Results 1 to 8 of 8
Hi,
I would like to use ssh / scp between one computer at home and another at work. I can do it from home to work, but not the opposite. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 10-15-2010 #1Just Joined!
- Join Date
- Nov 2008
- Posts
- 47
ssh port 22
Hi,
I would like to use ssh / scp between one computer at home and another at work. I can do it from home to work, but not the opposite. I think my home IP address starts with 82., is that ok? The one at work starts with 130.
Here some terminal commands i launched (I cannot fully understand them). I also used a site of the internet provider, first to add rules (eg allow this and that IP address), then to disabled the firewall. The /etc/ssh/sshd_config of the two computers are the same.
Thanks
says:Code:sudo apt-get install ssh openssh-server sudo /etc/init.d/ssh start sudo iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 22 -j ACCEPT netstat -an | grep "LISTEN " tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:631 :::* LISTEN sudo iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:5900 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination nmap -PN 82.170.etc Starting Nmap 5.00 ( http://nmap.org ) at 2010-10-15 14:06 CEST Interesting ports on 82-170-33-37.ip.telfort.nl (82.170etc): Not shown: 997 closed ports PORT STATE SERVICE 80/tcp open http 443/tcp open https 8080/tcp open http-proxy Nmap done: 1 IP address (1 host up) scanned in 2.35 seconds
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
- 10-15-2010 #2Just Joined!
- Join Date
- Oct 2010
- Posts
- 7
You do not need to open any ports because there is no firewallsudo iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 22 -j ACCEPT
netstat -an | grep "LISTEN "
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
sudo iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:5900
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Iptables configuration looks the same on both hosts?
Are you sure that there is no firewall and/or NAT between your machines?
Check IP address on both machines.
Visit whatismyip dot com. If both addresses matches it means that there is no NAT. If not you have to create ssh tunnels or some VPN. I assume that your network administrator will not forward any port for you.Code:# ip add
The next thing is firewall between your hosts. Even if your computers are not behind the NAT the firewall could block your ssh traffic. To avoid this try ssh tunnels or some VPN (just like in case of NAT).
- 10-15-2010 #3Just Joined!
- Join Date
- Nov 2008
- Posts
- 47
Hi, thanks for your answer! I do not know what to look for, please be patient with me.
IF my IP address is listed under eth0 > inet, the answer is no. At home my IP is 82.170.etc . So, if I get it right, there is a NAT. I do not know what ssh tunnel and the VPN are, but I just tried from my work
At home: (I hide the IP with an "etc")Code:ssh -X home@82.170.etc[/email] ssh: connect to host 82.170.etc port 22: Connection refused ssh -X home@192.168.1.34 ssh: connect to host 192.16etc port 22: Network is unreachable
At work: (I hide the IP with an "etc")Code:ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:14:22:60:b7:4d brd ff:ff:ff:ff:ff:ff inet 192.16etc/24 brd 192.168.1.255 scope global eth0 inet6 fe80::214:22ff:fe60:b74d/64 scope link valid_lft forever preferred_lft forever
Code:ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0f:fe:68:05:a5 brd ff:ff:ff:ff:ff:ff inet 130.3etc/23 brd 130.37.17.255 scope global eth0 inet6 2001:610:110:4e0:20f:feff:fe68:5a5/64 scope global dynamic valid_lft 2591807sec preferred_lft 604607sec inet6 fe80::20f:feff:fe68:5a5/64 scope link valid_lft forever preferred_lft forever
The IP tables at work look all right to me:Code:sudo iptables --list [sudo] password for aless: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
- 10-15-2010 #4Linux Guru
- Join Date
- Feb 2009
- Location
- Boston, MA
- Posts
- 4,651
Are you using a router at home? You'd need to go in the router and forward the port (in this case 22) to the correct computer. (FYI, I would recommend not using the default port, which is just an invite for brute force attacks.)
Also, I use dyndns to assign my external ip a domain name. Unless you signed up for a static ip with your home internet provider, you're address is likely to change.
You'll also want to set your ssh server to have a static ip address, so the router is forwarding to the correct place.
Remote access using openssh and DynDNS Omnia sunt communia
DynDNS.com - Support -- Knowledge Base -- Spring Server SSH Guide
- 10-15-2010 #5Just Joined!
- Join Date
- Oct 2010
- Posts
- 7
Yes you have NAT at home. Your computer's private IP address (192.168.1.34) is switched to 82.170.etc by the router. Do you have a router at home? If yes just log in and configure port forwarding (google it). Execute
Originally Posted by 80aless 
to reveal your router address. In my case it is 10.88.88.1. It would always be IP after word 'default'. Now in your browser point to your_router_ip. The rest you have to google. Search port forwarding for specific router model.Code:# ip route 10.88.88.0/24 dev eth0 proto kernel scope link src 10.88.88.2 default via 10.88.88.1 dev eth0
It means that your router denies access to port 22 (it does not know that it should forward the connection to 192.168.1.34).Code:ssh -X home@82.170.etc ssh: connect to host 82.170.etc port 22: Connection refused
192.168.0.0/16 is private IP pool which cannot be used in public Internet. This is one of the reason why NAT exists.Code:ssh -X home@192.168.1.34 ssh: connect to host 192.16etc port 22: Network is unreachable
- 10-18-2010 #6Just Joined!
- Join Date
- Nov 2008
- Posts
- 47
Thanks for your replies.
I managed to get a static IP, it was easy! For the records, I write
what I did:
System>Preferences>Network Connections>Ipv4Settings>Method:Manual,
Addresses can be found in connection Icon > Connection Information, or in shell with "route". I used an Ip with last digits outside the pool size. Gataway is "Default Route". Do a "sudo /etc/init.d/networking restart"
Now I am trying do port forwarding ssh following this link,
PortForward.com - Port Forwarding SSH on the ZyXEL P-2602HW-D1A
I put "Service Name: User Define", then my static IP, port 22. See screenshot.
But when I try from work I get:What Is My IP Address - Shows Your IP Address still sees my Ip as 82.170.etc , is that bad?Code:ssh -X home@192.168.1.XX ssh: connect to host 192.168.1.XX port 22: Network is unreachable
Maybe i have to configure the firewall as well? see screenshot 2 for my firewall
ThanksLast edited by 80aless; 10-18-2010 at 08:40 PM.
- 10-18-2010 #7Just Joined!
- Join Date
- Oct 2010
- Posts
- 7
I assume that your machine uses this static IP. You can check it with command 'ip add'. Originally Posted by 80aless
Unfortunately screenshots are a little bit small. However, port forwarding seems to be configured.Now I am trying do port forwarding ssh following this link,
I put "Service Name: User Define", then my static IP, port 22. See screenshot.
I've already told you. IP address 192.168.1.XX is private IP. It is not accessible through the Internet. At work you have to use your public IP (82.170.etc).But when I try from work I get:Code:ssh -X home@192.168.1.XX ssh: connect to host 192.168.1.XX port 22: Network is unreachable
There should always be that address.What Is My IP Address - Shows Your IP Address still sees my Ip as 82.170.etc , is that bad?
First from work try ssh home@82.170.etc (at first without '-X'). Please upload bigger screenshots.Maybe i have to configure the firewall as well? see screenshot 2 for my firewall
Thanks
- 10-19-2010 #8Just Joined!
- Join Date
- Nov 2008
- Posts
- 47
Oh I am sorry for putting the wrong address. Yes, in ip add i see my static address.
I also do: sudo /etc/init.d/ssh start
The screenshots become small when I upload them to this site. Anyway, I have a P-2602HW-D1A Zyxel thing. The firewall is active, Bypass Triangle Route unchecked. then I see this table:Code:ssh home@82.170.33.XX ssh: connect to host 82.170.33.XX port 22: Connection timed out
I have added a bunch of rules in Security>Firewall>Rules:Code:Security>Firewall>General: Packet Direction Default Action Log WAN to LAN Permit checked LAN to WAN Permit checked WAN to WAN / Router Drop checked LAN to LAN / Router Permit unchecked
Hope it helpsCode:Packet Direction LAN to LAN/Router Create a new rule after rule number : 1 Move the rule to # Active Source IP DestinationIP Service Action Schedule Log 1 yes 130.37.XX(IP work) Any SSH(TCP/UDP 22) Permit No No
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
