I want to be able to SSH to my home computers when I am away from home. I have a Cisco/Linksys E4200. When I am away from home and issue a "ssh -p XXXXX john@XXX.XXX.XXX.XXX"(with the Xs replaced with the actual numbers, of course), I get a long pause followed by "ssh: connect to host XXX.XXX.XXX.XXX port XXXXX: Connection timed out"

I have set up a port-forward in the E4200 to forward from the external IPortnumber to port 22 of the internal machine to which I'm interested in connecting.

I'm not even sure how to begin troubleshooting. I thought it would just work...

TIA for your help!

JC

Why are you specifying a different port? SSH by default uses port 22, and you say you forwarded port 22 to the target machine. Try it without specifying a different port, it should work as long as any firewall on the target allows ssh traffic.

If you are trying to have the router use a different external port than internal port, double-check your router port forwarding settings for internal/external port settings. Not all routers support port translation.

Can you connect from another machine on the same LAN? That would be the first thing to check.

Then are you trying to connect to the external IP from within the LAN or outside it? Not all routers support "hair pinning", so you may have to do your testing from another network outside the LAN if your model doesn't. Something to check.

I want to assign individual ports (on the outside) that forward to individual machines inside. As an alternative, I figured I would not do port translation, routing all port 22 traffic to just one machine inside, and then SSH to the other machines from there...but I thought if I could get this working it would be a more elegant solution.

Yes, my router supports port translation. Well, at least the interface implies that it supports it; giving me fields into which I can specify the external port to be translated and internal port to which it should be translated.

Yes, I can SSH to the machine from inside my network.

Yes, when I get the error message, I am trying to connect to my router's external IP from outside my LAN.

The question you haven't asked: Yes, I have verified that port 22 is not blocked on the external LAN from which I'm trying to connect (I can make other SSH connections from that LAN).

What about the incoming connections from the Internet to your router? Those are the ones that matter in this case. You can try looking with http://canyouseeme.org/ for an initial check. Some ISPs cause trouble and in those cases you'd need to pick some arbitrary high port and forward that to port 22 on your server.

Just a shot in the dark here, since you are trying to access via ip, you dont need dns ,try setting the "UseDNS" parameter to no in the /etc/ssh/sshd_config file of your ssh box and restart the ssh service. Additionally you may have to disable some authentication methods to test (like disable RSAAuthentication, RHostsAuthentication etc).

Have you confirmed that the port is open on your router (that, for example, you haven't missed a tick-box somewhere) by going to somewhere like GRC's Shields UP! site and seeing whether it is open? That always helps me. Additionally it will let you know the external IP address if your network in case that's changed since you set it up or similar.
I forward a high port to port 22 on my Pi through my Virgin Media provided router and I've done it on Linksys and Belkin ones in the past to various machines so it can definitely be done.
When SSH is mentioned I always point out I would always run SSH on a non-standard high port if at all possible because I really don't like reading pages of logs looking for intrusion attempts which is what you get if you open a standard port to the internet. Using a non-standard port means it's only the bad guys who know a little that you have to watch out for not every two-bit script kiddy in the world.

Which port did you use? I don't really care about the actual number, but you didn't happen to pick something that's used by another service, did you? Or one that your ISP blocks?

You could try disabling the port translation and just using 22, or modifying the sshd_config on your machine to listen to connections on both 22 and your high port and just forwarding the high port straight through on the router. That would eliminate any bugs in the router's port translation.

Have you checked your router's or your computer's security logs to see if a firewall config is blocking the connection attempts?

I finally figured it out...I think. I still need to test sometime when I'm away from my house.

I use a VPN. In fact, all of my servers are set up to auto-connect when they light up. My theory (and I'm darn near certain now that it's occurred to me) is that this machine's IP (for purposes of connecting to it from the outside world) is not what I think it is, it's the IP assigned by my VPN.

I'm going to disable the VPN and try again, and I'm betting everything will work as expected.

SMH. (I feel kinda stupid for forgetting that.) :-)

VPN screws up a LOT of networking things like this, I tend to avoid it whenever possible.

In the case of connecting with vpn first. I find it easiest to set vpn on a completely different subnet. You then must make sure to push route to your normal network to vpn clients as well as gateway etc, dns etc. Trying to run the two on the same subnet is a nightmare.