Bell

Thanks @ZaneP ,

That's odd, this morning I asked a friend of mine to scan it on his HH4K and it's open on his too.

You need to scan from outside your home network. Try telnet'ing to yyour public IP port 22 from your smartphone data connection or from some other network like Videotron.

Regards,
Felice

I've tried to ssh to my public IP port 22, with my phone with a non-Bell data connection. Keeps timing out 🙄

Bell uses port 22 to manage the modem, afaik. Did your HH4000 get a firmware update recently?

Someone else posted to this Community forum re SSH, here . Also, a recent post was made to the Bell sub on Reddit, here . Sounds like an RSA key change? 

i think do not know as it should be automatic. so i guess there is no way to close it?

Why is this marked as "solved"? 

There is a rogue dropbear server running on "Giga Hub", preventing the use of port 22 for user services.  This a big security risk, and very inconvenient for those of us that need port 22.

It's ridiculous, I've never seen this behaviour in 35 years of internet use.  A modem or router has no reason to block a standard and well-known port, especially one below 1024, for it's own internal use.  There are multiple CVEs on dropbear, and it forces me to do a lot of work to update other scripts to include port numbers.

Bell please revert your changes and allow your users to use the ports we've paid for, as is standard for any ISP in the world.

Agreed. This issue is not solved. MITM attack in SSH?

i actually call bell for it, and they have no idea about it and keep telling me that they do can not change anything other than resetting password. Guess will need another hot fix for the router.

The open port exposes exploits.

I don't think the first tier of Bell tech support is equipped to deal with this issue. You may want to post your specific concerns, with as much detail as you can provide, to the Bell Direct forum on DSL Reports, here . The forum is moderated by Bell techs, and your post is private. You'll need to register as a user, since anonymous posts are not accepted on that forum.

You could also post publicly, to get users' feedback and input, on this DSL Reports Bell forum

At some point in the past few months, my SSH forward to my home server stopped working.

I finally had time to explore in detail, and it appears the Giga Hub is responding with Dropbear SSH on port 22 instead of honouring my forward. This seems like a huge security risk, and overall broken as a concept, since it breaks the legitimate forward. The forward does work on another port.

Other posts suggest that this broke back in January with a firmware update.

Is Bell getting this issue fixed with another update?