a near future.  Thank you guys.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now