You are not logged in.
Hi everyone. I'm back on Arch after a few year hiatus.
I'm trying to SSH into my ARM based Arch linux install.
SSHing from the local network works fine. No problems.
When I try to SSH from outside the network, it doesn't connect and times out.
I've created port.conf under /etc/systemd/system/sshd.socket.d/ which reads
[Socket]
# Disable default port
ListenStream=
# Set new port
ListenStream=2222I have systemd.socket service running as confirmed by systemctl
I have port forwarded port 2222 TCP\UDP on my modem to the computer's IP on the network.
Running
sudo tcpdump -lnn -i eth0 port 2222reads a lot of information. Specifically, I've tracked down the IP address that I'm trying to connect from and it reads:
21:53:37.234872 IP 172.56.16.239.25065 > 192.168.1.195.2222: Flags [S], seq 1661893998, win 65535, options [mss 1400,nop,wscale 4,nop,nop,TS val 25806051 ecr 0,sackOK,eol], length 0Would anybody have an idea what the problem could be here?
Offline
21:53:37.234872 IP 172.56.16.239.25065 > 192.168.1.195.2222: Flags [S], seq 1661893998, win 65535, options [mss 1400,nop,wscale 4,nop,nop,TS val 25806051 ecr 0,sackOK,eol], length 0Would anybody have an idea what the problem could be here?
ok, that is the SYN-Package; what was the answer ?
Offline
It's giving:
23:22:41.322847 IP 192.168.1.195.2876 > 172.56.16.239.30117: Flags [S.], seq 2567835032, ack 1441387547, win 28960, options [mss 1460,sackOK,TS val 10693 ecr 27470940,nop,wscale 7], length 0The curious thing is that it responds from a different IP; 192.168.1.195. Is that normal? The server is actually on 192.168.1.193. That's the address I'm using to ssh;
ssh -p **** *@192.168.1.193To avoid confusion, I just changed the ssh port to 2876 which is why it's responding with that port instead of the original 2222 that I put in when I started this thread.
Last edited by leberyo (2014-08-18 23:30:02)
Offline
It's giving:
23:22:41.322847 IP 192.168.1.195.2876 > 172.56.16.239.30117: Flags [S.], seq 2567835032, ack 1441387547, win 28960, options [mss 1460,sackOK,TS val 10693 ecr 27470940,nop,wscale 7], length 0
ok, that is the SYN-ACK, next must be the ACK from source 172.56.16.239
if your your outside IP-address has always 172.56.16.239, you can use
tcpdump -i eth0 host 172.56.16.239to have the full traffic for this IP-address
The curious thing is that it responds from a different IP; 192.168.1.195. Is that normal? The server is actually on 192.168.1.193. That's the address I'm using to ssh;
ssh -p **** *@192.168.1.193To avoid confusion, I just changed the ssh port to 2876 which is why it's responding with that port instead of the original 2222 that I put in when I started this thread.
No that is NOT normal, there must be an address translation somewhere; maybe the routing device between your client (172.56.16.239) and your server; this could be the problem; that the address translation is not statefull; intended to mean your client gets answers (SYN-ACK) with server ip 192.168.1.195 as source, which it just drops. Then you would see in the server-tcpdump, only repeated SYN->SYN-ACKs
Could you also tcpdump on your client side ?
EDIT: Is there a reason for using sshd.socket and not sshd.service ? I've no experiences with this socket ... - maybe I'm wrong with my suggestions
Last edited by midixinga (2014-08-19 11:08:04)
Offline