SSH connection timed out externally, but works internally

networking server ssh firewall openssh
5,859

The problem with this was that the Internet Service provider wasn't allowing me to properly port forward. I changed provider and problem solved.

Share:
5,859

Related videos on Youtube

Eduardo Casillas Allen
Author by

Eduardo Casillas Allen

Artificial Intelligence Developer. Did NLP and Computational Lingüistics research at Grupo Golem IIMAS & and Grupo de Ingeniería Lingüística IINGEN. http://www.linkedin.com/in/jeduardocasillasg

Updated on September 18, 2022

Comments

  • Eduardo Casillas Allen
    Eduardo Casillas Allen over 1 year

    Recently I tried to set my Ubuntu 14.04 desktop computer (I will call it "computer A") as a ssh server so I could access it remotely from my laptop (I will call it "computer B"). I installed openssh-server, and up till this point have not modified the /etc/ssh/sshd_config file.

    The problem is, I believe I set up everything correctly, and although I can access computer A from computer B through ssh using computer A's permanent internal IP address on the router while in the same network (and also through localhost within computer A):

    ssh [email protected]

    I cannot access computer A using the external IP address, as in:

    ssh -vvv username@the-external-ip-adress

    After a long while I get:

    OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to the-external-ip-adress [the-external-ip-adress] port 22.
debug1: connect to address the-external-ip-adress port 22: Connection timed out
ssh: connect to host the-external-ip-adress port 22: Connection timed out

    I tried connecting through the external address both from inside and outside the network. This adress I found it at canyouseeme.org and by googleing it. I also used canyouseeme.org with my IP and port 22 which is the one specified in my sshd_config by default and also finds it unable to access the service due to connection time out.

    I have checked pretty much every forum and post about similar problems, sometimes of seemingly the exact same problem, but found no solution. Based on all what I have read, I provide screenshots with information about my router configuration (port forwarding and so on) that is or may be relevant.

    I also:

    • have enabled port 22 on my firewall ("sudo ufw allow 22")
    • have tried disabling the firewall
    • have tried reenabling the firewall
    • have tried disabling the router's firewall
    • have tried reenabling the router's firewall
    • have tried adding the port to the iptables ("sudo iptables -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT")
    • found the /var/log/auth.log only with local records
    • found the /var/log/daemon.log empty
    • have tried ping with 100% package loss
    • have rebooted computer A
    • have rebooted the router
    • have checked for access restrictions in the /etc/ssh/sshd_config file but did not find any.

    SCREENSHOTS

    Any suggestions? Please keep in mind that I can perfectly ssh into computer A and use it from within the network and using computer A's IP local address, as well as localhost from within computer A. As far as I understand, this suggests that there's nothing wrong with the ssh server configuration of computer A. But I may be wrong.

    UPDATE: I also recently noticed that the IP (external IP) is constantly changing (after very long periods of time), of course I always try to connect to the current IP. Could having a non-static IP have something to do?

    • dadexix86
      dadexix86 almost 8 years
      How did you find and set up "the-external-ip-adress"?
    • 7_R3X
      7_R3X almost 8 years
      In addition to @dadexix86 's question, can you ping A with A's external IP? Try hosting a http server like apache and check if it's reachable. I'm suggesting http because it never creates problem with firewalls and is easy to setup as well.
    • Eduardo Casillas Allen
      Eduardo Casillas Allen almost 8 years
      @dadexix86 Hello dadex. I Googled it. Also canyouseeme.org provides it by default.
    • Eduardo Casillas Allen
      Eduardo Casillas Allen almost 8 years
      @7_R3X Hello 7_R3X. I did ping it as I wrote in the post; it goes on forever and when I cancel it returns a 100% package loss. Never gets to connect.
    • dadexix86
      dadexix86 almost 8 years
      @EduardoCasillasAllen you googled what exactly? If you put in that website the public address of your router, what you are trying to do is access your router, not your computer behind it. So, i ask again. How did you find and set up your "external-ip-adress"? Remember that you have to forward the traffic on that door to the router to your server behind it. Have a look at help.ubuntu.com/community/ServersBehindNAT
    • dadexix86
      dadexix86 almost 8 years
      @EduardoCasillasAllen why would you do that? And why would Google index your IP address?
    • Eduardo Casillas Allen
      Eduardo Casillas Allen almost 8 years
      @dadexix86 I googled my IP address. Did you check the screenshots?
    • dadexix86
      dadexix86 almost 8 years
      @EduardoCasillasAllen Yes I saw the screenshot, and still I do not understand why you googled your IP address... Did you read the guide linked above?
    • Eduardo Casillas Allen
      Eduardo Casillas Allen almost 8 years
      @dadexix86 a google search will likely give you your public IP address as I understand (google.com/?gws_rd=ssl#q=what+is+my+public+ip+address). I'm afraid I have not been able to see the solution you are suggesting, if any.
    • dadexix86
      dadexix86 almost 8 years
      @EduardoCasillasAllen Oh I see! I thought you googled your IP address, as in google.de/?q=10.185.201.203 I do not see any section on port forwarding in your router configuration pages (the screenshots), are you sure that you can do it?
    • Eduardo Casillas Allen
      Eduardo Casillas Allen almost 8 years
      @dadexix86 my router (arris TG862) hasn't got an explicit "port forwarding" section. Based on manuals I found on the internet for my router, I added a "Virtual Server" for the address 192.168.0.100 which is the one of my computer A (server) and an analog "Port trigger". That you can find it on the screenshot.
  • Pierre.Vriens
    Pierre.Vriens over 5 years
    how to do so ?,
  • mondjunge
    mondjunge over 5 years
    Welcome to askubuntu. Please answer question with full steps and explanation to the solution. If you are uncertain how a good answer is written, resort to askubuntu.com/help/how-to-answer

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

ssh connection refused
Block China with iptables
SSH: Set timeout for broken pipe
SSH connection refused when connecting remotly
Corrupted MAC on input. ssh_dispatch_run_fatal:message authentication code incorrect unable to ssh jupyter notebook on remote server
Accessing LDAP through SSH tunnel
ssh fails because port 22 doesn't work with AT&T Uverse
How can I allow ssh connection from an IP subnet on port 10022 using iptables?
telnet: Unable to connect to remote host: Network is unreachable
ssh: connect to host [ip] port 22: No route to host