Arch Linux

doubleslash

Member

Registered: 2011-08-16

Posts: 80

[SOLVED] cannot ssh from outisde LAN

I have 2 computers: desktop running ssh server and laptop trying to access it. I have configured the router to forward a certain port to my desktop. I can ssh from my laptop when it's in the local network using either the dekstop's local ip or the router's external ip. However, I cannot access it when my laptop is outisde the lan, e.g. from work or at a starbucks. Any help is greatly appreciated. Thanks.

Last edited by doubleslash (2011-12-13 16:35:31)

ewaller

Administrator

From: Pasadena, CA

Registered: 2009-07-13

Posts: 19,804

Re: [SOLVED] cannot ssh from outisde LAN

Which port are you forwarding? (Hint: it should be decimal 22)

Hitting the external address from behind the router will cause the router to route return traffic -- regardless of the forwarding configuration. 
Example, if you go out on port 80, port 80 return traffic will be forwarded because a computer  behind the firewall initiated the exchange.

---

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

doubleslash

Member

Registered: 2011-08-16

Posts: 80

Re: [SOLVED] cannot ssh from outisde LAN

I'm using a non-standard port number (something other than 22) that's above 1024. Are there any restrictions? I thought any random number would do.

ewaller

Administrator

From: Pasadena, CA

Registered: 2009-07-13

Posts: 19,804

Re: [SOLVED] cannot ssh from outisde LAN

I'm using a non-standard port number (something other than 22) that's above 1024.

That is okay, but... there are a couple ways to do this.

You can tell the router to accept input on a non-standard port and then re-route that to port 22 on the LAN.  In this case, traffic on the LAN takes place on 22, but traffic from the Internet will come in on the non-standard port and be re-mapped.

Alternately, you can move the SSH server on the Arch box to the non-standard port.  In this case, traffic on the LAN occurs on the non-standard port.  The router needs to be configured to pass that non-standard port through, without remapping it to a different port.   If you tell the router to re-route SSH traffic, it is likely to assume you mean port 22.  That may be the crux of your problem.  If you are using a non-standard port, ensure you specify the forwarding by port number; not by protocol.

---

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

doubleslash

Member

Registered: 2011-08-16

Posts: 80

Re: [SOLVED] cannot ssh from outisde LAN

I believe I'm doing the 2nd method. In my sshd_config I specify
Port xxxx

I set my router to forward the same port number xxxx to the local ip of my desktop, which is running the ssh server. So, the router config looks like this
External Port xxxx (same as in my sshd_config)
Internal Port xxxx (same number)
Protocol (both TCP and UDP)
To IP address 192.168.1.??? (my desktop's local ip)

Last edited by doubleslash (2011-12-13 04:35:42)

ewaller

Administrator

From: Pasadena, CA

Registered: 2009-07-13

Posts: 19,804

Re: [SOLVED] cannot ssh from outisde LAN

I believe I'm doing the 2nd method. In my sshd_config I specify...

Looks about right.  Check your email.

Last edited by ewaller (2011-12-13 04:53:26)

---

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

ewaller

Administrator

From: Pasadena, CA

Registered: 2009-07-13

Posts: 19,804

Re: [SOLVED] cannot ssh from outisde LAN

Hi doubleslash,

In our last episode, I did manage to hit your machine.  Did you see my attempts in your logs?

---

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

doubleslash

Member

Registered: 2011-08-16

Posts: 80

Re: [SOLVED] cannot ssh from outisde LAN

I saw your connection attempts. Does this mean something is wrong with my ssh client's config file? (ssh_config not sshd_config)?

skunktrader

Member

From: Brisbane, Australia

Registered: 2010-02-14

Posts: 1,543

Re: [SOLVED] cannot ssh from outisde LAN

Perhaps your work and Starbucks are blocking any port except http/https

ewaller

Administrator

From: Pasadena, CA

Registered: 2009-07-13

Posts: 19,804

Re: [SOLVED] cannot ssh from outisde LAN

I saw your connection attempts. Does this mean something is wrong with my ssh client's config file? (ssh_config not sshd_config)?

Unlikely.  In my email, I provided you with the exact command line I used.  My ssh_config file is not only generic, it is entirely comments

I think skunktrader hit the nail on the head.  Try using port 443 and see if you can hit that from work.  443 is normally used for HTTPS.  Since that port is required for anyone pretending to provide Internet access when they are really only providing "Web Access".  This practically guarantees it will not be blocked.  The other nice thing about using that port is that it is expected that traffic will be encrypted, so no one notices the ssh encrypted traffic.  The extra bonus is that the script kiddies don't look for SSH servers on 443 because, if they find 443 open, they assume it is open for HTTPS.

---

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

doubleslash

Member

Registered: 2011-08-16

Posts: 80

Re: [SOLVED] cannot ssh from outisde LAN

many thanks!