I run several websites on a leased VPS box and use WinSCP to SSH in. Suddenly a few days ago I got locked out, and got only “Connection Timeouts” when I tried to log in.
- First I figured this was due to my Norton Internet Security firewall suddenly getting confused. But disabling it, and the Windows Firewall, had no effect.
- Then I tried resetting my router and flushing my DNS cache, which I knew was a long shot but worth a try. Still no luck.
- I tried SSH’ing in from another box on the internet and sure enough, got in right away (as did a friend of mine elsewhere and the VPS support people). So this told me that Comcast (my ISP) had decided that traffic shaping was in my best interest (or at least theirs), and was thus blocking port 22 traffic to this particular box. I should note that this server has no objectionable content on it (it’s actually for a few nonprofits I work with), I don’t transfer large files back and forth, or anything like that. And also, this is an outgoing connection, not an incoming one, so it’s 100% within the Comcast terms of use anyway.
This in mind, I logged into the server (via the other internet box) and set up sshd to run on a second, higher-number port by editing /etc/ssh/sshd_config:
... Port 22 Port [HIGH_NUMBER] ...
Then I bounced the sshd service and was able to log in on the new port.
This of course begs the question of what exactly Comcast is doing snooping on my network traffic and blocking connections without warning. If I have a spare few hours to sit on the phone with their tech support, I intend to find out.
You know, i had this same problem with comcast and ssh.
I was able to enable port 22 by setting the router security from
max security to low security.
-lile