PDA

View Full Version : [ubuntu] SSH server connection OK for local but not for remote machine



nid
August 14th, 2010, 10:04 PM
Hi,

I am having trouble to make my SSH server working with remote machine. I appreciate any help!


telnet 192.168.1.102 22




Trying 192.168.1.102...
Connected to 192.168.1.102.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4


There is no problem to connect the server using ssh from a different machine in the network. But when I connected from a remote machine, the server was not reachable.



sudo iptables -vnL





Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 192.168.1.1 0.0.0.0/0 tcp flags:!0x17/0x02
36454 4996K ACCEPT udp -- * * 192.168.1.1 0.0.0.0/0
417 37360 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
9 504 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
64 16769 DROP all -- eth0 * 0.0.0.0/0 255.255.255.255
1131 105K DROP all -- * * 0.0.0.0/0 192.168.1.255
0 0 DROP all -- * * 224.0.0.0/8 0.0.0.0/0
3031 91317 DROP all -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
222 97628 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 LSI all -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5
1085K 1258M INBOUND all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Input'
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Forward'

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 192.168.1.102 192.168.1.1 tcp dpt:53
36611 2436K ACCEPT udp -- * * 192.168.1.102 192.168.1.1 udp dpt:53
417 37360 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/8 0.0.0.0/0
157 12627 DROP all -- * * 0.0.0.0/0 224.0.0.0/8

Bachstelze
August 14th, 2010, 10:53 PM
You can't connect from a machine outside your LAN with your local IP address. You have to setup port forwarding in your router and use your public address.

nid
August 15th, 2010, 03:43 PM
I added SSH forwarding with the router configuration tool and now it seems to work but I need to check later with an outside machine. Great help. Thanks!

bilkay
August 23rd, 2010, 07:44 PM
Sorry to barge in here, but I have a question.

Here's the port forwarding section of my router:

Protocol: TCP/UDP
WAN port range: ___ to ___
LAN IP address: ________________________
LAN port range: ___ to ?
Add


$ grep ssh /etc/services
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp

Do I add 22 to all port range entries, my desktop's IP address in "LAN IP address", and Add an entry for both TCP and UDP?

Trial and error isn't really much of an option.

Thanks!

amauk
August 23rd, 2010, 07:47 PM
Protocol: TCP
WAN port range: 22 to 22
LAN IP address: <Your_Machine's_Internal_IP>
LAN port range: 22 to 22

s1gnAl
August 23rd, 2010, 07:48 PM
Sorry to barge in here, but I have a question.

Here's the port forwarding section of my router:

Protocol: TCP UDP (options: TCP and UDP)
WAN port range: to
LAN IP address:
LAN port range: to ?


Protocol: TCP
Wan port range: 22 to 22
LAN IP address: the ip of your machine
LAN port range: 22 to 22

Not sure of your brand of router, but those settings should work.

Hope that helps :)

bilkay
August 23rd, 2010, 10:47 PM
Protocol: TCP
Wan port range: 22 to 22
LAN IP address: the ip of your machine
LAN port range: 22 to 22

Not sure of your brand of router, but those settings should work.

Hope that helps :)

Sure did!

Thanks...

nid
September 18th, 2010, 03:33 AM
I haven't fixed the problem. Now I tried to use a machine to ssh my home ssh server, the results follow. By the way, I was able to ssh and log into a different server, so the problem is mostly likely on my home ssh server.

ssh -vvv jon@internet.ip


OpenSSH_5.6p1, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/jonw/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec /usr/local/bin/corkscrew proxy.ip 8080 ssh.home.server 22
debug1: permanently_drop_suid: 73291
debug1: identity file /home/jonw/.ssh/id_rsa type -1
debug1: identity file /home/jonw/.ssh/id_rsa-cert type -1
debug1: identity file /home/jonw/.ssh/id_dsa type -1
debug1: identity file /home/jonw/.ssh/id_dsa-cert type -1
ssh_exchange_identification: Connection closed by remote host

But I am not sure what to do next. I checked my server /etc/hosts.deny which has nothing there.

Thanks in advance!

v1ad
September 18th, 2010, 04:01 AM
question is what ip are you using. if your ip starts with 192.* it will never work remotely. go to ip chicken from the computer you are trying to access and use the ip provided.
ssh [email]username@ip_from_ipchicken...

nid
September 18th, 2010, 12:32 PM
question is what ip are you using. if your ip starts with 192.* it will never work remotely. go to ip chicken from the computer you are trying to access and use the ip provided.
ssh [email]username@ip_from_ipchicken...

That's what I did above.

CharlesA
September 18th, 2010, 12:48 PM
That's what I did above.
If port forwarding is set up correctly, I would move sshd to another port to see if yer ISP is blocking port 22.

Edit this line in /etc/ssh/sshd_config:

# What ports, IPs and protocols we listen for
Port 22

Change it to something like 2222, or a higher port number and update your port forwarding.

nid
September 18th, 2010, 07:04 PM
If port forwarding is set up correctly, I would move sshd to another port to see if yer ISP is blocking port 22.

Edit this line in /etc/ssh/sshd_config:

# What ports, IPs and protocols we listen for
Port 22

Change it to something like 2222, or a higher port number and update your port forwarding.

I wish my port forwarding was correct. To verify, should I put the ip chicken at LAN server when doing port forwarding?

Thanks!

v1ad
September 18th, 2010, 10:01 PM
when forwarding a port you have to specify the local ip address for the computer that you are trying to access.

CharlesA
September 18th, 2010, 11:19 PM
I wish my port forwarding was correct. To verify, should I put the ip chicken at LAN server when doing port forwarding?

Thanks!

It's the local IP address. Check here (http://portforward.com/) for some info on port forwarding. :)

nid
September 19th, 2010, 12:26 AM
If port forwarding is set up correctly, I would move sshd to another port to see if yer ISP is blocking port 22.

Edit this line in /etc/ssh/sshd_config:

# What ports, IPs and protocols we listen for
Port 22

Change it to something like 2222, or a higher port number and update your port forwarding.

For some reason, it did not work for me. I tried 2222 and 1922 but both did not work according to the results checked on http://www.yougetsignal.com/tools/open-ports/. Indeed, port 22 works. By the way, I used internal ip address for port forwarding.

I was wondering what should I check next?

CharlesA
September 19th, 2010, 12:28 AM
Are you trying to connect from inside the network using the external ip address?

Most of the time that won't work, since the router doesn't know what to do.

nid
September 19th, 2010, 01:19 AM
Are you trying to connect from inside the network using the external ip address?

Most of the time that won't work, since the router doesn't know what to do.

No. I was trying to connect from outside the network.

CharlesA
September 19th, 2010, 01:54 AM
No. I was trying to connect from outside the network.
Hrm ok.

Try doing a scan with something like shieldsup! from your local network and see if port 22 is shown as open.

That'll confirm that the port is open and port forwarding is set up correctly.

nid
September 19th, 2010, 02:32 AM
Hrm ok.

Try doing a scan with something like shieldsup! from your local network and see if port 22 is shown as open.

That'll confirm that the port is open and port forwarding is set up correctly.

The results from shieldsup! confirmed that the port 22 is open.

CharlesA
September 19th, 2010, 03:10 AM
The results from shieldsup! confirmed that the port 22 is open.

Then you should be able to connect. Are there any firewall rules enabled on the server running ssh?

nid
September 19th, 2010, 03:35 AM
Then you should be able to connect. Are there any firewall rules enabled on the server running ssh?

The firewall rule allows ssh. The good news is that it works now somehow!:)

CharlesA
September 19th, 2010, 03:41 AM
The firewall rule allows ssh. The good news is that it works now somehow!:)
Glad it's working now. Don't forget to mark as solved. :)