[SOLVED] SSH configuration

MaximeG · l33t Joined: 15 Apr 2008 Posts: 722 Location: Belgium

Hello everybody,

I've launched a SSH daemon on my gentoo box to be able to access it remotely.

Well, it works fine when I try to connect from another machine that sits in my subnet/local network. But when I'm outside of it (ie. anywhere else on the internet) I got the message : "ssh : connection to username@hostname port : 22 refused".

Of course, the hostname is the ip address (and not its local one

) of my routeur/gateway with a NAT service up and running.

Then I've tried to configure my routeur/gateway with adding a port translation rule but it didn't help.

So, either I can't configure my routeur properly (I'm not a networking expert I'm afraid) or my internet provider simply doesn't allow connection to port 22 at all.

The rule I've created is a translation port : "port in : 22 ; port out : 22 ; translation port : 22". Is it the correct way to proceed ?

Thanks for your help !
Maxime
_________________
Future is wide open.

dentharg · Posted: Tue May 06, 2008 11:20 am Post subject:

The line ""port in : 22 ; port out : 22 ; translation port : 22"

says: "take what comes in on the router on port 22 and push it to port 22 on the router via port 22"?

I can't see where you redirect the transmission to another (namely local) IP.
And it is also better to select non-standard port for ssh translation at the router.
_________________
Core2Duo e6300 | Asus P5B-V | 3 GB RAM | kernel 2.6.24 | KDE 3.5.9 + 4.0.0

MaximeG · l33t Joined: 15 Apr 2008 Posts: 722 Location: Belgium

Hi,

The rule is related to my static ip 192.168.1.123 address. Therefore the line means (well, I think so :p ) :
What arrives at port 22 on the gateway goes to port 22 on the machine with the local ip address 192.168.1.123.

Well, I think it is the way I've done for my web server last time.

Ok for changing from standart port, but how ?

Thanks a lot,
Maxime
_________________
Future is wide open.

dentharg · Posted: Tue May 06, 2008 12:33 pm Post subject:

Then this should work.

I would also wonder why "translation port", when it's just simple "take from here, put there directly".

As for port number change, just setup sshd to listen on different port than 22 and redirect the same port from gateway.

Have you got any logs from gateway for this ssh traffic?
_________________
Core2Duo e6300 | Asus P5B-V | 3 GB RAM | kernel 2.6.24 | KDE 3.5.9 + 4.0.0

MaximeG · l33t Joined: 15 Apr 2008 Posts: 722 Location: Belgium

Hi,

- For the translation port I don't know either what it is used for.

- Mm, brownie point here. I've completely forgotten about my routeur log. I'll check them as soon as possible.

- Yes, I'll try to change ports and see whether it's doing better or not.

Thanks for your answers, I'll keep this thread updated with the results,

Maxime
_________________
Future is wide open.

MaximeG · l33t Joined: 15 Apr 2008 Posts: 722 Location: Belgium

Hi,

Well, nothing in the gateway log

I've changed ports, but it has not helped.

Maxime
_________________
Future is wide open.

dentharg · Posted: Tue May 06, 2008 5:55 pm Post subject:

Changing ports just helps in security a bit, nothing more.

How did you exactly configure your gw?
What model, what software it is?
_________________
Core2Duo e6300 | Asus P5B-V | 3 GB RAM | kernel 2.6.24 | KDE 3.5.9 + 4.0.0

MaximeG · l33t Joined: 15 Apr 2008 Posts: 722 Location: Belgium

My gateway is

Dlink
DSL-G604T

And its default embedded software.

Maxime

PS : Yeah, I know for the port change : I was only wondering whether my internet provider would have blocked port 22 for any reason.
_________________
Future is wide open.

dentharg · Posted: Tue May 06, 2008 6:54 pm Post subject:

Are you directly connected to Internet (ie. DSL) or you connect via something like pppoe to another gw?
Do you connect from outside via provider's IP or do you have your own (even if it's dynamic)?
_________________
Core2Duo e6300 | Asus P5B-V | 3 GB RAM | kernel 2.6.24 | KDE 3.5.9 + 4.0.0

MaximeG · l33t Joined: 15 Apr 2008 Posts: 722 Location: Belgium

Well, my gateway connect to the web through a pppoe connection (aDSL connection though ? ) to another gateway.

I'm trying to connect from outside with the same kind of connection (well, through a gateway but I don't have the details, since it's my job place's network

)

Maxime
_________________
Future is wide open.

NeddySeagoon · Posted: Tue May 06, 2008 8:39 pm Post subject:

MaximeG,

Its quite likely that your employer or ISP or both block port 22.
A good port to use is port 443 as thats normally https:// and firewalls expect to see encrypted traffic there.
This does mean that you cannot run a https:// server at home.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

OmSai · Posted: Wed May 07, 2008 12:48 am Post subject:

MaximeG · l33t Joined: 15 Apr 2008 Posts: 722 Location: Belgium

Well,

Thanks for your answers, but my old routeur seemed to be bad configured somehow (strange because it used to work).

Indeed, I've tried to create a route to my server with a new router device and it has worked without any problem this time.

Regards,
Maxime
_________________
Future is wide open.