I am trying to set up an SSH connection to a server running FC4.
The server has two network cards. At the moment I am just trying to configure eth0.I have set the IP to 192.168.1.20 with a subnet mask of 255.255.255.0 and a gateway pointing to my ADSL router (192.168.1.254).

SSH is running on the server ok (although there is a Bind issue reported in the secure log - problem with binding to 0.0.0.0 - ssh appears to be running).

From my laptop I can ping both the internal address of the server (192.168.1.20) and the routers external address, but I can't connect via SSH. My laptop is using a different gateway on the local network to get to the net.

The ADSL router is a BT1801HG running 'wired'. I have set up the firewall on the router so that SSH is redirected to the server's internal IP (although the IP given for the server on the router is 0.0.0.0 the hardware address agrees with the eth0 card on the server)

Any ideas as to what I'm doing wrong?
Am I correct in what I am doing in the first place - I want the server to be available on the net, but secured by the firewall in the ADSL router with only SSH traffic allowed through.

Have you changed the 0.0.0.0 addr to the internal IP addr of your server? Possibly this is the problem due to the log error.

What IP addr are you using to attempt the SSH? It should be the IP addr of the router if you are using port forwarding on the router.

One way to really lock down the firewall is to only permit external SSH access to a predefined list of IPs.

Thanks for the reply.
The IP on the server (on the NIC) is 192.168.1.20. The router appears to detect any machines connected - and it's showing 0.0.0.0 for the server - although it has the correct address for my laptop (192.168.1.10). So it seems that the network card on the server and the ADSL router aren't talking to each other properly.
I have FC4 on my laptop and I can't see any difference between my laptop setup and the server in way of network card definition. Is there a chance that the second network card in the server is causing some kind of glitch (even though it is not configured)?

I think your router is forwarding ALL incoming packets to the server, that's why you're getting the 0.0.0.0 address. Perhaps a router reconfigure is in order here to just allow port 22.

Can you telnet to the server on port 22? You should get some response (even if gibberish). If that works internally, but not externally, then the router's not passing the packets.

If it's any help, here's my sshd_config

Port 22
Protocol 2,1
SyslogFacility AUTH
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/myauthkey
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
Subsystemsftp/usr/libexec/openssh/sftp-server

As you can see, I use an authorized_keys file rather than a password for authentication.

Carl.

Carl,
I'm more confused than ever....
The local network goes through the ADSL router. I can ping and ssh via the internal address without a problem. The ADSL router firewall config only shows ssh being redirected through the firewall (no other services are listed) - but to 0.0.0.0. Obviously the 192.168.1.20 address is being recognised though as I can ping etc.

Telnet to 192.168.1.20 on 22 gives an SSH response:

telnet 192.168.1.20 22
Trying 192.168.1.20...
Connected to 192.168.1.20.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.0

- but gives a timeout on the external address.

The problem --seems-- to be that the router thinks the ip of the server is 0 for ssh when port forwarding.

I'm just about to reset the router back to the factory settings and try again.

Steve,

There's no such host as .0 as this is the subnet address. It's almost certainly your router not passing port 22 to the correct IP.

Carl.

Carl,
The problem seems to have been the router.
I had assumed that it was the linux end as that was where I had made the changes (ie I had set up the network card(s)) - so I had spent most of my time looking there - but after your mail, I simply reset the router and reentered the config and ssh firewall settings and hey presto my server appeared with the correct IP (this router auto detects the IP of all connected pcs - so you don't enter them). and I can now ssh through the external address. A minor snag is that my laptop and other PC's do not appear at all now on the router - but I can connect using the local IPs and I can ping across the internal network - so I'm not too fussed if the router's network display doesn't show them!

Thanks for your help.

(Next time, I'll look at the router first..)