You are not logged in.
I'm trying to set up SSH so that I can connect to my PC from college. Problem is, whenever I try to connect to it from somewhere else, it just times out. From inside the LAN it works fine. This is what netstat -na outputs when the daemon is running:
[caio@pts4 ~][0]$ netstat -na | grep 5900
tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      
tcp        0      0 192.168.1.100:57790     <my IP address>:5900    TIME_WAIT(I've changed the ssh port to 5900.)
I looked around all day and couldn't solve it. Any ideas?
Last edited by Caio (2010-03-15 21:01:30)
Offline
If dorm traffic is being sent through a NATing router (likely), it won't work because the router won't know who to send incoming traffic to.
Offline
Sorry, I didn't explain it right - what I want is to connect to my home computer when I'm in college. I'm at home right now. I am using a router, but I've forwarded this port, and it seems to be working fine (canyouseeme.org says it's ok).
For the record, the router is a Linksys WRT54G v8 and the modem is a Gigaset 201A.
Last edited by Caio (2010-03-08 23:30:54)
Offline

Make sure you have the keep alive setting on. Does it drop you when you're idle? Or does it do it in the middle of traffic?
[git] | [AURpkgs] | [arch-games]
Offline
It doesn't even connect. I run ssh user@IP -p 5900 and it just hangs for a while then says it timed out.
Offline

Try running with -vvv to see what's going on
[git] | [AURpkgs] | [arch-games]
Offline

Are you running iptables? What is the config if so?
What is your /etc/hosts.allow?
Does your college even allow port 5900 outbound?
Can you connect from other external places (not your college)?
Last edited by fukawi2 (2010-03-09 03:01:47)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
$ ssh guest@<my IP> -p 5900 -vvv
OpenSSH_4.3p2 Debian-9etch3, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to <my IP> [<my IP>] port 5900.
debug1: connect to address <my IP> port 5900: Connection timed out
ssh: connect to host <my IP> port 5900: Connection timed outNot running iptables. I tried using other ports and had a friend try to connect, but he couldn't either (same problem).
hosts.allow is just
#
# /etc/hosts.allow
#
sshd: ALL
# End of fileOffline

Offline
It works fine:
[caio@pts0 ~][0]$ ssh -vvv guest@127.0.0.1 -p 5900
OpenSSH_5.3p1, OpenSSL 0.9.8m 25 Feb 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug3: cipher ok: arcfour [arcfour,blowfish-cbc]
debug3: cipher ok: blowfish-cbc [arcfour,blowfish-cbc]
debug3: ciphers ok: [arcfour,blowfish-cbc]
debug2: ssh_connect: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 5900.
debug1: Connection established.
debug1: identity file /home/caio/.ssh/id_rsa type -1
debug1: identity file /home/caio/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 520 bytes for a total of 541
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: arcfour,blowfish-cbc
debug2: kex_parse_kexinit: arcfour,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: zlib@openssh.com,zlib,none
debug2: kex_parse_kexinit: zlib@openssh.com,zlib,none
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client arcfour hmac-md5 zlib@openssh.com
debug2: mac_setup: found hmac-md5
debug1: kex: client->server arcfour hmac-md5 zlib@openssh.com
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 565
debug2: dh_gen_key: priv key bits set: 121/256
debug2: bits set: 489/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 709
debug3: put_host_port: [127.0.0.1]:5900
debug3: put_host_port: [127.0.0.1]:5900
debug3: check_host_in_hostfile: filename /home/caio/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug1: checking without port identifier
debug3: check_host_in_hostfile: filename /home/caio/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/caio/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host [127.0.0.1]:5900
debug3: check_host_in_hostfile: filename /home/caio/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/caio/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host [127.0.0.1]:5900
The authenticity of host '[127.0.0.1]:5900 ([127.0.0.1]:5900)' can't be established.
RSA key fingerprint is c7:2a:48:3b:56:28:94:72:76:0a:29:db:4a:62:9f:90.
Are you sure you want to continue connecting (yes/no)Offline

Install tcpdump and run this while your friend tries to connect:
tcpdump -lnn -i eth0 port 5900(Assuming your network card is eth0)
This will show if the packets are reaching your computer (therefore the problem is your computer) or if they're not (problem is modem/isp etc)
Last edited by fukawi2 (2010-03-09 10:13:09)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
i'm having the same problem.. i've forwarded port 22 and i can connect from the local network, but everything coming from outside is timing out
edit: solved, was trying to connect from the same network with the external ip which apparently doesn't work that way
Last edited by zeitgeist.at (2010-03-09 21:17:50)
Offline
Tried using crankyadmin's modified line and tcpdump. tcpdump didn't output anything while my friend tried to connect, so I guess that means the problem is my modem or ISP? I'm guessing the modem (or router?), since I've heard of people with the same ISP who can use ssh just fine.
Offline
This definitely sounds like it might be an issue with your ISP blocking incoming traffic to that port since its commonly used for VNC.. I would try changing the SSH port/Forwarding to 22 first and see if your friend connect. If it still doesn't work.. try a high non well-known port like 12000 and see what happens. Also double check your IP address and the port forwarding one more time to ensure you got the right IP if its set through DHCP...
Offline
Just tried both 22 and 12000, still no good. Port forwarding looks fine to me.
(damn!)
Offline
This definitely sounds like it might be an issue with your ISP blocking incoming traffic
Oops... Didn't see the fact you checked canyouseeme.org..
Have you checked the configuration on the Gigaset modem?? I noticed it seems to have a built in/integrated SPI-based firewall..
Offline
Just checked. The firewall is off. Is there something else in the modem that could be causing this?
Offline

Just checked. The firewall is off. Is there something else in the modem that could be causing this?
I think you should have the server *on* since it is probably what is going the NAT from the outside to the inside....
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
In your college, all desktops have direct connection to internet, or do they use a proxy?
Offline
I had this same issue the other day. On a fresh install Archlinux has SSH noted in the hosts.deny file. Just remove the line in there to enable ssh from all.
Offline
It works! I think it was fukawi2's tip. Thank you all so much, you've been very helpful.
Offline