Help with getting remote access via ssh working

Feel free to talk about anything and everything in this board. Just don't post offensive topics that are meant to cause trouble with other members or are derogatory towards people of different genders, race, color, minors (this includes nudity and sex), politics or religion. Let's try to keep peace among the community and for visitors.

No spam on this or any other forums please! If you post advertisements on these forums, your account may be deleted.

Do not copy and paste entire or even up to half of someone else's words or articles into posts. Post only a few sentences or a paragraph and make sure to include a link back to original words or article. Otherwise it's copyright infringement.

You can talk about other distros here, but no MEPIS bashing. You can email the developer of MEPIS if you just want to say you dislike or hate MEPIS.
Message
Author
User avatar
cgriffin
Forum Regular
Forum Regular
Posts: 221
Age: 45
Joined: Sun Mar 27, 2011 9:59 pm

Help with getting remote access via ssh working

#1 Postby cgriffin » Sat Apr 21, 2012 11:37 am

Hi All,

If anyone can point me to appropriate guidance on this I'd really appreciate it.
I'm trying to get remote ssh access to my desktop mepis system. I know I have the dns set up correctly because the domain resolves to the right IP Address. I know I have the ssh daemon running on the local machine. I have forwarded port 22 on the router to my desktop system. Yet I cannot get into the machine from the outside.

I've turned off the machine's firewall, and so I'm convinced it has to be the router config. It's a buffalo router running DDWRT, and there's too much going on in there. Does anyone know a good guide to these things?

Best,
Chris
--
Chris Griffin

User avatar
timkb4cq
Forum Veteran
Forum Veteran
Posts: 3364
Joined: Wed Jul 12, 2006 4:05 pm

Re: Help with getting remote access via ssh working

#2 Postby timkb4cq » Sat Apr 21, 2012 11:47 am

Just a thought - have you configured /etc/hosts.allow & /etc/hosts.deny to allow logins from your other machine's IP address?
MSI 970A-G43 MB, AMD FX-6300 (six core), 16GB RAM, GeForce 730, Samsung 850 EVO 250GB SSD, Seagate Barracuda XT 3TB

User avatar
cgriffin
Forum Regular
Forum Regular
Posts: 221
Age: 45
Joined: Sun Mar 27, 2011 9:59 pm

Re: Help with getting remote access via ssh working

#3 Postby cgriffin » Sat Apr 21, 2012 12:38 pm

Hi Timkb,

I haven't touched those files but I don't think that's the issue as I'm able to ssh from my windows laptop using cygwin just fine.
It's just not working getting through the router. Ugh!

Thanks,
Chris
--
Chris Griffin

User avatar
GoManutd
Forum Guide
Forum Guide
Posts: 2952
Joined: Mon Jun 30, 2008 8:06 pm

Re: Help with getting remote access via ssh working

#4 Postby GoManutd » Sat Apr 21, 2012 4:45 pm

run traceroute -p 22 fqdn

where fqdn is the fully qualified domain name....

it'll help illuminate any potential networking issues.

you can also ssh to the fqdn and it should go out your router and then back in through the port...

User avatar
cgriffin
Forum Regular
Forum Regular
Posts: 221
Age: 45
Joined: Sun Mar 27, 2011 9:59 pm

Re: Help with getting remote access via ssh working

#5 Postby cgriffin » Sat Apr 21, 2012 10:52 pm

GoManutd wrote:run traceroute -p 22 fqdn

where fqdn is the fully qualified domain name....

it'll help illuminate any potential networking issues.

you can also ssh to the fqdn and it should go out your router and then back in through the port...


I ran traceroute -p 22 fqdn and it works fine. However, trying to ssh to port 22 does not work.
Could it be that my ISP is blocking ssh on that port?

One annoying thing is that I could not run traceroute at all with the firewall on (guarddog), and I have enabled traceroute within guarddog....

Thanks for your help.
Chris
--
Chris Griffin

User avatar
GoManutd
Forum Guide
Forum Guide
Posts: 2952
Joined: Mon Jun 30, 2008 8:06 pm

Re: Help with getting remote access via ssh working

#6 Postby GoManutd » Sat Apr 21, 2012 11:00 pm

honestly, i use firestarter for my firewall frontend. guarddog is fine, but with firestarter you can see logged events in real time and take action on them. i seriously doubt the ISP is doing anything to block port 22.

btw, if you don't allow inbound traffic for port 22 on your gateway (your router) then that will result in no ssh connection.

also, allowing inbound ssh traffic can be a HUGE security risk. make sure you have fail2ban installed too. it'll help prevent brute force attacks against ssh - it's automatic and adds a nice layer.

make sure you have the latest firmware for your router installed

User avatar
cgriffin
Forum Regular
Forum Regular
Posts: 221
Age: 45
Joined: Sun Mar 27, 2011 9:59 pm

Re: Help with getting remote access via ssh working

#7 Postby cgriffin » Sun Apr 22, 2012 2:07 pm

GoManutd wrote:honestly, i use firestarter for my firewall frontend. guarddog is fine, but with firestarter you can see logged events in real time and take action on them. i seriously doubt the ISP is doing anything to block port 22.

btw, if you don't allow inbound traffic for port 22 on your gateway (your router) then that will result in no ssh connection.

also, allowing inbound ssh traffic can be a HUGE security risk. make sure you have fail2ban installed too. it'll help prevent brute force attacks against ssh - it's automatic and adds a nice layer.

make sure you have the latest firmware for your router installed


Thanks for your pointers. I'll try using Firestarter. Maybe I should back up and state that all I want to do is to be able to tunnel into my machine from outside in order to remotely access it via VNC. Perhaps there is a better way of doing this than using ssh and opening the port in the router.

However, I'm pretty sure that SSH could be set up to use only RSA keys, and it's unlikely that anyone is going to bruteforce a 2048-bit key.

I'm also aware of using other solutions, such as LogMeIn/Hamachi. What's the easiest way to attain what I'm after? I'm certainly interested in security, but if there's a solution that is easy I'd go for that. The reason I haven't tried Hamachi is that there is the third party present and I'm not sure how much of my connection would really be secure from that provider

Thanks,
Chris
--
Chris Griffin

User avatar
GoManutd
Forum Guide
Forum Guide
Posts: 2952
Joined: Mon Jun 30, 2008 8:06 pm

Re: Help with getting remote access via ssh working

#8 Postby GoManutd » Sun Apr 22, 2012 3:39 pm

you're still going to have to get the port forwarding working. ssh is the better choice for the encryption because you can then use it for a bunch of things and not just vnc.

also, if you are going to use ssh then use fail2ban, too. whether or not someone actually is able to break the encryption key isn't necessarily the real harm. fail2ban will block an offending ip just because it's trying to break the encryption, so it helps prevent ddos type of situations. you'd be surprised how much unwanted traffic you'll notice once you open port 22 - lots of automated attacks that troll the net for sites that have ports open.

User avatar
cgriffin
Forum Regular
Forum Regular
Posts: 221
Age: 45
Joined: Sun Mar 27, 2011 9:59 pm

Re: Help with getting remote access via ssh working

#9 Postby cgriffin » Sun Apr 22, 2012 4:36 pm

GoManutd wrote:you're still going to have to get the port forwarding working. ssh is the better choice for the encryption because you can then use it for a bunch of things and not just vnc.

also, if you are going to use ssh then use fail2ban, too. whether or not someone actually is able to break the encryption key isn't necessarily the real harm. fail2ban will block an offending ip just because it's trying to break the encryption, so it helps prevent ddos type of situations. you'd be surprised how much unwanted traffic you'll notice once you open port 22 - lots of automated attacks that troll the net for sites that have ports open.


fail2ban is a no-brainer tool, thanks for the pointer. I am installing it right now! I am still convinced the only thing that really isn't working is my router, blasted thing. I should probably post over in the DDWRT forums.
Best,
Chris
--
Chris Griffin

User avatar
GoManutd
Forum Guide
Forum Guide
Posts: 2952
Joined: Mon Jun 30, 2008 8:06 pm

Re: Help with getting remote access via ssh working

#10 Postby GoManutd » Sun Apr 22, 2012 4:44 pm

i use ddwrt and had no problems getting ssh to work with port forwarding... just make sure you have the latest firmware from them.


Return to “General”

Who is online

Users browsing this forum: Google [Bot] and 1 guest