MEPIS Community Forum

A Linux operating system based on Debian Stable
View unanswered posts | View unsolved topics | View active topics |



Reply to topic  [ 12 posts ]  Go to page 1, 2  Next
Help with getting remote access via ssh working 
Author Message
Forum Regular
Forum Regular
User avatar

Joined: Sun Mar 27, 2011 9:59 pm
Posts: 221
Has thanked: 50 times
Have thanks: 9 times
Post # 298900
Post Help with getting remote access via ssh working
Hi All,

If anyone can point me to appropriate guidance on this I'd really appreciate it.
I'm trying to get remote ssh access to my desktop mepis system. I know I have the dns set up correctly because the domain resolves to the right IP Address. I know I have the ssh daemon running on the local machine. I have forwarded port 22 on the router to my desktop system. Yet I cannot get into the machine from the outside.

I've turned off the machine's firewall, and so I'm convinced it has to be the router config. It's a buffalo router running DDWRT, and there's too much going on in there. Does anyone know a good guide to these things?

Best,
Chris

_________________
--
Chris Griffin


Sat Apr 21, 2012 11:37 am
Profile
Forum Guide
Forum Guide
User avatar

Joined: Wed Jul 12, 2006 4:05 pm
Posts: 2826
Location: Pinellas Park, FL
Has thanked: 106 times
Have thanks: 1792 times
Post # 298901
Post Re: Help with getting remote access via ssh working
Just a thought - have you configured /etc/hosts.allow & /etc/hosts.deny to allow logins from your other machine's IP address?

_________________
XFX Nforce 750 (built in GeForce 8300), Athlon X2 5000
Lenovo G550 , Intel T4400 , Intel Mobile 4 graphics


Sat Apr 21, 2012 11:47 am

timkb4cq thanked by: cgriffin
Profile
Forum Regular
Forum Regular
User avatar

Joined: Sun Mar 27, 2011 9:59 pm
Posts: 221
Has thanked: 50 times
Have thanks: 9 times
Post # 298903
Post Re: Help with getting remote access via ssh working
Hi Timkb,

I haven't touched those files but I don't think that's the issue as I'm able to ssh from my windows laptop using cygwin just fine.
It's just not working getting through the router. Ugh!

Thanks,
Chris

_________________
--
Chris Griffin


Sat Apr 21, 2012 12:38 pm
Profile
Forum Guide
Forum Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 298908
Post Re: Help with getting remote access via ssh working
run traceroute -p 22 fqdn

where fqdn is the fully qualified domain name....

it'll help illuminate any potential networking issues.

you can also ssh to the fqdn and it should go out your router and then back in through the port...


Sat Apr 21, 2012 4:45 pm
Profile
Forum Regular
Forum Regular
User avatar

Joined: Sun Mar 27, 2011 9:59 pm
Posts: 221
Has thanked: 50 times
Have thanks: 9 times
Post # 298919
Post Re: Help with getting remote access via ssh working
GoManutd wrote:
run traceroute -p 22 fqdn

where fqdn is the fully qualified domain name....

it'll help illuminate any potential networking issues.

you can also ssh to the fqdn and it should go out your router and then back in through the port...


I ran traceroute -p 22 fqdn and it works fine. However, trying to ssh to port 22 does not work.
Could it be that my ISP is blocking ssh on that port?

One annoying thing is that I could not run traceroute at all with the firewall on (guarddog), and I have enabled traceroute within guarddog....

Thanks for your help.
Chris

_________________
--
Chris Griffin


Sat Apr 21, 2012 10:52 pm
Profile
Forum Guide
Forum Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 298920
Post Re: Help with getting remote access via ssh working
honestly, i use firestarter for my firewall frontend. guarddog is fine, but with firestarter you can see logged events in real time and take action on them. i seriously doubt the ISP is doing anything to block port 22.

btw, if you don't allow inbound traffic for port 22 on your gateway (your router) then that will result in no ssh connection.

also, allowing inbound ssh traffic can be a HUGE security risk. make sure you have fail2ban installed too. it'll help prevent brute force attacks against ssh - it's automatic and adds a nice layer.

make sure you have the latest firmware for your router installed


Sat Apr 21, 2012 11:00 pm
Profile
Forum Regular
Forum Regular
User avatar

Joined: Sun Mar 27, 2011 9:59 pm
Posts: 221
Has thanked: 50 times
Have thanks: 9 times
Post # 298939
Post Re: Help with getting remote access via ssh working
GoManutd wrote:
honestly, i use firestarter for my firewall frontend. guarddog is fine, but with firestarter you can see logged events in real time and take action on them. i seriously doubt the ISP is doing anything to block port 22.

btw, if you don't allow inbound traffic for port 22 on your gateway (your router) then that will result in no ssh connection.

also, allowing inbound ssh traffic can be a HUGE security risk. make sure you have fail2ban installed too. it'll help prevent brute force attacks against ssh - it's automatic and adds a nice layer.

make sure you have the latest firmware for your router installed


Thanks for your pointers. I'll try using Firestarter. Maybe I should back up and state that all I want to do is to be able to tunnel into my machine from outside in order to remotely access it via VNC. Perhaps there is a better way of doing this than using ssh and opening the port in the router.

However, I'm pretty sure that SSH could be set up to use only RSA keys, and it's unlikely that anyone is going to bruteforce a 2048-bit key.

I'm also aware of using other solutions, such as LogMeIn/Hamachi. What's the easiest way to attain what I'm after? I'm certainly interested in security, but if there's a solution that is easy I'd go for that. The reason I haven't tried Hamachi is that there is the third party present and I'm not sure how much of my connection would really be secure from that provider

Thanks,
Chris

_________________
--
Chris Griffin


Sun Apr 22, 2012 2:07 pm
Profile
Forum Guide
Forum Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 298941
Post Re: Help with getting remote access via ssh working
you're still going to have to get the port forwarding working. ssh is the better choice for the encryption because you can then use it for a bunch of things and not just vnc.

also, if you are going to use ssh then use fail2ban, too. whether or not someone actually is able to break the encryption key isn't necessarily the real harm. fail2ban will block an offending ip just because it's trying to break the encryption, so it helps prevent ddos type of situations. you'd be surprised how much unwanted traffic you'll notice once you open port 22 - lots of automated attacks that troll the net for sites that have ports open.


Sun Apr 22, 2012 3:39 pm

GoManutd thanked by: cgriffin
Profile
Forum Regular
Forum Regular
User avatar

Joined: Sun Mar 27, 2011 9:59 pm
Posts: 221
Has thanked: 50 times
Have thanks: 9 times
Post # 298945
Post Re: Help with getting remote access via ssh working
GoManutd wrote:
you're still going to have to get the port forwarding working. ssh is the better choice for the encryption because you can then use it for a bunch of things and not just vnc.

also, if you are going to use ssh then use fail2ban, too. whether or not someone actually is able to break the encryption key isn't necessarily the real harm. fail2ban will block an offending ip just because it's trying to break the encryption, so it helps prevent ddos type of situations. you'd be surprised how much unwanted traffic you'll notice once you open port 22 - lots of automated attacks that troll the net for sites that have ports open.


fail2ban is a no-brainer tool, thanks for the pointer. I am installing it right now! I am still convinced the only thing that really isn't working is my router, blasted thing. I should probably post over in the DDWRT forums.
Best,
Chris

_________________
--
Chris Griffin


Sun Apr 22, 2012 4:36 pm
Profile
Forum Guide
Forum Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 298946
Post Re: Help with getting remote access via ssh working
i use ddwrt and had no problems getting ssh to work with port forwarding... just make sure you have the latest firmware from them.


Sun Apr 22, 2012 4:44 pm
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 12 posts ]  Go to page 1, 2  Next

Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware for PTF.