I'm running a Debian server from my home with a static IP address, with ssh configured to use key-based authentication rather than password-based. As of a couple weeks ago, I have been unable to ssh to my server from external locations. When I ssh from a laptop connected to the wireless network on the same router as my home server, I do successfully connect to the server. But when I ssh from an external location, I get this error:
OpenSSH_8.4p1 Debian-5+deb11u3, OpenSSL 1.1.1w 11 Sep 2023 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for * debug2: resolve_canonicalize: hostname xxx.xxx.xxx.xxx is address debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/user/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/user/.ssh/known_hosts2' debug2: ssh_connect_direct debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22. debug1: Connection established. debug1: identity file /home/user/.ssh/id_rsa type -1 debug1: identity file /home/user/.ssh/id_rsa-cert type -1 debug1: identity file /home/user/.ssh/id_dsa type -1 debug1: identity file /home/user/.ssh/id_dsa-cert type -1 debug1: identity file /home/user/.ssh/id_ecdsa type -1 debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/user/.ssh/id_ed25519 type -1 debug1: identity file /home/user/.ssh/id_ed25519-cert type -1 debug1: identity file /home/user/.ssh/id_ed25519_sk type -1 debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/user/.ssh/id_xmss type -1 debug1: identity file /home/user/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3 kex_exchange_identification: read: Connection timed out banner exchange: Connection to xxx.xxx.xxx.xxx port 22: Connection timed out When I ping the server from external locations, I get 100% packet loss; whereas when I ping the server from my local wireless network, there is 0% packet loss. (I do have nftables set to drop connections from numerous IP addresses that have attempted hacks in the past; however, the problem persists after flushing nftables, and at any rate, using check-host.net and www.site24x7.com to ping my server from various worldwide locations also results in 100% packet loss.) Port 22 is open. The package ufw is not installed on my server. The apache2 Web server running on my home server is correctly hosting my Web pages: from external locations, my Web page gmarks.org will open in a Web browser (even though "ping -c 10 gmarks.org" shows 100% packet loss). Running "traceroute xxx.xxx.xxx.xxx" from external locations reported four successful steps, not reaching my server IP, followed by a series of "* * *" lines. Running "sudo service sshd status" on my server shows ssh.service is active and running. Running "ip address show" on my server shows nothing unusual. I've restarted my router, and I've restarted my server; neither helped. The problem began a couple weeks ago; previously (and for many years) I had been able to ssh to my server without issue. The first time it failed, I was using free wireless at an airport; I was able to ssh to my server from the hotel that morning, and maybe, the first time I tried, from the airport, but then subsequent ssh attempts from the airport failed to connect. I mention this only because nothing had changed in my server's configuration when this problem began. This is a real problem for me, as a lot of my work involves sending files via scp between work and home. Any suggestions about how to troubleshoot and hopefully fix the problem will be greatly appreciated. Best regards, Greg Marks
signature.asc
Description: PGP signature
