why can i not ssh using my domain name but works with ip address?
try dig +short "your_domain" @8.8.8.8
to perform a DNS lookup on the google public RNS. if your authentic IP-address is returned, you'll know the problem is not with domain name resolution.
Related videos on Youtube
Comments
-
user74091 over 1 year
so i have a computer i am trying to set up as a server at home. i have ssh server installed on it, and ssh client running on my laptop. ssh works fine, i am using public keys for security and have passwords disabled.
i do not have a static ip address, so i have gotten a domain name, will refer to it as domain.online in following, i got this through namecheap. i am running ubuntu server on the home server, and ubuntu on my laptop. i have configured ddclient according to the documentation on namecheap and the official ubuntu documentation on DynamicDNS.
i spoke with representatives from namecheap whom confirmed i have the nameservers set up correctly. but when i attempt to ssh into the server by;
ssh [email protected]
i am given a;
connect to host domain.online port 22: connection refused
i have enabled port forwarding on my router. i am currently ssh'd into the server remotely at this moment, so port forwarding is working. (i called my wife and had her look up the ip address at whatsmyip).
also UFW is disabled.
the following is my ddclient.conf file;
es# Configuration file for ddclient generated by debconf # # /etc/ddclient.conf #pid=/var/run/ddclient.pid #use=if, if=enp2s0f0 use=web, web=dynamicdns.park-your-domain.com/getip protocol=namecheap #ssl=yes server=dynamicdns.park-your-domain.com login=domain.online password=################ www
and the following is from my sshd_config file;
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 PubkeyAuthentication yes RSAAuthentication yes # Expect .ssh/authorized_keys2 to be disregarded by default in future. AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no #PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes #AllowAgentForwarding yes AllowTcpForwarding yes #GatewayPorts no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # Allow client to pass locale environment variables AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server
i dont know if that file is neccesary, but i figured someone would ask for it
so, again, my question is why when i type
ssh [email protected]
i get the connection refused error, but when i
ssh [email protected]
i connect succesfully to my server.
additionally, the results of
sudo service ddclient status
is:ddclient.service - LSB: Update dynamic domain name service entries Loaded: loaded (/etc/init.d/ddclient; generated; vendor preset: enabled) Active: active (running) since Tue 2017-06-27 14:21:21 EDT; 23h ago Docs: man:systemd-sysv-generator(8) Tasks: 1 (limit: 4915) Memory: 8.7M CPU: 5.581s CGroup: /system.slice/ddclient.service └─7217 ddclient - sleeping for 10 seconds Jun 27 14:21:20 computer-name systemd[1]: Starting LSB: Update dynamic domai Jun 27 14:21:21 computer-name systemd[1]: Started LSB: Update dynamic domain lines 1-12/12 (END)
-
user74091 almost 7 yearsnot the same ip address i used to ssh into my machine remotely
-
user74091 almost 7 yearsso ddclient is not sufficient for these purposes?
-
user74091 almost 7 yearsThose are both of the links I included in my question
-
Terrance almost 7 yearsAh, yes, sorry. What type of router do you have?
-
Terrance almost 7 yearsAnd by the way, according to the documentation, this line
server=dynamicdns.park-your-domain.com/getip
is wrong. It should only beserver=dynamicdns.park-your-domain.com
-
user74091 almost 7 yearsArris dg1630 I believe although I'm not looking at it right now
-
Terrance almost 7 yearsThat's OK, I was just thinking that some routers it might be easier to configure that through as they might already have preconfigured information for the service itself.
-
user74091 almost 7 yearsLet us continue this discussion in chat.
-
Terrance almost 7 yearsI can't chat at the moment, but check that server= line in your ddclient.conf file.
-
user74091 almost 7 yearsi see the line, have edited the file now
-
-
user74091 almost 7 yearsthat returns the ip address of namecheap
-
endrias almost 7 yearsThat won't do. The DNS lookup you are conducting must return the IP address of the server at your home. i.e. the IP address of the server you are trying to ssh to.
-
endrias almost 7 yearsUse a DDNS service like noip and run the DUC (Dynamic Update Client) in wine on your server. Then whenever your ISP changes the IP of your ADSL line, the DUC will tell the noip servers the new IP and you can use the DDNS domain name as if it were a normal domain name with a static IP. Use the DDNS domain name you will be given by noip instead of namecheap.
-
endrias almost 7 yearsIf you find the *.ddns.net domain names a bit less sexy, you can always get a free *.tk or choose from a myriad of free TLDs from FREENOM and while registering your Domain name in the FREENOM dashboard, choose forward to a certain address i.e. the *.ddns.net address you got from noip instead of opting for inserting a static IP - which you don't have.