Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


ISP Blocks SSH (port 22), workarounds?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

ISP Blocks SSH (port 22), workarounds?

TobyGTobyG Member
edited January 2015 in Help

My current ISP blocks SSH, so I'm looking for workarounds to get a shell into my vps box (OpenVZ, Ubuntu). One option is web based consoles, and there are a few of them (paid and free).

Other than that, I was wondering if:

(a) changing the SSH port from 22 to something else could help? Sorry I may sound technically retarded, but do ISP's block a port (e.g. 22) or a protocol (e.g. SSH)?

(b) Is it ever fine to share the VPS root password with tech-support if they ask for it?

«1

Comments

  • I can answer part b for you, your root password is like your bank account. Anyone who is supposed to have access to it doesn't need to ask you for it, and anyone who isn't will ask you for it. In most support cases, they should have their own methods of accessing your VPS without needing to ask for your password.

  • Maybe I can answer part a. And this question is never technically retarded.

    Yes, SSH can be detected as a protocol. But chances are they are not blocking the whole protocol - just the port for some damned reason.

    Try to switch to another random port(maybe 21? 53? 443?) and give it a shot.

    Also, complain to the ISP. Blocking 22 isn't doing anything good.(Unless you live in Mainland China, well, they are not the same animal...)

    Thanked by 1netomx
  • For the a :

    • If you can access https site, then you can try to move your ssh port to the port 443. But it's a rare case when an ISP would block SSH port, except, there's too many abuse record from people using ssh as tunnel
  • To b)

    If this is a OpenVZ container, host has access to all your files anyways.

  • said: (b) Is it ever fine to share the VPS root password with tech-support if they ask for it?

    Change it to something temporary (well, every password should be temporary anyway, but make sure that it's unique, not shared with other services you use and that you change it when it's not needed for host anymore).

    tr1cky said: If this is a OpenVZ container, host has access to all your files anyways.

    It's still not good idea just give it because it stays in ticket system permanently - unless it's just for this specific occasion and then changed.

  • You can make a port redirection with iptables.
    Also please do not call such an organization an Internet Service Provider.

  • Cancel your contract, don't support bad company behavior.

    Thanked by 1DalComp
  • perennateperennate Member, Host Rep

    You can try Tor

    Thanked by 1Maounique
  • Move SSH to port 443. It's the least likely to be blocked.

    Even better, you can use sslh to run both SSH and HTTPS on the same port.

    Thanked by 3ehab geekalot Makenai
  • netomxnetomx Moderator, Veteran

    @kijin said:
    Move SSH to port 443. It's the least likely to be blocked.

    Even better, you can use sslh to run both SSH and HTTPS on the same port.

    Thanks! I was looking for something like this a looong time!

  • StacyStacy Member
    edited January 2015

    @tr1cky said:
    To b)

    If this is a OpenVZ container, host has access to all your files anyways.

    True, but not in some cases where hosts contract their support via some agency.

    http://lowendtalk.com/discussion/28727/why-would-host-ask-me-for-my-root-pass

  • Have you checked your router settings?

  • Try chaging to port 443 if it's not in use, I had done this before. My work place network blocked port 22 except for local network or certain whitelist through their proxy server

  • Why use port 22 in the first place? 1 & 1 on server security always recommend using another port then 22, as one of many security measures on your Linux server.

  • raindog308raindog308 Administrator, Veteran

    Who is this odious ISP?

  • @myhken said:
    Why use port 22 in the first place? 1 & 1 on server security always recommend using another port then 22, as one of many security measures on your Linux server.

    Some people advise it, others advise against it. I personally change my port to something else, it seriously reduces brute force attempts.

    Thanked by 1myhken
  • I use
    AllowUsers [email protected]
    Port xxxxx

    Only root user has access, has to be from one of my IPs, and a non standard SSH port.

  • IMO you shouldn't use default port 22. I always change it after installing the OS.

    Thanked by 1Quinten
  • century1stopcentury1stop Member
    edited January 2015

    @TobyG said: My current ISP blocks SSH, so I'm looking for workarounds to get a shell into my vps box

    Does this mean the vm was never provisioned in the first place? No root access if provider doesn't allow ssh.......interesting, unless there is cp. Wonder how you managed to access

  • @TobyG - Use tunnel or change SSH port ?

  • Century does have a point, what error does it show or what does it do when you do try connect to SSH, are you sure it's your ISP?

    A workaround like stated above would be best to change the port, which is good security practice to avoid brute-force attempts anyway.
    On Openvz your host should have direct access as-is and I would only provide a temporary password, to change it immediately after they've finished.

  • kijin said:

    Even better, you can use sslh to run both SSH and HTTPS on the same port.

    Wow, sounds great. But is it secure? I mean if that software gets comprimised can't it be like a permanent mitm? (did just read your post, didn't study the way that software works)

  • @century1stop said: Does this mean the vm was never provisioned in the first place? No root access if provider doesn't allow ssh.......interesting, unless there is cp. Wonder how you managed to access

    ISP blocks SSH, not VPS provider. VPS provider provisioned the box just fine. I've been managing the VPS through SSH over the years. It's only when I recently changed my ISP that I couldn't get into the box as usual.

    @HyperSpeed said: Century does have a point, what error does it show or what does it do when you do try connect to SSH, are you sure it's your ISP?

    Connection timed out. To ensure it's the ISP and not something else, I'm going to try from a totally different network.

  • century1stopcentury1stop Member
    edited January 2015

    TobyG said: ISP blocks SSH, not VPS provider.

    I don't think that's possible. Your ISP will not know you're connecting to SSH. Would you mind if I tried? Just IP will do.

    TobyG said: Connection timed out.

    This normally happens if your vps is offline or you are connecting to the wrong port or blocked by firewall.

  • TobyGTobyG Member
    edited January 2015

    @century1stop said: This normally happens if your vps is offline or you are connecting to the wrong port or blocked by firewall.

    Appreciate the help, but I stated that I've been regularly logging into by box without issues until I switched ISPs. If the box went down, my website wouldn't be accessible either, which is not the case.

    Turns out my suspicion is correct. I tried on a different network and logged into my box as usual, no issues.

    These morons (current ISP) needs to sort things out. Support ticket opened at their end. Let's see how this plays out.

    Thanked by 1emg
  • @TobyG said:
    These morons (current ISP) needs to sort things out. Support ticket opened at their end. Let's see how this plays out.

    Good for you but I just wonder how that could happen. Please do update this thread when you get a reply from your ISP. Really curious.

  • @century1stop said:
    This normally happens if your vps is offline or you are connecting to the wrong port or blocked by firewall.

    There are a few ISPs who have firewalls that do block SSH and other services, but I've only seen it inbound. Like for instance in my ISP, Internode, where they block incoming SSH, FTP and other services by default to protect the customer.

    Thanked by 1century1stop
  • aglodekaglodek Member
    edited January 2015

    @kijin said: Move SSH to port 443. It's the least likely to be blocked.

    Any downside to this, say, a possibility of some kind of conflict using same port (443) for both SSH and SSL?

  • @TobyG I once observed that port 22 was blocked in a Verizon router. In that case, the blocking was on the verizon dsl router at home rather than at the ISP. Logging in to the router and changing some settings unblocked port 22. ( search for your ISP / router mfg and look for ssh blocking) The final answer on this thread might be what I did.. but its too long to remember the exact steps. I do remember it was a router config to unblock 22

    http://forums.verizon.com/t5/FiOS-Internet/Outbound-SSH-connection-seemingly-blocked/td-p/418745

    Thanked by 1TobyG
  • There is an alternative to sslh which is stunnel4 using sni, which I've found here http://tyy.host-ed.me/pluxml/article4/port-443-for-https-ssh-and-ssh-over-ssl-and-more

    The protocol should appear to be https, useful if the ssh protocol is being blocked.
    Not useful if the webserver isn't nginx.

Sign In or Register to comment.