Return to Level1Techs.com

SSH error

I’m trying to ssh into my sisters PC at her house ever since she switched internet providers and I’m struggling to connect. I can connect via ssh locally so ssh should be configured correctly but can’t when connecting outside the network. Here is the output:

OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to deniseplex.hopto.org [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/conormcg14/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/conormcg14/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/conormcg14/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/conormcg14/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/conormcg14/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/conormcg14/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/conormcg14/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/conormcg14/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: ssh_exchange_identification: HTTP/1.1 400 Bad Request


debug1: ssh_exchange_identification: Server: sky_router


debug1: ssh_exchange_identification: X-Frame-Options: Deny


debug1: ssh_exchange_identification: Cache-Control: no-cache


debug1: ssh_exchange_identification: Date: Tue, 17 Dec 2019 19:08:37 GMT


debug1: ssh_exchange_identification: Content-Type: text/html


debug1: ssh_exchange_identification: Connection: close


debug1: ssh_exchange_identification:


debug1: ssh_exchange_identification: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD>

debug1: ssh_exchange_identification: <BODY><H4>400 Bad Request</H4>

debug1: ssh_exchange_identification: Can't parse request.

debug1: ssh_exchange_identification: </BODY></HTML>

ssh_exchange_identification: Connection closed by remote host

I’ve also opened port 22 on the router.

Looking around, it seems like the first option is to reboot the server.

second is to check if you have an ip blacklist setup anywhere.

I’ve tried rebooting the server and restarting ssh service with no success. I haven’t explicitly blacklisted any IP’s, I could ssh no problem before with the different ISP but now I can’t and I haven’t changed any files on the system to bring this about. I checked the hosts.deny file and the entire file is commented out, no new entries.

I’ve also opened port 22 on the router.

Are you using some kind of NAT rule to redirect incoming port 22 connections to some other port on the LAN?

ssh_exchange_identification: HTTP/1.1 400 Bad Request

This looks like you’re getting an HTTP response over SSH. This shouldn’t happen under normal conditions.

My hunch is that the incoming connection is getting sent to the wrong system or port, probably because of a NAT rule. It would also explain why it works locally, it’s not traversing the router when hit locally, so not redirecting.

Or perhaps using a different external port like 2222 and then redirect on the LAN to port 22 to the machine ?

@BigBodZod @imhigh.today There’s a remote management tab where you specify a port in the router settings and I initially changed this to 22. Just now I changed it to 2222 and I’m now I’m getting different errors from different terminal sessions (one is on the same network) such as ‘port 22: resource temporarily unavailable’ and ‘port 22 : connection refused’.

I’m worried that I’m really limited with the settings on this default router the ISP provides. So I’m not sure if I can redirect port 2222 to 22 on the machine as I have done this before and iirc this is done on the router settings and not the server. Any ideas?

There’s a remote management tab

Remote management makes me think you’re changing the port of the router’s management interface, not setting up a port forward.

Your connection should go something like this:

Your computer (over port 22) -> Public Internet -> Sister’s Router (on port 22) -> Sister’s PC (port 22).

Knowing the path is important. A port forward rule also needs a destination. If you didn’t have an option to plug in the LAN IP address of your sister’s PC, you probably didn’t set up a port forward.

default router the ISP provides

Be aware that many ISPs consider “running servers” to be a violation of their terms of service, and configure their routers to prevent it. You might not be able to do it, but let’s assume you can.

Just now I changed it to 2222

When troubleshooting, it’s best to change one parameter at a time. It’s easy enough to change ports once you’ve got the rules in place and it’s working.

Remote management makes me think you’re changing the port of the router’s management interface, not setting up a port forward

Agreed, going to reset the router to factory settings, not sure what the default port was for this.

Knowing the path is important. A port forward rule also needs a destination . If you didn’t have an option to plug in the LAN IP address of your sister’s PC, you probably didn’t set up a port forward.

There are no port forwarding settings on this router however there was Inbound rules in the firewall settings where you specify a port and the relevent LAN IP, I had added this for the server IP but it may have been after I changed the remote management port to 22 so I will try again. Is this not an issue though to harcode the LAN IP as I thought the pc’s ip can change on reboots?

Is this not an issue though to harcode the LAN IP as I thought the pc’s ip can change on reboots?

To be safe, I’d suggest assigning a static IP address to her PC. There are two ways to do it.

First, if the router is smart enough, you can bind the MAC address of her NIC to a particular IP address in the DHCP settings. This way it will always get the same IP address when it queries the network.

If the router isn’t smart enough, you can just set the IP address manually at the operating system level.

When you change the port to 2222, you have to ssh to port 2222.


That initial error was an http response. That means you were connecting to the wrong service. Could be. For a number of reasons.

Sorted guys thanks! The remote management port was 8080 by default and I changed this to 22 and I guess thats why I got the http response @sgtawesomesauce. Merry christmas lads

2 Likes

Very nice, glad you got it sorted out :slight_smile:

1 Like