why can i not ssh using my domain name but works with ip address?

networking server ssh dns dynamic-ip

5,149

try dig +short "your_domain" @8.8.8.8 to perform a DNS lookup on the google public RNS. if your authentic IP-address is returned, you'll know the problem is not with domain name resolution.

5,149

user74091

merge keep

Updated on September 18, 2022

Comments

user74091 over 1 year

so i have a computer i am trying to set up as a server at home. i have ssh server installed on it, and ssh client running on my laptop. ssh works fine, i am using public keys for security and have passwords disabled.

i do not have a static ip address, so i have gotten a domain name, will refer to it as domain.online in following, i got this through namecheap. i am running ubuntu server on the home server, and ubuntu on my laptop. i have configured ddclient according to the documentation on namecheap and the official ubuntu documentation on DynamicDNS.

i spoke with representatives from namecheap whom confirmed i have the nameservers set up correctly. but when i attempt to ssh into the server by;

ssh [email protected]

i am given a;

connect to host domain.online port 22: connection refused

i have enabled port forwarding on my router. i am currently ssh'd into the server remotely at this moment, so port forwarding is working. (i called my wife and had her look up the ip address at whatsmyip).

also UFW is disabled.

the following is my ddclient.conf file;

es# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf



#pid=/var/run/ddclient.pid
#use=if, if=enp2s0f0
use=web, web=dynamicdns.park-your-domain.com/getip
protocol=namecheap
#ssl=yes
server=dynamicdns.park-your-domain.com
login=domain.online
password=################
www

and the following is from my sshd_config file;

#   $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

PubkeyAuthentication yes
RSAAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
AuthorizedKeysFile  .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem   sftp    /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#   X11Forwarding no
#   AllowTcpForwarding no
#   PermitTTY no
#   ForceCommand cvs server

i dont know if that file is neccesary, but i figured someone would ask for it

so, again, my question is why when i type

ssh [email protected]

i get the connection refused error, but when i

ssh [email protected]

i connect succesfully to my server.

additionally, the results of sudo service ddclient status is:

    ddclient.service - LSB: Update dynamic domain name service entries
   Loaded: loaded (/etc/init.d/ddclient; generated; vendor preset: enabled)
   Active: active (running) since Tue 2017-06-27 14:21:21 EDT; 23h ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 1 (limit: 4915)
   Memory: 8.7M
      CPU: 5.581s
   CGroup: /system.slice/ddclient.service
           └─7217 ddclient - sleeping for 10 seconds

Jun 27 14:21:20 computer-name systemd[1]: Starting LSB: Update dynamic domai
Jun 27 14:21:21 computer-name systemd[1]: Started LSB: Update dynamic domain
lines 1-12/12 (END)

user74091 almost 7 years

not the same ip address i used to ssh into my machine remotely
user74091 almost 7 years

so ddclient is not sufficient for these purposes?
user74091 almost 7 years

Those are both of the links I included in my question
Terrance almost 7 years

Ah, yes, sorry. What type of router do you have?
Terrance almost 7 years

And by the way, according to the documentation, this line server=dynamicdns.park-your-domain.com/getip is wrong. It should only be server=dynamicdns.park-your-domain.com
user74091 almost 7 years

Arris dg1630 I believe although I'm not looking at it right now
Terrance almost 7 years

That's OK, I was just thinking that some routers it might be easier to configure that through as they might already have preconfigured information for the service itself.
user74091 almost 7 years

Let us continue this discussion in chat.
Terrance almost 7 years

I can't chat at the moment, but check that server= line in your ddclient.conf file.
user74091 almost 7 years

i see the line, have edited the file now

user74091 almost 7 years

that returns the ip address of namecheap
endrias almost 7 years

That won't do. The DNS lookup you are conducting must return the IP address of the server at your home. i.e. the IP address of the server you are trying to ssh to.
endrias almost 7 years

Use a DDNS service like noip and run the DUC (Dynamic Update Client) in wine on your server. Then whenever your ISP changes the IP of your ADSL line, the DUC will tell the noip servers the new IP and you can use the DDNS domain name as if it were a normal domain name with a static IP. Use the DDNS domain name you will be given by noip instead of namecheap.
endrias almost 7 years

If you find the *.ddns.net domain names a bit less sexy, you can always get a free *.tk or choose from a myriad of free TLDs from FREENOM and while registering your Domain name in the FREENOM dashboard, choose forward to a certain address i.e. the *.ddns.net address you got from noip instead of opting for inserting a static IP - which you don't have.