Country-based firewall on Digital Ocean? SSH access not working on while Console access works

October 21, 2019 72 views
DigitalOcean Accounts
epogrebnyak
By:
epogrebnyak 
ssh 165.227.167.204

Gives ssh: connect to host 165.227.167.204 port 22: Resource temporarily unavailable

I enabled the 22 port and restarted ssh service.

When I ping from a web service I get a reposnse:

PING 165.227.167.204 (165.227.167.204) 56(84) bytes of data.
64 bytes from 165.227.167.204: icmp_seq=1 ttl=48 time=97.5 ms
64 bytes from 165.227.167.204: icmp_seq=2 ttl=48 time=97.2 ms
64 bytes from 165.227.167.204: icmp_seq=3 ttl=48 time=97.1 ms

--- 165.227.167.204 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 97.143/97.313/97.594/0.411 ms

When doing the ping form my computer I get no output.

Got an impression there is a IP or country-based firewall on Digital Ocean. For example, when putting the address in a browser with SSH-tunnel I get

dial tcp 165.227.167.204:80: connect: connection refused

when just putting this into browser I get no response.

Sign In to Comment
1 Answer
alexdo MOD October 22, 2019

Hello, @epogrebnyak

Can you perform a traceroute to your server/droplet so we can see the hops and where exactly is the issue?

I can see that port 22 is open on 165.227.167.204 and also I’m getting a password prompt when trying to ssh as well.

The traceroute command can be executed like this:

For Windows 8.x and newer:

Use the search window, type command prompt and click on the Command Prompt result.

Type 

tracert yourdomain.com

and press Enter.

This will provide traceroute results from your computer to yourdomain.com. You can also use tracert with an IP, i.e. tracert 1.2.3.4

For more information on how to copy and paste the traceroute results, please check this article.

Mac OS
You need to open up Terminal, located under Applications -> Utilities -> Terminal and type:

traceroute yourdomain.com

and press Enter.

Alternatively, you can go to the Applications folder -> Utilities -> Network Utility -> Traceroute and specify your domain or IP address.

You can also use traceroute with an IP, i.e. traceroute 1.2.3.4

Linux
Open a Terminal window and type:

traceroute -I yourdomain.com

The -I option is necessary so that the traceroute uses ICMP. You can also use traceroute with an IP, i.e. traceroute -I 1.2.3.4

Let me know how it goes.

Have another answer? Share your knowledge.

Related