SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ANSWER IS: I was attempting to connect to the external IP from within my LAN to test.
Hello,
I have SSHD running on my slackware 11.0 system. I am able to connect via Putty from my Windows box with the local IP (192.168.0.111), and I can even connect from the slackware box to itself using this same IP (192.168.0.111). What I am having trouble with is connecting to it using my external IP (68.XX.XX.XX). I cannot connect from either box. Both simply time out.
I have forwarded port 22 on my router, which I am confident should work (I forward lots of ports) to 192.168.0.111, the local LAN IP. DHCP is off.
The slackware box connects to the net just fine through Firefox and links. Its ifconfig output:
I run Sygate on the Windows PC Im trying to conenct with, and no firewall to my knowlege on the slackware box. If it has one, it is the default. I just got slackware up 2 days ago.
Double check that the router forwards port 22 to 192.168.0.111
Quote:
I am able to connect via Putty from my Windows box with the local IP
So, you don't have a firewall problem on the slackware host, unless a firewall rule explicitly blocks outside IPs and allows LOCAL IPs.
Check /etc/hosts.deny and /etc/hosts.allow.
I wasn't able to ssh into my fedora core 6 laptop until I edited /etc/hosts.allow:
sshd : 192.168.1.0/255.255.255.128 : ALLOW
I had my lan subnetted so I couldn't connect from another host on the lan until I edited hosts.allow.
Look in your /etc/ssh/sshd_config and check for the port number. It may be changed.
Code:
$ sed -n '21q;1,20p' /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
I have disabled Protocol 1 for security reasons. If you also have, make sure that putty is using Protocol 2.
Also, test the connection using a telnet client
ex:
Code:
Trying 192.168.1.102...
Connected to delllap.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
You won't be able to complete the connection, but you should see something if the you don't have a firewall or port forwarding problem.
The easiest solution is (if you have a small LAN) to define the external domain name of the ssh server in /etc/hosts on all of the other clients using the *internal* ip of the server, or if you have a large LAN, then set up multiple views in bind and serve the internal ip to clients inside the lan.
If you want to ssh to the ip address directly (not using the external domain name), then you'll need to follow the advice in the tutorial above.
In order for you to get connected to a ssh server. The server should use a public static ip address, not a dynamic ip. If you use a dynamic ip you can only connect to the server through the computer on your lan. But in order to connect from outside your lan you need a static ip. I hope this helps..
Everything is left as default in sshd_config, but I did change the protocol to 2 only. Both hosts.allow and hosts.deny are empty. What you added to your hosts.allow seems to be for LAN entry, but my problem is with outside entry. What would I need to put in there?
Telnet also does not connect. Perhaps my ISP is blocking port 22. COuld this possibly be because I am trying to connectto the external IP from within the local network?
Also, to the new reply: I have not heard this before. I know the IP changes once in a while, but I have never had problems hosting services out of this box as a windows server on a dynamic IP behind a NAT. Is this specific to ssh?
EDIT: I attempted forwarding 23 to the box and changing the listen port for SSHD to 23. I have the same problem. This is looking very much like a forwarding problem, but I just can;t see how. I have other ports forwarded the same way with no issue.
EDIT2: I used a port forwarding test app on the server which reports the port forwarding is good on ports 22 and 23.
To tell you the very truth i don't know much on NAT. I have ftp and ssh server at home and the only way I use to connect is I had to accquire a static ip from my isp and assign it to my server. After that i was able to connect from anywhere. I did not had to change any config file. Only had to add it so it starts automatically at start up(sshd).
I missed that. I though you were trying to SSH into your home computer from work or a remote address. You should be able to SSH into that host using the hosts ip address, or if it is in /etc/hosts, using the local computer's hostname. Don't feel bad. We see many people trying the same thing to connect to their web server, using the FQDN instead of a local alias or local IP address.
Your router has a Public Internet address (unless you are an unlucky DNS customer). Your host doesn't need a public address as another respondent said. The port forwarding takes care of that.
About the hosts.deny and hosts.allow files, if you had "ALL : ALL" in hosts deny and only allowed LOCAL LAN connections, that could prevent sshd from connecting to an outside IP address. Since you don't have either file, that isn't the case. It was one thing to check. The hosts.deny file could be used to deny non-LAN connections. ( Not that a hacker couldn't try to connect from a machine on the LAN he compromised. )
An entry like "AllowUsers mrspandex@www.doom.com" would only allow connections to be authenticated for user "mrspandex" ( a local user account ) coming from a remote computer with a hostname of "www.doom.com". If you configure sshd to check IP addresses it will lookup www.doom.com. If that isn't a registered hostname, and isn't in your /etc/hosts file, the connection may be denied.
i also have the same problem. my server has 2 NIC ( one for private IP and another one for public IP)I can connect before to my server inside LAN or outside. then suddenly I could not connect anymore from outside. no problem from inside. I haven't change anything on my config. can anybody tell me why this happened? and what is the turn around for this problem of mine? thanks!
If access from the outside "suddenly" stopped working, then either your ISP has now blocked the TCP/IP port where you were connecting to, or your ISP gives you a dynamic IP address which has suddenly changed. If you have registered a hostname for external access to your server, then the mapping hostname <--> IP address is broken.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.