[CLUE-Tech] sshd question

[Jeff Cann]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is perhaps an anamoly but I wanted to ask the network gurus on this list.

I have sshd running on my linux box on the comcast network.

Today, I was unable to connect from a remote network.  I tried a number of 
things:

1.  Checked my logs. I see that some pinhead in .cz has been trying to guess 
passwords - there are about 200 attempts in the last month for various users 
to connect to sshd.  The funny attempts were for root, but nothing has been 
compromised.

2.  Confirmed that sshd was running.

3.  Restarted sshd.  Still unable to connect.

4.  Connected via sshd from another host in my home LAN.  This worked, so I 
began to suspect the external network connection to my LAN.

5.  Confirmed that my noipd was running and no one has hijacked my host [which 
happened before once].

5.  Changed my [hardware] firewall to forward a different external port 5555 
to port 22 on the Linux box.  I was thinking that comcast maybe started 
blocking port 22.  This worked and I was able to connect using $ ssh -p 5555 
host.example.com

6.  For fun, I changed the firewall configuration back to the original setting 
- - external port 22 maps to linux box, port 22.  Then I was able to get in.  I 
tried again several more times and all is well with external port 22.

I am trying to make sense of this.  I am thinking that it was a fluke and some 
upstream router or switch was hosed and coincindentally was resolved as I did 
the external port remapping.  I am too ignorant to know of other reasons.

Would others suggest alternative explanations?

Thanks
Jeff

- -- 
"Faith that does not affect a person's culture is a faith not fully embraced, 
not entirely thought out, not faithfully lived."
- - Pope John Paul II

http://isuma.org/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBrUuNi4b9OApLCmoRAsgXAJ9O+btlLV5v31rTDUWAh7Knem/JCQCfbNSO
m9/lAXwXg2oL67nc0XKKZOQ=
=Q+vQ
-----END PGP SIGNATURE-----