Results 1 to 6 of 6

Thread: Public SSH server? (help please)

  1. #1
    Senior Member
    Join Date
    Jul 2002
    Posts
    229

    Public SSH server? (help please)

    Hello,

    Right now I am trying to set up an SSH server at home and what I am doing here as far as the setup is a tad bit unusual, I suppose, and I need some help.

    Here is the setup... (all computers here run on XP except the potential server)

    I have a computer in the basement IP (192.168.0.102) connected to a router (192.168.0.1).

    Upstairs I have two computers (192.168.0.103) and (192.168.0.104) both are connected to a switch that leads to the same router (192.168.0.1).

    On the computer with IP address (192.168.0.104) I have a VMWare guest Operating System (Red Hat Linux 9) with the IP address (192.168.0.105).

    Now I have on my guest OS a SSH server set-up that I can access anywhere 'within' my home network on port 22. Now what I want to do is make it public so I can access it from anywhere. Trouble is the things I've tried up until this point have all failed.

    What I need to know is my public IP, but whenever I go to websites like 'whatsmyip.com' I get the IP of my mail server? I say this because I did a port scan of the IP address and the only port open was POP3. (Perhaps I am mistaken I just thought that was weird).

    I am looking into some reading reguarding port forwarding with my router, however the hurdle I still have is obtaining a public IP that I can get to from anywhere.

    Any help on this is appreciated, thank you.
    The real question is not whether peace can be obtained, but whether or not mankind is mature enough for it...

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Go into your router and forward port 22 to your 192.168.0.105 box. (the vmware linux box)

    The ip address that you get when you go to www.whatismyip.com is going to be the ip address that your connecting from. It is the WAN ip address of your router. Your public IP address.

    What type of router do you have? Most routers will tell you what your public ip address in the admin page or status page.

    You should then be able to ssh to the ip address you get from the whatismyip.com and it will connect. You just have to forward the port first. Oh, and make sure that the linux box will accept connections from outside your LAN.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Senior Member
    Join Date
    Jul 2002
    Posts
    229
    Hey phish, thanks for taking the time to reply.

    The router I have is a D-Link DI-604 model. It does not have the public IP address on the main page, but I've taken your word for it thus far and did some troubleshooting.

    What I have done thus far is configure the port-forwarding options so that anyone who attempts to connect to the router on a port suchas 3433 is forwarded to the IP address of the server and to its port 22.

    Still though, it does not work. However, while troubleshooting a couple of interesting things happened. I am using PUTTY for a client and when I enter the public IP of the router and the port 3433, the connection will time out. Now, when I enter the LAN IP of the router '192.168.0.1' and then the port 3433, a message will come up saying the connection was refused.

    So I am thinking that the server may not be configured to accept outside connections like you said. If so, is there a quick way to reconfigre that? Also are there any other possible reasons for this occurance?

    Thanks for your time.
    The real question is not whether peace can be obtained, but whether or not mankind is mature enough for it...

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    When you forward that port and go to an online security check, does it find that port open?
    Some sites will only scan and report on common ports, so make sure it is scanning all of them.

    www.grc.com has a full scan available.
    https://www.grc.com/x/ne.dll?bh0bkyd2

    Choose all service ports or custom ports and specify what you want to scan.

    Then you can tell if if your forwarding is working properly.

    Another posibility is your ISP is filtering the packets... but it is unlikely.

    There are many different reasons your linux box is refusing connections.

    Look at your firewall config. You can even disable it temporarily (you'll be protected via router firewall) to see if your firewall is blocking it.

    It could also be tcp wrappers?

    Without looking at your setup, its hard to really pinpoint it. But you can troubleshoot it from the outmost layer (your firewall) on in.

    Another possiblity could be the router itself. I've had REALLY BAD experience with D-Link.
    We were just talking about that here the past couple of days. You may want to check for known problems with your fimware and see if there is an update for it? D-Link is known for fixing a problem with a new revision of firmware that breaks a couple other features that were working fine before you updated. I've experienced that several times already. Others here have had the same problem.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Senior Member
    Join Date
    Jul 2002
    Posts
    229
    I've checked the link you posted and the port forwarding works fine, I also turned off the firewall on my Linux box, still nothing.

    So I went into the hosts.allow file and added "sshd: ALL" to allow all hosts... sadly still nothing will work as far as public connectivity is concerned.

    I will continue to try new things, let me know if you have any other suggestions, thanks for your help thus far though, if anything I've learned a thing or two.


    EDIT: It works! The reason it was not working at first is because I was trying to access it with a public address inside the LAN I suppose. My friend outside my LAN was able to connect successfully. Thanks phish for the help!
    The real question is not whether peace can be obtained, but whether or not mankind is mature enough for it...

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Sweet.

    Sorry, I forgot that you can't connect from your lan inside to your wan port.
    You have to do it from outside (like you got it to work).

    Brain fart.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •