I’ve been trying to set-up an SSH and/or ftp connection from my FreePBX to home with absolutely no luck. I see on some of the wiki that there is supposed to be a System menu item in which I can configure SSH but I can’t for the life of me see it. I have configured a key and saved it and then tried to ssh-copy-id it to my chosen server from the shell but still no joy. The machine will ssh itself without issue but will not ssh anything external despite it being able to ping the other server succesfully. I just know it’ll be something daft. What am I missing guys?
inbound firewall on destination is not the issue. I have a Cloud VPS that backs up daily without issue. The issue is more to do with something on the FreePBX. None of my other linux servers suffer the issue. Just the FreePBX servers (3 off) fail to allow the native ssh client to connect to external systems. It’s like something is deliberately disabling access to external systems. I suspect the FreePBX firewall may have closed outgoing ports. I even tried to open the ports but still no external connections allowed.
Nope. The FreePBX firewall does not write any iptables rules for outgoing. None.
I don’t work in support now, but for years I routinely did ssh outbound from FreePBX distro systems using both keys and password, It works fine. I tested with a randomly chosen SNG7 system I have at hand just now:
# ssh root@<redacted>
The authenticity of host '<redacted> (<redacted>)' can't be established.
ECDSA key fingerprint is SHA256:8uNZifWsIYzF17XzLOmJxXuAOlIe/l0ZPpqgNXXEmMA.
ECDSA key fingerprint is MD5:eb:57:52:14:9e:9a:10:ea:27:f1:3e:97:2d:50:c2:09.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '<redacted>' (ECDSA) to the list of known hosts.
root@<redacted>'s password:
Last login: Thu May 5 09:10:50 2022 from 24.137.111.182
______ ______ ______ __ __
| ___| | ___ \| ___ \\ \ / /
| |_ _ __ ___ ___ | |_/ /| |_/ / \ V /
| _| | '__| / _ \ / _ \| __/ | ___ \ / \
| | | | | __/| __/| | | |_/ // /^\ \
\_| |_| \___| \___|\_| \____/ \/ \/
Thanks for the response dicko. I have now pinned down some extra information. Outbound SSH from FreePBX server is functional but only on port 22. Defining a -p is not allowing connections to be made to known hosts with known ports and known firewall / port-forwarding rules.
Then remove such rule(s) from any of your firewalls.If you are not using 22 ( A very good idea) then adjust as necessary including any NAT rules pertinent.