Comcast Blocking SSH Traffic?
I don’t use Comcast for internet access (or anything else, for that matter), and I don’t know anyone who does, so I can’t independently confirm this - but a comment left not-too-long ago on a post here about bypassing Comcast’s blocking of P2P traffic (i.e. bittorrent file-sharing) suggests that Comcast might have recently (in the last week) initiated some new program which breaks SSH traffic on (the standard) port 22. Whatever your views on filesharing, disrupting SSH is not acceptable behaviour from an ISP, because it has very legitimate - and very important - uses quite unrelated to filesharing.
I’m extremely interested in hearing from anyone who can confirm, deny, or provide further insight into the current availability of port 22 from Comcast’s network. Leave a comment on this post, or contact me through this page if you’ve anything to say.
You can leave a response, or trackback from your own site.
I have Comcast Cable internet service in Indiana, and I was able to log into my home server from work via ssh on port 22 today.
Interesting. Do you know what protocol you’re using (SSH v1 or v2), and whether you’re using compression? Did the connection seem to be the usual speed, and were you logged in for more than a few minutes?
It could be that my home machine crashed but around noon today I had a connection open to my home machine over SSH v2 port 22 that was very sluggish. Then, the connection was dropped completely and I have been unable to reestablish it. Comcast tech supports swears that they don’t block or interfere with any traffic. Tonight I will be changing ssh_config to run on a non-standard port number and will see if this improves the situation.
I am not on Comcast, but I have a similar issue with BrightHouse. I have an ssh port opened (22) so I can get into my home pc via ssh and vnc which was tunneled through it. I also wanted access to my files on the ftp so I tunneled that through ssh as well. One day it stopped working. I thought my pc restarted or something. Went home, it was on. Huh? I tried ssh into localhost and it worked, tried ssh into my lan ip address, worked fine. SSH from the server machine to the IP address so it was routed back, connection refused. I had not made any router changes since it was last working. I too will be changing its port and see what I come up with. Will let you know how it goes
I am on Comcast, I also may have been employed by comcast. As far as I know, the most recent word I received was that Comcast decided that it trusts its customers not to use the internet for illegal purposes and that it would allow filesharing with the hopes that people would respect the laws in place.
As a follow up I called BHN and they said they did not block any ports. I changed the port to 23 and it worked. I did this all while on the phone with the tech who did not really understand the nature of my call. Until I mentioned the magic words of blocking ports. He said they do not block ports but would send a reset to my modem. Everything worked on port 22 after my call. While on the call it did not work. Odd?
My mother in suburban Chicago appears to have SSH blocked (as well as ping.) I can access her router on port 8080 just fine. The interesting thing is that last night after several failed attempts to connect remotely, I was able to get in (via SSH) ONCE and it has never worked since. I personally left Comcast in favor of Interlync DSL. MUCH happier now that I don’t have to worry about this crippling in the name of censorship… at least… until I’m trying to help my mother remotely.
I’m using comcast and I’m getting an annoying reset that kills my connections all the time! agh! ssh v2 on port 22. will try to figure out how to get around the reset
It seems to be rolling out in phases. I’m stuck using CrapCast because they’re the only provider that currently serves my area (Medford, MA). I lost the ability to VNC into my home computer (ports 5900,5901) about two weeks ago. My company’s IT guy similarly lost the ability to SSH into his home network at about the same time. If I weren’t right about to refinance and can’t risk them dinking around against my credit, I’d be tempted to send them 1/2 payment to their last bill for providing 1/2 the service I am paying for…
Same thing happened to me 03/19/08. Trying to figure out right now. Can’t ssh into home.
Have you tried using an alternative high number port versus the default TCP Port 22? The change is made in the sshd_config file on the server. Remember to restart the SSH server when you make any changes to the sshd_config file.
http://theillustratednetwork.mvps.org/Ssh/SecureYourcopSSHServer-Vista.html
You will also need to modify any port forwarding rules in firewalls or routers the SSH server is behind. Also you need to modify your client to use the new port.
I just noticed an unstable ssh connection through Comcast for the first time this month. When I log in locally through the my router, everything works fine. When I log in remotely through the IP assigned by Comcast, the connection becomes really flaky. It works for a few seconds and then everything freezes. Then, maybe about a minute later, sometimes, I can communicate with my system again, only for everything to freeze again a few seconds later. Perhaps it’s a glitch at Comcast. If the problem persists next week, I’m going to call in a complaint. My apache2 server is acting the same way. When my openssh-server traffic opens up, so does my apache2 server traffic. When my openssh-server traffic halts, so does my apache2 server traffic.
It happened to me this morning. I was on SSH , it was working fine, but when I tried to open new one it didn’t let me. I thought there might be problem with my computer. I restarted and I can’t get in. I called godaddy and they were able to get in. I am able to get in from work. So now I am 100% sure comcast blocked me on SSH port.
I use comcast in Oregon and SSH Port 22 on a regular daily basis since may 4th I have not been able to do any outbound port 22. I was able to ssh INTO my comcast IP address from an outside connection. So it only appears that at least for me it is outbound only that is blocked.
In the last couple of weeks I have noticed substantial disruption in ssh traffic usually between the hours of about 5:00 pm to 12:00 am. I use comcast at home and use ssh to work from home. During these hours when I attempt to ssh into our office network I usually experience a delay in getting connected and once I’m finally logged in my session will last a grand total of about 5 seconds before the terminal stops responding to input and about a minute or two later my connection will drop. At first I thought it was an issue with our company’s T1 but I have confirmed the same behavior with a shell account I have at the University of Southern Mississippi. I’m not entirely sure what’s going on at this point, it could be a faulty cable modem for all I know, but web browsing doesn’t seem to be affected at all. I’m going to do some research to try and figure out if comcast really is disrupting the traffic before I jump to any conclusions, but I suspect that they are.
I use Comcast in Arkansas and cannot initiate any outbound SSH connections. I haven’t tried inbound but this outbound blocking is ANNOYING because thats how i manage my hosting server as well as work from home.
I use Comcast in California and I can’t SSH into my home computer or run an HTTP server. Also, they mess with my bittorrent traffic. Anyone know any good alternatives that allow you to do those things?
I have ComCrap in Northern VA and I use port 22 every day. I changed the Listening port on Remote Desktop to 22 because it the only port I can use outgoing from my employers network.
Yesterday I attempted to access my server using SSH from my home computer to my server, and it was blocked. I attempted from my hosts control panel, but it too wouldn’t connect. I still have yet to find out if it works. SSH works fine, I know because the host connected fine (or so they say). My last connection was yesterday around noon and I have had no connectivity yet. I use Comcast. I am trying with a port change, but it doesn’t work yet (could just require restart, etc.). I have Comcast in Richmond, VA.
If you find out anything, let me know.
yeah i am having the same issue. whenever i try to log in my machine from school, i will get the prompt for the username and password, then i use putty to create the tunnel and send all my internet traffic throught with firefox. howerver, firefox gives me my homepage then it freezes. As soon as i close the tunnel, firefox gives me a response saying the proxy couldn;t be found, which tells me that it detects the tunnel but can pass traffic through it.
Sometimes i don;t have problems typing command in putty; however, it will freeze after a few seconds after setting the tunnel. even my sftp client freezes after a few seconds after i get access to my home computer
i can confirm on comcast in the chicago burbs as well that i’m being blocked on incoming RD, VNC, & HTTP standard ports. changing ports did work for all protocols. annoying, but at least it works. definitely changing isp’s if they can somehow block it despite port changes. oddly enough i’ve seen no such problems w/ my bit torrent client.
I have Comcast in Minneapolis and have been unable to ssh into my server. Funny that when I’m on non-Comcast networks, it works fine. Since absolutely nothing has changed in any of my configurations between when it worked, and when it didn’t, I can only conclude that Comcast is making some very poor business decisions. Time to start sending letters and let them know, if necessary, we will vote with our dollars. In the meantime, I guess I’ll try to change ports.
I’ve been using VNC through SSH port 22 for years to access computer at home. Today, stopped working. Not even a ping. I used “chat” with Comcast to confirm I was using correct IP. Yup. I made sure computer was on with help of neighbor who is there. Still no ping. So, google and find this page. Yes, I strongly suspect Comcast has blocked my port 25. Twice in the past few months they have turned off my outgoing TCP port 22. Claimed I was being a bot for spam. No sign of it when I check firewall logs, and they won’t disclose source of “complaint.” I think they’re full of lies. (I have a Mac which is not susceptible to bot-behavior and I have most services turned off.) So now I’m trying to “chat” again, but this time I asked about “access to port” and they are being slow to respond. Hmmm…
I have been using ssh to connect to the servers I’m administering with years without problems, but… Last two days my outgoing ssh connections started freezing and timing out after few minutes of use.
As I’m having full control of the servers I’m connecting to, I started screening the traffic on both sides with interesting results. Reset packages are arriving once in a while, but those reset packages were never sent by the other side. My conclusion is that my cable Internet provider (Comcast) sends TCP reset packets and effectively breaks the communication. This behavior is not observed when using SprintPCS wireless Internet connection.
Comcast’s customer service representative has no idea what I’m talking about. I’m lucky that my city permits two cable providers to operate. I’m switching to RCN.
For at least a year now I’ve witnessed erratic behavior when trying to SSH to my home desktop, which is connected to the net via Comcast. Hours will go by where I can’t connect at all, and then for a few hours I’ll have no problem maintaining a consistent connection. I’ve tried using SSH on several different ports, but I always get the same erratic behavior. Regardless of the SSH connectivity state, I am always able to IM with my wife while she is using the machine that I’m trying to make the SSH connection to.
Yes, I’ve been unable to SSH to my home PC on comcast. They let web traffic through fine, but block SSH even when I changed it to a random high port.
They’re well known these days for packet analysis: regardless of port, they open packets to discover the type of traffic. If it’s a port their QoS doesn’t like, they’ll fake a close connection from the client.
It’s the network equivalent not only opening the neighbor’s mail, but putting return-to-sender on anything you don’t like the look of. Really it’s gone to far, there needs to be some consumer protection in place with ISPs.
I use comcast and until yesterday was able to SSH into my home PC on port 8443 just fine. All of a sudden yesterday, I connected for about 5 seconds before my terminal froze. Now I can’t connect at all.
I have Comcast at two locations and so far I’ve had the same experience in both places. SSH will connect but the connection flakes out after a few seconds. HTTP used to be inconsistent but now it looks like they shut it down altogether. This is truly disappointing.
Comcast is resetting SSH connections that show no traffic.
SSH HAS NO BANDWIDTH when unused but they still artificially kill the connections that are open.
WHY?
No other ISP does this with my setup.
I have travelled a lot, making connections from numerous places to the same server from my laptop.
ONLY when I use COMCAST do my SSH sessions get dropped after a few minutes of inactivity.
I don’t normally sit on a terminal pinging away, I go do other things and come back, expecting to be able to resume the work I was doing.
WHY would Comcraptic, shutdown links that use NO BANDWIDTH?
Why do they expect me to pay for premium services and then treat me with hostility?
I’m having the same issue. I can SSH on port 22 with my laptop from my work connection but at home (Comcast) I am blocked. I work as a free-lance developer from home and this totally puts me out of commission. WTF Comcast? I dread trying to explain this to the first line of support.
Just wanted to chime in with my Comcast experience. My ssh session into my home server hangs after a few seconds of activity… This started sometime in mid 2008.
Try doint a traceroute, it gets to comcrap and stops, not dies no response nothing! And if you dofind a hole they detect and actively block it. I got dyndns working on an alternate port all was wirking well pings etc and no less than 1 hour later it magically wouldnt work. I think there will be lawsuits someday soon !
I just signed up with comcast to get the higher speed. I found that PuTTY can connect to my ISP machine, but the connection drops if it is idle. I’m glad that I read what you folks have written. It sure looks like comcast will soon get a cancellation from me.
I also found that their nameserver lost the entry for my ISP. After chatting with support, I saw that I would have to educate them about what a nameserver was. It was like talking to a wall. I did find that I could connect to nameservers at opendns. At least it got me to the ISP that had may mail.
I believe I am having this problem as well, but it may be some configuration thing.
I just contacted Comcast using their online chat thing. After some refinement of the question and some delay (probably consultation and testing), the answer came back that Comcast is *not* blocking any ports, nor is it blocking ssh.
So I don’t know what it is. I’ve been using the WebMin utility, and while I can access my web pages remotely (apache and http on port 80), I can not ssh into this machine, even from this machine! (CentOS 5.x on an inexpensive intel box).
WebMin swears up and down that it’s running, and i can verify with a ps.
So I’m stumped.
Oh, i hang my head in shame. It was port forwarding that I’d forgot about. I revisited my router (AirPort Extreme) and set it up to route ssh to the correct internal IP, and now it works fine.
So no issues with comcast and ssh here (port 22).
Linux answer to this problem seems to be here. (Worked for me.)
http://elame.com/damnthatsannoying/?p=3