Outgoing SSH from FreePBX (Latest) and shell not working

Gizepi64 · May 5, 2022, 1:24am

Hi All,

I’ve been trying to set-up an SSH and/or ftp connection from my FreePBX to home with absolutely no luck. I see on some of the wiki that there is supposed to be a System menu item in which I can configure SSH but I can’t for the life of me see it. I have configured a key and saved it and then tried to ssh-copy-id it to my chosen server from the shell but still no joy. The machine will ssh itself without issue but will not ssh anything external despite it being able to ping the other server succesfully. I just know it’ll be something daft. What am I missing guys?

spioli · May 5, 2022, 1:50am

Is the destination server for SSH/FTP at your home? Presumably it is behind a firewall. Will need to open up some ports, 22 for SSH to begin with.

dicko · May 5, 2022, 3:15am

FTP or SFTP?

Gizepi64 · May 5, 2022, 6:32pm

inbound firewall on destination is not the issue. I have a Cloud VPS that backs up daily without issue. The issue is more to do with something on the FreePBX. None of my other linux servers suffer the issue. Just the FreePBX servers (3 off) fail to allow the native ssh client to connect to external systems. It’s like something is deliberately disabling access to external systems. I suspect the FreePBX firewall may have closed outgoing ports. I even tried to open the ports but still no external connections allowed.

Gizepi64 · May 5, 2022, 6:34pm

sftp over ssh. Server will not connect to external hosts. It just times out.

dicko · May 5, 2022, 6:41pm

As always with iptables

iptables -L -n

to see if waht ports are open at home

nc -z -v your.home.router 22

will check port 22 if that is where the ssh server is listening, (use ssh -vv your.home.router foe verbosity)

lgaetz · May 5, 2022, 6:46pm

Nope. The FreePBX firewall does not write any iptables rules for outgoing. None.

I don’t work in support now, but for years I routinely did ssh outbound from FreePBX distro systems using both keys and password, It works fine. I tested with a randomly chosen SNG7 system I have at hand just now:

# ssh root@<redacted>
The authenticity of host '<redacted> (<redacted>)' can't be established.
ECDSA key fingerprint is SHA256:8uNZifWsIYzF17XzLOmJxXuAOlIe/l0ZPpqgNXXEmMA.
ECDSA key fingerprint is MD5:eb:57:52:14:9e:9a:10:ea:27:f1:3e:97:2d:50:c2:09.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '<redacted>' (ECDSA) to the list of known hosts.
root@<redacted>'s password:

Last login: Thu May  5 09:10:50 2022 from 24.137.111.182
______                   ______ ______ __   __
|  ___|                  | ___ \| ___ \\ \ / /
| |_    _ __   ___   ___ | |_/ /| |_/ / \ V /
|  _|  | '__| / _ \ / _ \|  __/ | ___ \ /   \
| |    | |   |  __/|  __/| |    | |_/ // /^\ \
\_|    |_|    \___| \___|\_|    \____/ \/   \/

Gizepi64 · May 6, 2022, 12:15am

Thanks for the response dicko. I have now pinned down some extra information. Outbound SSH from FreePBX server is functional but only on port 22. Defining a -p is not allowing connections to be made to known hosts with known ports and known firewall / port-forwarding rules.

dicko · May 6, 2022, 12:38am

Then remove such rule(s) from any of your firewalls.If you are not using 22 ( A very good idea) then adjust as necessary including any NAT rules pertinent.

system · June 6, 2022, 12:38am

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.