Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: SSHFS fails when port number is used

  1. #1
    Join Date
    Jan 2013
    Beans
    24

    Question SSHFS fails when port number is used

    Title says it all. Port number in sshfs can be specified with "-o port=[port number]" or "-p [port number]". Both of them produce the same error for me. I understand that sshfs is based upon sftp (i.e. if sftp works, then sshfs should work); however, I've gotten sftp to work without sshfs. The error I get is
    Code:
    read: Connection reset by peer
    , and I have used the debug option "-o ssh_debug", and the error is the second thing that comes up. The weird thing is that ssh and sftp work just fine.

    I've got it working with the default port of 22, but not 55516, which was my target. Router's port forwarding works fine, as long as external listening port is 22 and the internal port matches the listening port on the server in sshd_config.

    Here's my typical sshfs command:
    Code:
    sudo sshfs -o IdentityFile=/home/me/.ssh/eeePC_key -o allow_other me@[IP ADDRESS]:/home/me /mnt/epic -o sshfs_debug -p 55516
    It works if I exclude the '-p 55516' (and change port forwarding in server's sshd_config and router's port forwarding accordingly). I currently have 22:22 forward to the server on my network.


    Here's my sshd_config file on the server:

    Code:
    # Package generated configuration file
    # See the sshd_config(5) manpage for details
    
    
    # What ports, IPs and protocols we listen for
    Port 22
    Port 55516
    # Use these options to restrict which interfaces/protocols sshd will bind to
    #ListenAddress ::
    #ListenAddress 0.0.0.0
    Protocol 2
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    HostKey /etc/ssh/ssh_host_ecdsa_key
    HostKey /etc/ssh/ssh_host_ed25519_key
    #Privilege Separation is turned on for security
    UsePrivilegeSeparation yes
    
    
    # Lifetime and size of ephemeral version 1 server key
    KeyRegenerationInterval 3600
    ServerKeyBits 1024
    
    
    # Logging
    SyslogFacility AUTH
    LogLevel INFO
    
    
    # Authentication:
    LoginGraceTime 120
    PermitRootLogin without-password
    StrictModes yes
    
    
    RSAAuthentication yes
    PubkeyAuthentication yes
    #AuthorizedKeysFile    %h/.ssh/authorized_keys
    
    
    # Don't read the user's ~/.rhosts and ~/.shosts files
    IgnoreRhosts yes
    # For this to work you will also need host keys in /etc/ssh_known_hosts
    RhostsRSAAuthentication no
    # similar for protocol version 2
    HostbasedAuthentication no
    # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
    #IgnoreUserKnownHosts yes
    
    
    # To enable empty passwords, change to yes (NOT RECOMMENDED)
    PermitEmptyPasswords no
    
    
    # Change to yes to enable challenge-response passwords (beware issues with
    # some PAM modules and threads)
    ChallengeResponseAuthentication no
    
    
    # Change to no to disable tunnelled clear text passwords
    PasswordAuthentication no #yes
    
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosGetAFSToken no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    
    
    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    
    
    X11Forwarding yes
    X11DisplayOffset 10
    PrintMotd no
    PrintLastLog yes
    TCPKeepAlive yes
    #UseLogin no
    
    
    #MaxStartups 10:30:60
    #Banner /etc/issue.net
    
    
    # Allow client to pass locale environment variables
    AcceptEnv LANG LC_*
    
    
    Subsystem sftp /usr/lib/openssh/sftp-server
    
    
    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication.  Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    UsePAM no #yes
    
    
    #My Additions
    AllowUsers me
    AllowAgentForwarding yes
    PermitOpen any
    I think this is all the relevant code, but I can post more as needed.

  2. #2
    Join Date
    Jul 2013
    Beans
    189
    Distro
    Ubuntu

    Re: SSHFS fails when port number is used

    Hi,

    what kind of machine are you trying to bind with sshfs? Is it a server? Might it be an iptables issue on the server?
    You could check with
    Code:
    sudo nmap $IP_OF_SERVER
    what ports are open.
    [signature]
    Please format your posts and comments -> click me

    Please mark your thread as solved if
    you got a satisfactory response.
    [/signature]

  3. #3
    Join Date
    Jan 2013
    Beans
    24

    Re: SSHFS fails when port number is used

    I didn't have nmap installed, so I apt-got it.

    Here's the relevant info:

    Code:
    Not shown: 999 filtered ports
    PORT   STATE SERVICE
    22/tcp open  ssh

  4. #4
    Join Date
    Jul 2013
    Beans
    189
    Distro
    Ubuntu

    Re: SSHFS fails when port number is used

    okay, so this means that only port 22 is open.
    and something (maybe iptables) is blocking other ports. that's why you can't connect.

  5. #5
    Join Date
    Jan 2013
    Beans
    24

    Re: SSHFS fails when port number is used

    So I ran

    Code:
    netstat -ace | grep 55516
    and got

    Code:
    tcp        0      0 *:55516                 *:*                     LISTEN      
    root       13093
    so it's listening (I think?)
    When I run
    Code:
    sudo nmap -v -p 55516 127.0.0.1
    I get

    Code:
    Starting Nmap 6.40 ( http://nmap.org ) at 2015-10-15 09:11 PDT
    Initiating SYN Stealth Scan at 09:11
    Scanning localhost (127.0.0.1) [1 port]
    Discovered open port 55516/tcp on 127.0.0.1
    Completed SYN Stealth Scan at 09:11, 0.21s elapsed (1 total ports)
    Nmap scan report for localhost (127.0.0.1)
    Host is up (0.00015s latency).
    PORT      STATE SERVICE
    55516/tcp open  unknown

  6. #6
    Join Date
    Jul 2013
    Beans
    189
    Distro
    Ubuntu

    Re: SSHFS fails when port number is used

    can you post the output of
    Code:
    sudo iptables -L

  7. #7
    Join Date
    Jan 2013
    Beans
    24

    Re: SSHFS fails when port number is used

    Code:
    Chain INPUT (policy DROP)
    target     prot opt source               destination         
    ufw-before-logging-input  all  --  anywhere             anywhere            
    ufw-before-input  all  --  anywhere             anywhere            
    ufw-after-input  all  --  anywhere             anywhere            
    ufw-after-logging-input  all  --  anywhere             anywhere            
    ufw-reject-input  all  --  anywhere             anywhere            
    ufw-track-input  all  --  anywhere             anywhere            
    
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination         
    ufw-before-logging-forward  all  --  anywhere             anywhere            
    ufw-before-forward  all  --  anywhere             anywhere            
    ufw-after-forward  all  --  anywhere             anywhere            
    ufw-after-logging-forward  all  --  anywhere             anywhere            
    ufw-reject-forward  all  --  anywhere             anywhere            
    ufw-track-forward  all  --  anywhere             anywhere            
    
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    ufw-before-logging-output  all  --  anywhere             anywhere            
    ufw-before-output  all  --  anywhere             anywhere            
    ufw-after-output  all  --  anywhere             anywhere            
    ufw-after-logging-output  all  --  anywhere             anywhere            
    ufw-reject-output  all  --  anywhere             anywhere            
    ufw-track-output  all  --  anywhere             anywhere            
    
    
    Chain ufw-after-forward (1 references)
    target     prot opt source               destination         
    
    
    Chain ufw-after-input (1 references)
    target     prot opt source               destination         
    ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-ns
    ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-dgm
    ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:netbios-ssn
    ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:microsoft-ds
    ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootps
    ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootpc
    ufw-skip-to-policy-input  all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
    
    
    Chain ufw-after-logging-forward (1 references)
    target     prot opt source               destination         
    LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
    
    
    Chain ufw-after-logging-input (1 references)
    target     prot opt source               destination         
    LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
    
    
    Chain ufw-after-logging-output (1 references)
    target     prot opt source               destination         
    
    
    Chain ufw-after-output (1 references)
    target     prot opt source               destination         
    
    
    Chain ufw-before-forward (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
    ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
    ACCEPT     icmp --  anywhere             anywhere             icmp source-quench
    ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
    ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
    ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
    ufw-user-forward  all  --  anywhere             anywhere            
    
    
    Chain ufw-before-input (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  anywhere             anywhere            
    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
    ufw-logging-deny  all  --  anywhere             anywhere             ctstate INVALID
    DROP       all  --  anywhere             anywhere             ctstate INVALID
    ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
    ACCEPT     icmp --  anywhere             anywhere             icmp source-quench
    ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
    ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
    ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
    ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
    ufw-not-local  all  --  anywhere             anywhere            
    ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns
    ACCEPT     udp  --  anywhere             239.255.255.250      udp dpt:1900
    ufw-user-input  all  --  anywhere             anywhere            
    
    
    Chain ufw-before-logging-forward (1 references)
    target     prot opt source               destination         
    
    
    Chain ufw-before-logging-input (1 references)
    target     prot opt source               destination         
    
    
    Chain ufw-before-logging-output (1 references)
    target     prot opt source               destination         
    
    
    Chain ufw-before-output (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  anywhere             anywhere            
    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
    ufw-user-output  all  --  anywhere             anywhere            
    
    
    Chain ufw-logging-allow (0 references)
    target     prot opt source               destination         
    LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
    
    
    Chain ufw-logging-deny (2 references)
    target     prot opt source               destination         
    RETURN     all  --  anywhere             anywhere             ctstate INVALID limit: avg 3/min burst 10
    LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
    
    
    Chain ufw-not-local (1 references)
    target     prot opt source               destination         
    RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
    RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
    RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
    ufw-logging-deny  all  --  anywhere             anywhere             limit: avg 3/min burst 10
    DROP       all  --  anywhere             anywhere            
    
    
    Chain ufw-reject-forward (1 references)
    target     prot opt source               destination         
    
    
    Chain ufw-reject-input (1 references)
    target     prot opt source               destination         
    
    
    Chain ufw-reject-output (1 references)
    target     prot opt source               destination         
    
    
    Chain ufw-skip-to-policy-forward (0 references)
    target     prot opt source               destination         
    DROP       all  --  anywhere             anywhere            
    
    
    Chain ufw-skip-to-policy-input (7 references)
    target     prot opt source               destination         
    DROP       all  --  anywhere             anywhere            
    
    
    Chain ufw-skip-to-policy-output (0 references)
    target     prot opt source               destination         
    ACCEPT     all  --  anywhere             anywhere            
    
    
    Chain ufw-track-forward (1 references)
    target     prot opt source               destination         
    
    
    Chain ufw-track-input (1 references)
    target     prot opt source               destination         
    
    
    Chain ufw-track-output (1 references)
    target     prot opt source               destination         
    ACCEPT     tcp  --  anywhere             anywhere             ctstate NEW
    ACCEPT     udp  --  anywhere             anywhere             ctstate NEW
    
    
    Chain ufw-user-forward (1 references)
    target     prot opt source               destination         
    
    
    Chain ufw-user-input (1 references)
    target     prot opt source               destination         
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:55516
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:55516
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:ssh
    
    
    Chain ufw-user-limit (0 references)
    target     prot opt source               destination         
    LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
    REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
    
    
    Chain ufw-user-limit-accept (0 references)
    target     prot opt source               destination         
    ACCEPT     all  --  anywhere             anywhere            
    
    
    Chain ufw-user-logging-forward (0 references)
    target     prot opt source               destination         
    
    
    Chain ufw-user-logging-input (0 references)
    target     prot opt source               destination         
    
    
    Chain ufw-user-logging-output (0 references)
    target     prot opt source               destination         
    
    
    Chain ufw-user-output (1 references)
    target     prot opt source               destination

  8. #8
    Join Date
    Jul 2013
    Beans
    189
    Distro
    Ubuntu

    Re: SSHFS fails when port number is used

    okay, so you have ufw enabled.
    can you please post the output of
    Code:
    sudo ufw status verbose
    we will see to what level the logging is set.
    we will then increase the log level and trace live what happens when you try to connect to the server.

    could you meanwhile please also post the output of
    Code:
    sudo ifconfig -a
    to see how many interfaces you have and if the also need to be considered in the ufw ruleset.
    [signature]
    Please format your posts and comments -> click me

    Please mark your thread as solved if
    you got a satisfactory response.
    [/signature]

  9. #9
    Join Date
    Jan 2013
    Beans
    24

    Re: SSHFS fails when port number is used

    Output of sudo ufw status verbose:

    Code:
    Status: activeLogging: on (low)
    Default: deny (incoming), allow (outgoing), disabled (routed)
    New profiles: skip
    
    
    To                         Action      From
    --                         ------      ----
    55516                      ALLOW IN    Anywhere
    22                         ALLOW IN    Anywhere
    55516 (v6)                 ALLOW IN    Anywhere (v6)
    22 (v6)                    ALLOW IN    Anywhere (v6)
    Output of sudo ifconfig -a:
    Code:
    eth0      Link encap:Ethernet  HWaddr e0:cb:4e:a6:ab:16  
              UP BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:74 errors:0 dropped:0 overruns:0 frame:0
              TX packets:74 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:5710 (5.7 KB)  TX bytes:5710 (5.7 KB)
    
    
    wlan0     Link encap:Ethernet  HWaddr 1c:4b:d6:6a:9f:49  
              inet addr:192.168.0.200  Bcast:192.168.0.255  Mask:255.255.255.0
              inet6 addr: fe80::1e4b:d6ff:fe6a:9f49/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:14548 errors:0 dropped:0 overruns:0 frame:0
              TX packets:2906 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:2763122 (2.7 MB)  TX bytes:328765 (328.7 KB)
    As a side note, it's connected via wifi to the router. It its MAC address tied to static IP 192.168.0.200, so the rules with 22 and 55516 will always point:


    Relevant line in router's address reservations:
    Address Reservation
    ID MAC Address Reserved IP Address Status Modify
    1 1C-4B-D6-6A-9F-49 192.168.0.200 Enabled Modify Delete




    Relevant lines in router's forwarding rules (NAT is enabled):

    Virtual Servers
    Note: Make sure the nat is enable if you want the Virtual Servers configuration take effect
    ID Service Port Internal Port IP Address Protocol Status Modify
    2 22 22 192.168.0.200 TCP Enabled Modify Delete
    3 55516 55516 192.168.0.200 TCP Enabled Modify Delete

  10. #10
    Join Date
    Jul 2013
    Beans
    189
    Distro
    Ubuntu

    Re: SSHFS fails when port number is used

    Alright, could you please try to disable the ufw for testing purpose with
    Code:
    sudo ufw disable
    After this, please backup your iptables rules with
    Code:
    iptables-save > /etc/iptables/rules.v4
    After this, please flush all your iptables rules with the following commands. type in one by one
    Code:
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -t nat -F
    iptables -t mangle -F
    iptables -F
    iptables -X
    Now please post again the output of
    Code:
    sudo iptables -nvL
    If the output is exactly or similar to this
    Code:
    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination
    
    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination
    
    Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination
    You can try another attempt with sshfs and see if it works.
    We will then definitely know that it was a firewall issue (which I think it is)
    [signature]
    Please format your posts and comments -> click me

    Please mark your thread as solved if
    you got a satisfactory response.
    [/signature]

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •