Find the answer to your Linux question:
Results 1 to 8 of 8
Hi, I would like to use ssh / scp between one computer at home and another at work. I can do it from home to work, but not the opposite. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2008
    Posts
    50

    ssh port 22


    Hi,
    I would like to use ssh / scp between one computer at home and another at work. I can do it from home to work, but not the opposite. I think my home IP address starts with 82., is that ok? The one at work starts with 130.

    Here some terminal commands i launched (I cannot fully understand them). I also used a site of the internet provider, first to add rules (eg allow this and that IP address), then to disabled the firewall. The /etc/ssh/sshd_config of the two computers are the same.

    Thanks




    Code:
    sudo apt-get install ssh openssh-server
    sudo /etc/init.d/ssh start
    
    sudo iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 22 -j ACCEPT
    
    netstat -an | grep "LISTEN "
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
    tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
    tcp6       0      0 :::22                   :::*                    LISTEN     
    tcp6       0      0 ::1:631                 :::*                    LISTEN
    
    sudo iptables --list
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:5900 
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    nmap -PN 82.170.etc
    Starting Nmap 5.00 ( http://nmap.org ) at 2010-10-15 14:06 CEST
    Interesting ports on 82-170-33-37.ip.telfort.nl (82.170etc):
    Not shown: 997 closed ports
    PORT     STATE SERVICE
    80/tcp   open  http
    443/tcp  open  https
    8080/tcp open  http-proxy
    Nmap done: 1 IP address (1 host up) scanned in 2.35 seconds
    says:
    # What ports, IPs and protocols we listen for
    Port 22
    # Use these options to restrict which interfaces/protocols sshd will bind to
    #ListenAddress ::
    #ListenAddress 0.0.0.0
    Protocol 2
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    #Privilege Separation is turned on for security
    UsePrivilegeSeparation yes

  2. #2
    Just Joined!
    Join Date
    Oct 2010
    Posts
    7
    sudo iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 22 -j ACCEPT

    netstat -an | grep "LISTEN "
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
    tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
    tcp6 0 0 :::22 :::* LISTEN
    tcp6 0 0 ::1:631 :::* LISTEN

    sudo iptables --list
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT tcp -- anywhere anywhere tcp dpt:5900
    ACCEPT tcp -- anywhere anywhere tcp dpt:ssh

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    You do not need to open any ports because there is no firewall Iptables configuration looks the same on both hosts?

    Are you sure that there is no firewall and/or NAT between your machines?
    Check IP address on both machines.
    Code:
    # ip add
    Visit whatismyip dot com. If both addresses matches it means that there is no NAT. If not you have to create ssh tunnels or some VPN. I assume that your network administrator will not forward any port for you.

    The next thing is firewall between your hosts. Even if your computers are not behind the NAT the firewall could block your ssh traffic. To avoid this try ssh tunnels or some VPN (just like in case of NAT).

  3. #3
    Just Joined!
    Join Date
    Nov 2008
    Posts
    50
    Hi, thanks for your answer! I do not know what to look for, please be patient with me.
    IF my IP address is listed under eth0 > inet, the answer is no. At home my IP is 82.170.etc . So, if I get it right, there is a NAT. I do not know what ssh tunnel and the VPN are, but I just tried from my work
    Code:
    ssh -X home@82.170.etc[/email]
    ssh: connect to host 82.170.etc port 22: Connection refused
    ssh -X home@192.168.1.34
    ssh: connect to host 192.16etc port 22: Network is unreachable
    At home: (I hide the IP with an "etc")
    Code:
    ip add
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
        link/ether 00:14:22:60:b7:4d brd ff:ff:ff:ff:ff:ff
        inet 192.16etc/24 brd 192.168.1.255 scope global eth0
        inet6 fe80::214:22ff:fe60:b74d/64 scope link 
           valid_lft forever preferred_lft forever
    At work: (I hide the IP with an "etc")
    Code:
    ip add
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 00:0f:fe:68:05:a5 brd ff:ff:ff:ff:ff:ff
        inet 130.3etc/23 brd 130.37.17.255 scope global eth0
        inet6 2001:610:110:4e0:20f:feff:fe68:5a5/64 scope global dynamic 
           valid_lft 2591807sec preferred_lft 604607sec
        inet6 fe80::20f:feff:fe68:5a5/64 scope link 
           valid_lft forever preferred_lft forever

    The IP tables at work look all right to me:
    Code:
    sudo iptables --list
    [sudo] password for aless: 
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru reed9's Avatar
    Join Date
    Feb 2009
    Location
    Boston, MA
    Posts
    4,651
    Are you using a router at home? You'd need to go in the router and forward the port (in this case 22) to the correct computer. (FYI, I would recommend not using the default port, which is just an invite for brute force attacks.)

    Also, I use dyndns to assign my external ip a domain name. Unless you signed up for a static ip with your home internet provider, you're address is likely to change.

    You'll also want to set your ssh server to have a static ip address, so the router is forwarding to the correct place.

    Remote access using openssh and DynDNS Omnia sunt communia
    DynDNS.com - Support -- Knowledge Base -- Spring Server SSH Guide

  6. #5
    Just Joined!
    Join Date
    Oct 2010
    Posts
    7
    Quote Originally Posted by 80aless View Post
    Hi, thanks for your answer! I do not know what to look for, please be patient with me.
    IF my IP address is listed under eth0 > inet, the answer is no. At home my IP is 82.170.etc . So, if I get it right, there is a NAT.
    Yes you have NAT at home. Your computer's private IP address (192.168.1.34) is switched to 82.170.etc by the router. Do you have a router at home? If yes just log in and configure port forwarding (google it). Execute
    Code:
    # ip route
    10.88.88.0/24 dev eth0  proto kernel  scope link  src 10.88.88.2 
    default via 10.88.88.1 dev eth0
    to reveal your router address. In my case it is 10.88.88.1. It would always be IP after word 'default'. Now in your browser point to your_router_ip. The rest you have to google. Search port forwarding for specific router model.

    Code:
    ssh -X home@82.170.etc
    ssh: connect to host 82.170.etc port 22: Connection refused
    It means that your router denies access to port 22 (it does not know that it should forward the connection to 192.168.1.34).
    Code:
    ssh -X home@192.168.1.34
    ssh: connect to host 192.16etc port 22: Network is unreachable
    192.168.0.0/16 is private IP pool which cannot be used in public Internet. This is one of the reason why NAT exists.

  7. #6
    Just Joined!
    Join Date
    Nov 2008
    Posts
    50
    Thanks for your replies.
    I managed to get a static IP, it was easy! For the records, I write
    what I did:
    System>Preferences>Network Connections>Ipv4Settings>Method:Manual,
    Addresses can be found in connection Icon > Connection Information, or in shell with "route". I used an Ip with last digits outside the pool size. Gataway is "Default Route". Do a "sudo /etc/init.d/networking restart"

    Now I am trying do port forwarding ssh following this link,
    PortForward.com - Port Forwarding SSH on the ZyXEL P-2602HW-D1A
    I put "Service Name: User Define", then my static IP, port 22. See screenshot.
    But when I try from work I get:
    Code:
    ssh -X home@192.168.1.XX
    ssh: connect to host 192.168.1.XX port 22: Network is unreachable
    What Is My IP Address - Shows Your IP Address still sees my Ip as 82.170.etc , is that bad?

    Maybe i have to configure the firewall as well? see screenshot 2 for my firewall
    Thanks
    Last edited by 80aless; 10-18-2010 at 09:40 PM.

  8. #7
    Just Joined!
    Join Date
    Oct 2010
    Posts
    7
    Quote Originally Posted by 80aless View Post
    Thanks for your replies.
    I managed to get a static IP, it was easy! For the records, I write
    what I did:
    System>Preferences>Network Connections>Ipv4Settings>Method:Manual,
    Addresses can be found in connection Icon > Connection Information, or in shell with "route". I used an Ip with last digits outside the pool size. Gataway is "Default Route". Do a "sudo /etc/init.d/networking restart"
    I assume that your machine uses this static IP. You can check it with command 'ip add'.

    Now I am trying do port forwarding ssh following this link,
    I put "Service Name: User Define", then my static IP, port 22. See screenshot.
    Unfortunately screenshots are a little bit small. However, port forwarding seems to be configured.
    But when I try from work I get:
    Code:
    ssh -X home@192.168.1.XX
    ssh: connect to host 192.168.1.XX port 22: Network is unreachable
    I've already told you. IP address 192.168.1.XX is private IP. It is not accessible through the Internet. At work you have to use your public IP (82.170.etc).
    What Is My IP Address - Shows Your IP Address still sees my Ip as 82.170.etc , is that bad?
    There should always be that address.

    Maybe i have to configure the firewall as well? see screenshot 2 for my firewall
    Thanks
    First from work try ssh home@82.170.etc (at first without '-X'). Please upload bigger screenshots.

  9. #8
    Just Joined!
    Join Date
    Nov 2008
    Posts
    50

    Thumbs up

    Oh I am sorry for putting the wrong address. Yes, in ip add i see my static address.
    I also do: sudo /etc/init.d/ssh start

    Code:
    ssh home@82.170.33.XX
    ssh: connect to host 82.170.33.XX port 22: Connection timed out
    The screenshots become small when I upload them to this site. Anyway, I have a P-2602HW-D1A Zyxel thing. The firewall is active, Bypass Triangle Route unchecked. then I see this table:
    Code:
    Security>Firewall>General:
    Packet Direction 	Default Action 	Log
    WAN to LAN		Permit              checked
    LAN to WAN		Permit              checked
    WAN to WAN / Router Drop	        checked
    LAN to LAN / Router 	Permit	        unchecked
    I have added a bunch of rules in Security>Firewall>Rules:
    Code:
    Packet Direction 		 LAN to LAN/Router
    Create a new rule after rule number :	 1     
    	Move the rule to
    # 	Active Source IP	DestinationIP	Service                Action Schedule Log  
    1	yes     130.37.XX(IP work)	   Any       SSH(TCP/UDP 22)  Permit	No	No
    Hope it helps

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •