[GTALUG] UofT ssh shutdown?

Fri Jun 28 15:30:04 EDT 2019

On 2019-06-28 1:41 p.m., Peter King via talk wrote:

Up until 3am on Wednesday, 26 June, I had a solid and reliable way to ssh
into the UofT, talking to my computers (three of them) there; they would
also provide redundant backup for my data every night.  Well, without any
warning, suddenly I can no longer ssh in to those computers -- all attempts
to connect just time out.  They are still running, I just can't get to
them, and since I'm about 1000km away at the moment this is pretty rough.

I talked to the JOG (Joint Operations Group) at the UofT, who had no real
idea about this but pointed out that they had tightened their "security"
recently because of a massive hole in RDP.  I looked at the bug description
and it didn't look like it had anything to do with ssh, and besides they
did that a few weeks ago and everything was working for me perfectly until
the day before yesterday.  On the other hand, someone somewhere might have
just decided it was easier to block all remote access -- though you'd think
there would be a hue and cry were that so, and the JOG didn't know anything
about it.  The problem has been bucked over to the local UofT support group
but the people on this list are far more knowledgeable, and more likely to
have noticed problems, indeed to have solved them too.  So I thought I'd
ask.  Has anyone noticed anything about ssh access to the UofT in the past
few days?

Did they ask you to try

    traceroute -4 -T foo.philosophy.utoronto.ca

optionally with -p 22

I tried it, but I don't know any actual philosophy domain names.

All I got was
$ sudo traceroute -4 -T -p 22 philosophy.utoronto.ca
traceroute to philosophy.utoronto.ca (142.1.176.100), 30 hops max, 60 byte packets
 1  router (192.168.0.1)  1.599 ms  2.291 ms  3.324 ms
 2  * * *
 3  8081-dgw01.ym.rmgt.net.rogers.com (67.231.222.137)  21.460 ms  21.786 ms  30.481 ms
 4  0-14-0-11-cgw01.ym.rmgt.net.rogers.com (209.148.235.149)  29.720 ms 209.148.233.205 (209.148.233.205)  25.956 ms 3033-cgw01.ym.rmgt.net.rogers.com (209.148.232.73)  29.857 ms
 5  209.148.235.18 (209.148.235.18)  30.500 ms  30.933 ms  30.738 ms
 6  orion.ip4.torontointernetxchange.net (206.108.34.40)  31.624 ms  30.090 ms  30.225 ms 7  66.97.16.21 (66.97.16.21)  28.504 ms 66.97.21.21 (66.97.21.21)  21.920 ms 66.97.16.21 (66.97.16.21)  21.731 ms
 8  66.97.23.58 (66.97.23.58)  20.783 ms  22.078 ms  22.948 ms
 9  utoronto1-ut-hub-if-re.gtanet.ca (205.211.94.234)  22.671 ms  26.360 ms  26.128 ms
10  128.100.96.20 (128.100.96.20)  25.821 ms  21.075 ms  25.145 ms
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
No host or network unreachables...

Port 80 (the default) did get farther than 22, so that says something.

$ sudo traceroute -4 -T philosophy.utoronto.ca
traceroute to philosophy.utoronto.ca (142.1.176.100), 30 hops max, 60 byte packets
 1  router (192.168.0.1)  1.770 ms  2.432 ms  3.775 ms
 2  * * *
 3  8081-dgw01.ym.rmgt.net.rogers.com (67.231.222.137)  20.456 ms  21.383 ms  29.671 ms
 4  3033-cgw01.ym.rmgt.net.rogers.com (209.148.232.73)  29.211 ms  29.439 ms  28.414 ms
 5  209.148.228.218 (209.148.228.218)  27.324 ms  28.236 ms  29.261 ms
 6  21-cgw01.ym.rmgt.net.rogers.com (209.148.228.217)  36.569 ms  35.019 ms  35.040 ms
 7  209.148.230.10 (209.148.230.10)  34.115 ms  17.087 ms 209.148.235.22 (209.148.235.22)  21.829 ms
 8  orion.ip4.torontointernetxchange.net (206.108.34.40)  22.905 ms  22.442 ms  22.065 ms
 9  66.97.16.21 (66.97.16.21)  18.974 ms  19.721 ms 66.97.21.21 (66.97.21.21)  20.855 ms
10  66.97.23.58 (66.97.23.58)  21.092 ms  18.229 ms  17.258 ms
11  utoronto1-ut-hub-if-re.gtanet.ca (205.211.94.234)  17.942 ms  17.856 ms  17.582 ms
12  128.100.96.20 (128.100.96.20)  17.657 ms  20.620 ms  18.898 ms
13  myweb.eis.utoronto.ca (142.1.176.100)  29.901 ms  29.365 ms  28.471 ms

I'd pass that on to your contacts: about utoronto1-ut-hub-if-re.gtanet.ca the port 22 packetss stop drawing a response.

--dave

(The problem occurs on several different networks, accessing from computers
as far away as Virginia and North Carolina, to one located in Toronto
itself but not on the University network -- all have the same problem.)

I've managed to come up with a workaround to be able to check/read email,
but I would like to be able to ssh in to my other computers -- one runs a
git server, for instance.

All suggestions welcome!  Thanks.

---
Talk Mailing List
talk at gtalug.org<mailto:talk at gtalug.org>
https://gtalug.org/mailman/listinfo/talk

--
David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
dave.collier-brown at indexexchange.com<mailto:dave.collier-brown at indexexchange.com> |              -- Mark Twain

CONFIDENTIALITY NOTICE AND DISCLAIMER : This telecommunication, including any and all attachments, contains confidential information intended only for the person(s) to whom it is addressed. Any dissemination, distribution, copying or disclosure is strictly prohibited and is not a waiver of confidentiality. If you have received this telecommunication in error, please notify the sender immediately by return electronic mail and delete the message from your inbox and deleted items folders. This telecommunication does not constitute an express or implied agreement to conduct transactions by electronic means, nor does it constitute a contract offer, a contract amendment or an acceptance of a contract offer. Contract terms contained in this telecommunication are subject to legal review and the completion of formal documentation and are not binding until same is confirmed in writing and has been signed by an authorized signatory.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20190628/bfbb7356/attachment.html>