SSH: Can connect locally but not "remotely"
Maybe your ssh daemon is set up to listen only on local ip. Check in netstat -tupan
that listen address is 0.0.0.0, or in /etc/ssh/sshd_config
that the ListenAddress lines are commented out.
Related videos on Youtube
Gabzo
Updated on September 18, 2022Comments
-
Gabzo over 1 year
A bit of background: I'm a ubuntu user for almost a year now. I had an old box lying around and decided to put it to some use. The first thing I wanted to do was set up SSH so that I can place it in a seperate location and connect to it via my laptop running ubuntu.
OS of Server: Ubuntu 12.04.3 LTS
OS of laptop: Ubuntu 12.04 LTS (the one trying to connect to the server with)
Router: I'm actually not sure. I have the Bell Canada router.
So I try to login SSH using the internal IP success. Great now I can see if it works with it's public ip. I then try with the public ip and I get:
ssh: connect to host [something].[something] port [something]: Connection refused
(I tried changing the default port using mapping to map a port I chose to port 22 on my local network)
SO I tried reading but apart from making port forwarding I haven't found very helpeful articles.
I have not set up a firewall (Yet)
I also tried doing vvv and all I get is
[user]@[computer]:~$ ssh -vvv -p [customPort] [user]@[host] OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to [host] [ipAdress] port [customPort]. debug1: connect to address [ipAdress] port [customPort]: Connection refused ssh: connect to host [host] port [customPort]: Connection refused
Thanks in adance for any help you can give. Please specify what information you need, if you need any more information
-
Rmano over 10 yearsHow do you obtain the public IP? Do you have a static IP from your ISP or are you using some dynamic name-to-ip services? A lot of ISPs block the access to a lot of ports at your IP... superuser.com/questions/603831/…
-
Gabzo over 10 yearsI have a dynamic ip but it is obtained through visiting a website which will tell me my ip and also I have the DUC from no-ip. They can't really hide your IP because other servers need it to do tasks such as showing you a webpage. You can always use whatismyip.com to find your ip adress :D tried port forwarding and have done that on my router, I am trying to avoid dmz for now but if it's neccessary than I will look into how to set that up.
-
Rmano over 10 yearsYes. The only real solution that I found it works every time is setting up the reverse SSH thing. There is a iPad app (Jump Desktop I think) that do something similar using google servers... would love to find how to do that from Linux.
-
olipinski over 10 yearsSo have you port-forwarded it? If yes have you tried checking whether the port is open? For example this website : canyouseeme.org .
-
Gabzo over 10 yearsYes, I have checked. When I had it on 22 it could have seen me. I changed it to a different port (just in case) now. And when I enter the custom port it still sees me.
-
olipinski over 10 yearsDoes the log on the server side show anything?
-
olipinski over 10 yearsWhat is your Loglevel in openssh config? Only this shows failed attempts : help.ubuntu.com/community/SSH/OpenSSH/…
-
Gabzo over 10 yearsThanks I switched to verbose. Not sure if this is at the right time but it does say: Dec 18 12:16:30 bluehorse sshd[3205]: Set /proc/self/oom_score_adj to 0
-
olipinski over 10 yearsAre you using passwordless ssh?
-
John over 10 yearsMake sure that your router isn't blocking your port 22.
-
Gabzo over 10 yearsI login as one of the users on the server which is secured with a password.
-
Gabzo over 10 yearsI checked with the website canyouseeme and it isn't. I also manually checked via the connection hub
-
olipinski over 10 yearsTry some things and retest. 1) move your .ssh/ folder somewhere else and retest 2) Check your sshd_config file for "AllowedUsers <user>" and remove it or rename it. After each change of above , restart the daemon to test if you can connect. The debug informations will help . ALL the info. source : answers.launchpad.net/ubuntu/+question/225199
-
Gabzo over 10 yearshaven't found allowed users at all did you want me to remove my ssh folder or my .ssh...because I can't find a .ssh
-
olipinski over 10 years.ssh in your home dir. There should be one.
-
Gabzo over 10 yearsnope there isn't one in my home dir
-
olipinski over 10 yearsAnd could you provide your config on pastebin? With whatever you need removed of course.
-
Gabzo over 10 yearsmy sshd_config pastebin.com/vT5wU10q
-
olipinski over 10 yearsWell u need at least one listen address . If you would like maximum security i would recommend binding it to a vpn but if you're going to make it accessible without vpn then you need to bind it to your local network address. Without any address the server simply won't start. e.g ListenAddress 192.168.1.1
-
olipinski over 10 yearsOf course. You can prety much uncomment the 0.0.0.0 line.
-
Gabzo over 10 yearsDid that. I stopped and started the service tried logging in from public IP and it still doesn't want to let me login.
-
olipinski over 10 yearsHmm. Then it's something else.May your router have a firewall? Or your computer from which you're trying to connect to?
-
Gabzo over 10 yearsI tried some of the fixes because of firewalls but my firewall is forwarded... and the port looks opened from the website just it doesn't seem to want to log me in. Thanks for trying at least.
-
olipinski over 10 yearsWell I'm thinking what could that be but i have no more ideas for now. You could watch the packets with wireshark to get to the root of the problem.
-
Gabzo over 10 yearsI'll try that. If you think about something just let me know.
-
-
Gabzo over 10 yearstcp 0 0 0.0.0.0:22 (local) 0.0.0.0:* (foreign) LISTEN both listenAdress lines have a # in front of it which means htey are commented out.
-
mickmackusa about 2 yearsWelcome to AskUbuntu and thank you for contributing. Please take the tour. It is vital to the curation of good lean content in this community, that you always only post an answer to resolve the asked question. Just because you have had a problem similar to a question with a vague title, doesn't necessarily mean that your solution is the correct one for this specific question. If your configuration was different from the described configuration or you don't know if don't know if you have the exact same problem, you might search for a better one or ask your own and answer it yourself.
-
Troom about 2 years@mickmackusa Did you write this consciously? Assuming that other people like me will reach this topic through the google browser having the same problem. So there is a probability that my solution will be successful. Sometimes the fault is not the configuration but the external service. And a person who is unsure of the configuration can take advantage of this advice. As for the advice, I feel completely baffled, and next time I will think twice before posting on this site, even though my advice HELPS to solve the problem of connecting via SSH. Thanks for your effort :).
-
mickmackusa about 2 yearsI was definitely conscious when I wrote my comment. I will openly admit that I am not a Subject Matter Expert (SME) in this community. My point is that this page is not a "canonical question" with a generalized issue that is inviting answers from a broad spectrum of root causes. I have seen, too often on Stack Overflow, when a page starts with a narrow scope then over time, that scope gets fragmented and expanded by answers that deviate from the specifically asked question. I don't know if this is the case. My intent was to color your thinking for the future.