Results 1 to 4 of 4

Thread: Cant access Server with OpenSSH remotely

  1. #1
    Join Date
    Oct 2007
    Beans
    149
    Distro
    Ubuntu 9.10 Karmic Koala

    Cant access Server with OpenSSH remotely

    Hi,

    I got two computers on my local network. One is running Ubuntu Server 20.04, the other Windows (with Putty).

    I can access my Ubuntu server, using putty on the "windows-computer", when i use the Ubuntu-severs LAN-IP: 192.168........, and it is possible to log in.

    When i try to access Ubuntu-server using the servers "External IP", i'm getting "Access denied" in putty, even thought the usern/pw is the same.

    I have checked that UFW is enabled, and the SSH seems to be open in UFW.
    I got a new router from ISP not so long ago, i believe i have added port forwarding in the router for Ubuntu-server IP/Port (tcp/udp).

    When connecting on ssh with putty, i get contact with the Ubuntu server, because i can type the user-name, but the password does not seem to work. What am i missing here ?
    Is there a problem connecting since both computers is behind the same "External-IP" ?

    Tnx
    Confusion will be my epitaph

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    21,307
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Cant access Server with OpenSSH remotely

    Try using the Win10 ssh command, not putty. Use
    Code:
    ssh -vvvv username@LAN-IP
    Does that work?
    If it doesn't, there is a different issue.

    If it does, try
    Code:
    ssh -vvvv username@WAN-IP
    If that doesn't work, then the router setup or capabilities is the issue. Look there for the problems.

    BTW, please don't use port 22/tcp on the WAN side. This is asking to be hacked.
    Also, please don't use passwords for any internet connections. Use ssh-keys only and prevent any connections that attempt to use passwords. Passwords over the internet is asking to be hacked.

    Some routers don't allow internal systems to access the WAN-IP can come back inside. This is a security setting. Some which do enable it have a setting to disable it. Sorry, I don't know that setting name.

    So, after all the win10 ssh command methods work, then you'll be able to fight with putty to get that working. I helped someone with Win10 use the built-in ssh command to setup keys a few weeks ago. It worked just like on Linux, just with Windows paths. We used relative paths since ~/ doesn't work on Windows. Too bad. Also, Windows doesn't have a ssh-copy-id command, so getting the public ssh-key onto the remote system wasn't trivial. Win10 does have ssh and ssh-keygen commands, however. The key setup on Linux is easy:
    Code:
    $ ssh-keygen -t ed25519
    $ ssh-copy-id -i ~/.ssh/id_ed25519.pub username@remote
    $ ssh username@remote
    That's it for that part of the setup.
    On the ssh-server side, to prevent passwords from WAN IPs,
    Code:
       $ sudoedit /etc/ssh/sshd_config
    Change line with:
    PasswordAuthentication yes
    to
    PasswordAuthentication no

    After that line, add:
    Code:
      Match Address 192.168.22.0/24,172.21.22.0/24,172.22.21.0/24
          PasswordAuthentication yes
    Obviously, edit the IP subnets for your needs and restart the sshd to re-read the config file.

    The ssh-copy-id tool, takes the public key, appends it to the ~/.ssh/authorized_keys file and ensures the directory and file permissions are correct. ssh is picky about the ~/.ssh/ directory being 700 and most files inside it have to be 600, except and public keys generated on-that-machine. Public keys pushed to the machine go inside the authorized_keys file, not separate files.
    Last edited by TheFu; 4 Weeks Ago at 02:12 PM.

  3. #3
    Join Date
    Oct 2007
    Beans
    149
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Cant access Server with OpenSSH remotely

    Hi, and thanks.

    So i changed the port to something else then 22, thats ok (Both in /etc/ssh/sshd_config and Port-Forwarding in my router).
    I'm restricted to Putty as my windows computer is managed by my administrator, and openSSH client is not an option... (it is not buildt in to the win CLI it seems, atleast i get errors when trying to execute).

    Also the windows computer has a firewall, which i cant turn off. However, in the past i have got this working from the office with putty, but not any longer. Any suggestions why?
    I can ping my home comp from the office, but Putty get "Network erro: Connection timed out"

    EDIT:
    I also run the TNC command from Win-PowerShell, so i get that the ping is ok, but the "TcpTestSucceeded=false". Hm, must be something not correct in the router then.
    The router configuration should be in "Port Forwarding", right ?

    EDIT2: What parameters do i need to set and how, this is my router:
    https://portforward.com/inteno/eg400/

    Source Zone; Do i need to set this? Or can i leave it blank? (it has options like MDGM, HID; SIP or something, i don't remember the abbreviations atm)
    Destination zone: LAN
    Source IP address: Is it relevant, as i can be random? ( I think this is to restrict only certain computers to be able to use the rule (?) )
    Dest. Device,: I can select the devices connected to my router on local side, so choosing my server, provides the correct Dst. IP Address.
    Dest. IP Address,: My servers IP-adress (Local one: 192.168.......)
    Protocol: i think i set TCP/UDP, but that should be fine ?
    Source Port: not 22, but my newly configured one. What is this actually representing? The routers inbound port?
    Destination Port : not 22, but my newly configured one. (This is the actual port configured in /etc/ssh/sshd_Config on server/destination-Computer I assume)
    Last edited by Sceiron; 4 Weeks Ago at 10:37 AM.
    Confusion will be my epitaph

  4. #4
    Join Date
    Oct 2007
    Beans
    149
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Cant access Server with OpenSSH remotely

    Ok, so i finally configured my router to use "Bridged Mode" for the spesific port the server is running on, and now it works. Original post question is solved.
    Confusion will be my epitaph

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •