Skip to main content
Solved

SSH connection timeout

_aDiedericks
Forum|alt.badge.img+8

Hi there,

We seem to be having issues trying to SSH into devices with SSH enabled on a backdoor local admin account. This issue is only apparent when trying to connect over the internet to a host with SSH enabled. When that device is on the same local network I'm able to SSH fine without issue.

I've tested multiple machines in the environment and issue is exactly the same on all machines.

This is the script used to enable SSH on the target device:

 

#!/bin/sh ssh_user="THE_USERNAME_OF_THE_ADMIN_USER_ACCOUNT" # turn ssh on systemsetup -setremotelogin on # append user to ssh group dseditgroup -o edit -a $ssh_user -t user com.apple.access_ssh # restart ssh launchctl unload /System/Library/LaunchDaemons/ssh.plist sleep 5 launchctl load -w /System/Library/LaunchDaemons/ssh.plist exit 0

 


And connect in Terminal using 'ssh THE_NAME_OF_THE_ADMIN_USER_ACCOUNT@targetIp' 

Best answer by mschlosser

SSH over the internet would more then likely be blocked by the WAN firewall of the remote internet connection; as it should be

View original
    Did this topic help you find an answer to your question?

    3 replies

    M
    Forum|alt.badge.img+11
    • mschlosser
    • Contributor
    • 126 replies
    • Answer
    • October 16, 2023

    SSH over the internet would more then likely be blocked by the WAN firewall of the remote internet connection; as it should be

    aparten11
    _aDiedericks
    2 people like this
    • aparten11
      aparten11
    • _aDiedericks
      _aDiedericks
    sdagley
    Forum|alt.badge.img+25
    • sdagley
    • Jamf Heroes
    • 3536 replies
    • October 16, 2023
    mschlosser wrote:

    SSH over the internet would more then likely be blocked by the WAN firewall of the remote internet connection; as it should be


    It's not so much that it would be blocked by a firewall, but that there's no automatic process in macOS or the Jamf Pro agent to configure the local router to do port forwarding of SSH traffic to a Mac (and that's a good thing). Macs on VPN connections have similar issues. Direct SSH access really isn't going to work for Macs not on the same network, and you may want to investigate tools that offer remote access options that will. I don't know if Jamf Connect offers that, but tools I've seen with that capability include CrowdStrike and Tanium.

    aparten11
    _aDiedericks
    2 people like this
    • aparten11
      aparten11
    • _aDiedericks
      _aDiedericks
    AJPinto
    Forum|alt.badge.img+26
    • AJPinto
    • Legendary Contributor
    • 2712 replies
    • October 16, 2023

    Generally speaking, unless you use a VPN this is not possible as device A cannot address device B to route traffic.

    aparten11
    _aDiedericks
    2 people like this
    • aparten11
      aparten11
    • _aDiedericks
      _aDiedericks

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings