Matt,
On 12/12/19 13:43, Matt Thomas wrote:
Not sure if you have read the first post, or maybe i didnt add it, but i have tried port 22,5022,8022, 25565, 47506 and 443 haha.
It wasn't clear if you were changing the port number of the sshd service (on your server) or the port you had open on your firewall/router. I suspect that your ISP is blocking incoming connections to port 22. The port number you use for sshd on the server is not relevant.
-chris
On Thu, Dec 12, 2019, 9:44 AM Christopher Schultz <chris@christopherschultz.net mailto:chris@christopherschultz.net> wrote:
Matt, On 12/12/19 11:01, Matt Thomas wrote: > Server is 192.168.0.10 > Router is 192.168.0.1 > > It works fine internally:) > > I add a port forward in the router for port 22 pointed at .0.10. Routers > firewall all ready is configured to accept ssh on port 22 from any any. > > When ever anyone attempts to connect to the server, a pop up shows on my > screen. When i try to have my friends or co-workers try from there house > or i try from public place, no pop up or hits on the server log. Just > times out. > > But if i put minecraft on port 22, it works. So certain traffic is > making it through. Even hamachi vpn works fine BUT i cant install that > on public PC's haha I was about to say "this is clearly an issue with the port number, pick something other than 22" but if you say you can run Minecraft over port 22, then that's ... strange. I wasn't aware that Minecraft servers could have their ports changed like that. You can really set up your Minecraft server to listen on localhost:22 and it doesn't use UPnP or anything like that to reconfigure your firewall/router? My advice is to try configuring things like this: Router: 192.168.0.1 Forward WAN connections to port e.g. 1022 -> 192.168.0.10:1022 <http://192.168.0.10:1022> Server: 192.68.0.1 Accept stunnel connections on port 1022 accept=:1022 connect=localhost:22 If that works, I might even try just changing the port number of your ssh/sftp service from the "standard" port to something else and trying again without stunnel in the mix. I've never encountered an ISP which does deep packet inspection to block services. They usually just block ports. -chris > On Thu, Dec 12, 2019, 7:58 AM Christopher Schultz > <chris@christopherschultz.net <mailto:chris@christopherschultz.net> <mailto:chris@christopherschultz.net <mailto:chris@christopherschultz.net>>> wrote: > > Matt, > > On 12/11/19 17:53, Matt Thomas wrote: > > I need to know if Stunnel is going to accomplish what i need to do. My > > home ISP blocks protocol HTTP and SSH from coming in so that > people cant > > run their own website from home without paying the ISP for a > "Business" line > > > > All i am trying to do is have a SFTP server that i can access my dang > > files from while i am at school, work, friends house, library or > > wherever. I have tried ssh on multiple random ports and made sure all > > firewall rules and port forward rules were correct in my home > router. I > > know they work because i even went as far as setting up a minecraft > > server to just test the port forward rules out and sure enough, my > > friend 200 miles away can connect just fine to my home minecraft > > server.. But he can not connect to the ssh server. No logs are ever > > created on the server either because something is stoping the packet > > from even hitting my router, that something is my ISP > > > > Would stunnel allow me to make ssh traffic look like regular https > > traffic, thus allowing me to connect to my server at home so i can > do my > > homework?? > > Those other servers probably use TLS or plaintext connections. stunnel > uses TLS, but ssh/sftp use a slightly different protocol that may > possibly be distinguishable by a determined ISP. > > I would think that using stunnel to tunnel SFTP/SSH would be possible, > though not strictly necessary. I suspect some other problem is > preventing you from succeeding. > > Can you be more specific about exactly what you did for configuration? > Port numbers, specific things you did, etc? You don't have to disclose > your public IP address, but perhaps give the local IPs of your router > and home server, etc? > > -chris > > _______________________________________________ > stunnel-users mailing list > stunnel-users@stunnel.org <mailto:stunnel-users@stunnel.org> <mailto:stunnel-users@stunnel.org <mailto:stunnel-users@stunnel.org>> > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org <mailto:stunnel-users@stunnel.org> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
On Thu, Dec 12, 2019 at 02:42:49PM -0500, Christopher Schultz wrote:
Matt,
On 12/12/19 13:43, Matt Thomas wrote:
Not sure if you have read the first post, or maybe i didnt add it, but i have tried port 22,5022,8022, 25565, 47506 and 443 haha.
It wasn't clear if you were changing the port number of the sshd service (on your server) or the port you had open on your firewall/router. I suspect that your ISP is blocking incoming connections to port 22. The port number you use for sshd on the server is not relevant.
Er... the server *is* running at his home; that was in the original post.
Matt, FWIW, I agree with what pepak@seznam.cz said in one of the first replies - you will most probably be able to wrap an SSH connection in a TLS connection managed by stunnel. Of course, this will require some additional setup on the client side, too - there will need to be another stunnel instance there that will accept "cleartext" traffic (actually SSH traffic from the SSH client) and send it to the stunnel server to "decrypt" (convert back into SSH traffic) and send to the SSH server locally.
G'luck, Peter
-
Christopher Schultz -
Peter Pentchev