Arch Linux

brando56894

Member

From: NYC

Registered: 2008-08-03

Posts: 681

[Solved] SSH Can Connect Locally But Not Remotely

I can log in to ssh via my LAN, more specifically make a loopback connection using my LAN ip address, but if I try and use my external IP address it says connection closed by remote host

#
# /etc/hosts.allow
#

sshd: ALL

# End of file

#
# /etc/hosts.deny
#



# End of file

#    $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 1985
#AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel VERBOSE

# Authentication:

LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 2
MaxSessions 2
AllowUsers bran


#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile    .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 12
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem    sftp    /usr/lib/ssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#    X11Forwarding no
#    AllowTcpForwarding no
#    ForceCommand cvs server

Last edited by brando56894 (2010-05-06 07:42:40)

Sin.citadel

Member

Registered: 2008-01-22

Posts: 267

Re: [Solved] SSH Can Connect Locally But Not Remotely

try adding ALL: ALL: DENY (this is the default) to /etc/hosts.deny, since the order is /etc/hosts.allow supersedes /etc/hosts.deny, maybe that'll help, also, try setting the ListenAddress to the specific interface ip (for testing) to see if it works then

gishten

Member

Registered: 2009-01-09

Posts: 39

Re: [Solved] SSH Can Connect Locally But Not Remotely

If you're sitting behind a router you'll need to forward port 22.

---

Believe in the Ideal, not the Idol.

brando56894

Member

From: NYC

Registered: 2008-08-03

Posts: 681

Re: [Solved] SSH Can Connect Locally But Not Remotely

@sin.citadel
I tried that before (host.deny) and it didn't work, I tried it again just for the hell of it and it still didnt work. I also tried setting a listen address that didn't work either.

@gishten
I use a different port but it is forwarded

edit: its definitely not a problem with the router since I connected directly to the modem and still had the same problem.

Last edited by brando56894 (2010-05-04 21:49:12)

Sin.citadel

Member

Registered: 2008-01-22

Posts: 267

Re: [Solved] SSH Can Connect Locally But Not Remotely

do you have any iptables rules configured, since you are behind a router, i m guessing that you only have a private ip for the arch box , if ssh works from your own machine (local loopback with LAN ip) or from any other LAN machine (try checking from other lan machine if possible) then the problem is that your router is not forwarding the port correctly, check its settings.

Zeist

Arch Linux f@h Team Member

Registered: 2008-07-04

Posts: 532

Re: [Solved] SSH Can Connect Locally But Not Remotely

Could be that port 1985 (which it seems you use) gets blocked by your ISP since it's the default HSRP port.

Last edited by Zeist (2010-05-05 06:05:52)

---

I haven't lost my mind; I have a tape back-up somewhere.
Twitter

brando56894

Member

From: NYC

Registered: 2008-08-03

Posts: 681

Re: [Solved] SSH Can Connect Locally But Not Remotely

Thanks for the response buddy but the router isn't the problem (as I stated in the post above yours), I just thought it was since I have two things using the same port (external router config page and SSH) but then I just remembered that I completely bypassed the router and it still didnt work. I dont have iptables configured and ive been using either my laptop or my moto droid to do the connecting testing, they both will work internally (lan ip to lan ip) but not externally, even with a default ssh.conf and sshd.conf. That makes me think that its a problem with something other than SSH or the router, what else could it be?

Sin.citadel

Member

Registered: 2008-01-22

Posts: 267

Re: [Solved] SSH Can Connect Locally But Not Remotely

does your arch box only have one interface or the interface for lan and router is different? also, since you cant connect on port 22, your ISP is not blocking the ports.

also, for your external testing, are you checking from inside your own network, or from another network?

timm

Member

From: Wisconsin

Registered: 2004-02-25

Posts: 417

Re: [Solved] SSH Can Connect Locally But Not Remotely

Any helpful information in /var/log/auth.log?

bangkok_manouel

Member

From: indicates a starting point

Registered: 2005-02-07

Posts: 1,556

Re: [Solved] SSH Can Connect Locally But Not Remotely

try with the -vv flag too

brando56894

Member

From: NYC

Registered: 2008-08-03

Posts: 681

Re: [Solved] SSH Can Connect Locally But Not Remotely

does your arch box only have one interface or the interface for lan and router is different? also, since you cant connect on port 22, your ISP is not blocking the ports.

also, for your external testing, are you checking from inside your own network, or from another network?

Theres only one interface and I'm trying it internally from my netbook (also running arch/chakra) and externally from my motorola droid.

The really odd thing is that this worked perfectly with the same settings before I reinstalled chakra.

try with the -vv flag too

I have and it doesn't provide anything useful. As for checking the logs Ill look at them later since I'm in windows right now.

Sin.citadel

Member

Registered: 2008-01-22

Posts: 267

Re: [Solved] SSH Can Connect Locally But Not Remotely

since there is ony one interface, i m guessing the log files wont have must useful info, still, have you tried running another service (http or other) and then forwarding it from the router to see if it works, also, try a sysupgrade (wont probably help, but worth a try)

brando56894

Member

From: NYC

Registered: 2008-08-03

Posts: 681

Re: [Solved] SSH Can Connect Locally But Not Remotely

It works now I changed the port in ssh_config, sshd_config and in my router port forwarding table and everything worked fine, I'm assuming this was a problem since ssh and the router config page were both listening on the same port, but that doesnt explain why it wouldn't connect when I completely bypassed the router.

Thanks for the help guys.