Ssh: connection timed out after system update to 15.5

tuxiejahn · September 19, 2023, 12:19am

Hi all!
I have updated opensuse LEAP 15.3 to 15.4, then 15.4 => 15.5
Firewall was configured to allow incoming ssh connections that worked well.
After update all ports seem blocked, I can’t ssh to the machine, nor can I find network printers etc. anymore.
!! The weirdest part: this behavior remains after I permanently disabled firewalld and apparmor, and reboot. What else on Earth could block the ports?

The network is the same simple home 192.168.1./24
ping is not blocked, I can ping the machine
/sys/kernel/security/apparmor/profiles contains zero-sized files

firewall-cmd --state
not running

iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

nmap -sTU -O 192.168.1.208
Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-18 16:48 PDT
Nmap scan report for panda (192.168.1.208)
Host is up (0.15s latency).
All 2000 scanned ports on panda (192.168.1.208) are in ignored states.
Not shown: 1000 filtered tcp ports (no-response), 1000 open|filtered udp ports (no-response)
MAC Address: DA:0D:16:57:1D:AE (Unknown)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 409.38 seconds

tuxiejahn · September 19, 2023, 1:11am

forgot to mention, I can ssh on the same machine, so ssh itself is working properly.
Also:

aa-status
apparmor module is loaded
apparmor filesystem is not mounted

The module is compiled into the kernel so can’t be unloaded, if it matters here at all.

tuxiejahn · September 19, 2023, 2:16am

even more interesting, netstat on the openSUSE machine says the sshd port is in LISTEN state:

netstat -lnptu |grep ssh
tcp  0  0 0.0.0.0:52002  0.0.0.0:*  LISTEN  1066/sshd: /usr/sbin

ps -ef |grep ssh
root  1066  1 0 18:30 ?  00:00:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

And I don’t see anything useful in log files (/var/log, journalctl, dmesg) as well.

tuxiejahn · September 19, 2023, 2:37am

Now I tried nmap on the openSUSE machine targeting its lan ip:

nmap -sTU -O 192.168.1.208
Starting Nmap 7.92 ( https://nmap.org ) at 2023-09-18 19:22 PDT
Nmap scan report for panda (192.168.1.208)
Host is up (0.000099s latency).
Not shown: 999 closed tcp ports (conn-refused), 998 closed udp ports (port-unreach)
PORT     STATE         SERVICE
5901/tcp open          vnc-1
68/udp   open|filtered dhcpc
5353/udp open|filtered zeroconf
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.85 seconds

I just don’t understand what’s going on, what blocks all ports for access from LAN, and where is SSH in this local scan’s open ports…
VNC is listed but also inaccessible from any other machine on the network.

arvidjaar · September 19, 2023, 4:04am

As is clearly shown in the output you posted, it listens on port 52002.

tuxiejahn · September 19, 2023, 4:36am

I mean the local nmap output, there is none. But it was my mistake: nmap scans 2000 ports, and ssh sits on 52002, needed to scan it directly. Now the notebook is not here so I can’t test it more at the moment, it’s my kiddo’s and I need them to have no issues while roaming through uni campus.

p.s. sorry for my English…

tuxiejahn · September 21, 2023, 2:07am

okay, I’ll reinstall suse as a fresh start, and also gonna install it on my rpi to keep it tested.
Hope to find out what blocks ports without firewalld & netfilter rules. Weired, looks unusual for Linux which I dig for its simplicity and predictability. But I’m a Debian/Arch guy, openSUSE was chosen for its advanced GUI for my kiddo that lives far away.