sshd connection issues

[eidanch]

Hello,

I am having troubles using the sshd server on my machine (behind a router). I run the server and I can connect with "localhost" or my internal ip address, but if i try to connect from my external ip address it simply doesn't work. I tried opening ports, triggering ports, switching ports, disabling firewall, sshing from another computer, going to windows, using and SSH server there and putty to access it (didn't work).
So I need help running it. If any of you have an idea, share it.

Thank you
E.C.

and of course, look at the terminal view of the SSH login:

# ssh -v 77.125.87.10
OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 77.125.87.10 [77.125.87.10] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version dropbear_0.36
debug1: no match: dropbear_0.36
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
Read from socket failed: Connection reset by peer

[eidanch]

Thanks for mocking me... I have the SSH-Server installed on the machine and running. Please gimmi a serious solution...

[Zeroangel]

You've tried using the internal network right? And this has failed?

(I ask because you did not explicitly state this -- its useful in determining whether your router/firewall's port forwarding is the culprit -- or an incorrect external IP)

Additionally you've taking a look at sshd-config right? Also, it would be a good idea to change the port that your SSH connects to, in order to avoid security problems and so that you can be assured that you are connecting to the correct port.

[eidanch]

Yes i did tried the internal network and it worked on any port i tried. I didn't work when I tried using external address. Another thing i found out lately is that even if i change the port to say, 2222, and forward it on router, checking it is open with a port scanner, when i try to connect it on ssh it says connection refused and port 22 still gets the connection but gives the error you see above. Same thing even when iu turn off SSHD completely. this one is really strange...

[Zeroangel]

That IS strange. The culprit does sound like maybe you arent specifying the correct port in putty, or that your virtual-server/port-forwarding settings are set to something like "internal port = 22, external port = xy". Keep in mind that when you change port forwarding settings on the router/gateway, you often need to reboot the gateway.

[aongoma]

I'd have to agree.. it does sound like a port forwarding / port issue. If you're still experiencing problems, there are a few things you can do;

-Run a port scan against your router and see if the ssh service is available and "listening". I would recommend using nmap for port scanning.

-If you have a DMZ option on your router, try placing your ssh server on the dmz, this will bypass all firewall rules.

-Another option is to completely bypass your router and place your ssh server on the edge of your network and see if you can ssh into it.

[D-cat]

Check the sshd configuration. I think it typically defaults to not listening for connections from outside your local network (listens to all "local addresses").

in /etc/ssh/sshd_config , check that the commands for
ListenAddress
are all commented out so sshd will listen to all addresses, or if you need to define which addresses to listen to for security reasons, that the server's external address is included in the list.

From the sshd_config man page:

Code:

 ListenAddress
             Specifies the local addresses sshd(8) should listen on.  The fol-
             lowing forms may be used:

                   ListenAddress host|IPv4_addr|IPv6_addr
                   ListenAddress host|IPv4_addr:port
                   ListenAddress [host|IPv6_addr]:port

             If port is not specified, sshd will listen on the address and all
             prior Port options specified.  The default is to listen on all
             local addresses.  Multiple ListenAddress options are permitted.
             Additionally, any Port options must precede this option for non-
             port qualified addresses.

Edit: You can also check dmesg (or files in /var/log) to see if and why the ssh daemon is rejecting connections.

Also, with your router, don't bother with port triggering; set the DHCP server to assign your sshd server a static IP address, then use static port forwarding to send all port 22 traffic to that server.

[eidanch]

ok, first of all thank you for your help
now, stuff i did:
used nmap, i get only normal ports: 21,22,23,80 etc, used by the default gateway, port 2222 which i use for sshd won't show up. when i use nmap on local host it does show up. the port 2222 is forwarded and the fire wall is off.

tried using dmz, absolutely no change so i might have done something wrong... (got SL2-141, simply put internal address and apply right ?). also ran nmap and no change.

i cant by pass the router cause of 2 reasons:
1) as i mentioned before it's a SL2-141 (its a modem + router...) i dont know how to bypass this one.
2) it's in the other room...

also checked the config and enabled listening on 0.0.0.0 still no change.

checked the dmesg, found absolutely no mention of ssh or sshd so i guess the packed doesn't even reach the sshd...

i am really clueless here... i assume the router simply hates me or something... anyway, if you got more ideas, please hit me with them.

thank you again

edit: also should add, on this router port forward is instant so no reboot needed.

[Zeroangel]

tried using dmz, absolutely no change so i might have done something wrong... (got SL2-141, simply put internal address and apply right ?)

Yes, put internal address, apply, and reboot your router. Sometimes putting a computer on the DMZ changes its internal IP and the computer must then re-acquire the IP address.

[D-cat]

Actually, you can accomplish much of this as root/sudo without rebooting.

sudo service sshd stop

sudo ifdown eth0

sudo ifup eth0

sudo service sshd start

That'll cause eth0 to reinit (and typically reacquire the DHCP address) and sshd restarted after the fact ought to make it bind to the current addresses, all without restarting the whole system.