Skip to main content
Solved

SSH connection timeout


_aDiedericks
Forum|alt.badge.img+8

Hi there,

We seem to be having issues trying to SSH into devices with SSH enabled on a backdoor local admin account. This issue is only apparent when trying to connect over the internet to a host with SSH enabled. When that device is on the same local network I'm able to SSH fine without issue.

I've tested multiple machines in the environment and issue is exactly the same on all machines.

This is the script used to enable SSH on the target device:

 

#!/bin/sh ssh_user="THE_USERNAME_OF_THE_ADMIN_USER_ACCOUNT" # turn ssh on systemsetup -setremotelogin on # append user to ssh group dseditgroup -o edit -a $ssh_user -t user com.apple.access_ssh # restart ssh launchctl unload /System/Library/LaunchDaemons/ssh.plist sleep 5 launchctl load -w /System/Library/LaunchDaemons/ssh.plist exit 0

 


And connect in Terminal using 'ssh THE_NAME_OF_THE_ADMIN_USER_ACCOUNT@targetIp' 

Best answer by mschlosser

SSH over the internet would more then likely be blocked by the WAN firewall of the remote internet connection; as it should be

View original
Did this topic help you find an answer to your question?

3 replies

Forum|alt.badge.img+11
  • Contributor
  • 126 replies
  • Answer
  • October 16, 2023

SSH over the internet would more then likely be blocked by the WAN firewall of the remote internet connection; as it should be


sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3536 replies
  • October 16, 2023
mschlosser wrote:

SSH over the internet would more then likely be blocked by the WAN firewall of the remote internet connection; as it should be


It's not so much that it would be blocked by a firewall, but that there's no automatic process in macOS or the Jamf Pro agent to configure the local router to do port forwarding of SSH traffic to a Mac (and that's a good thing). Macs on VPN connections have similar issues. Direct SSH access really isn't going to work for Macs not on the same network, and you may want to investigate tools that offer remote access options that will. I don't know if Jamf Connect offers that, but tools I've seen with that capability include CrowdStrike and Tanium.


AJPinto
Forum|alt.badge.img+26
  • Legendary Contributor
  • 2712 replies
  • October 16, 2023

Generally speaking, unless you use a VPN this is not possible as device A cannot address device B to route traffic.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings