problems setting up remote ssh
I've got an ubuntu desktop at home and a mac laptop. I'm trying to set this up so that I can ssh into my ubuntu machine from outside my local network.
Here is what I have done so far:
(1) I've enabled ssh on port 22 on my ubuntu machine. The file /etc/ssh/sshd_config says it is listening on Port 22.
(2) If I look at my firewall status (ufw status
), it says:
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
(3) On my Netgear C3700-100NAS router, I reserved the ip address to my ubuntu machine so that it won't change.
(4) I set up port forwarding, with service type TCP/UDP, external and internal ports set to 22, and it points to my internal IP address.
(5) I found my public ip address using http://www.myipaddress.com/
I can successfully ssh into my ubuntu machine from home, on the local network, using the local ip address.
But remote ssh times out. I also tried an online port forwarding tester (https://www.yougetsignal.com/tools/open-ports/), and when I point it to my public ip address and port 22, it tells me the port is closed.
When I attempt to remotely ssh, I get the following:
~ $ ssh -vvv [email protected]
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "xx.xxx.xxx.xx" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to xx.xxx.xxx.xx [xx.xxx.xxx.xx] port 22.
debug1: connect to address xx.xxx.xxx.xx port 22: Operation timed out
ssh: connect to host xx.xxx.xxx.xx port 22: Operation timed out
UPDATES
Following some advice listed below, I've made a few changes. I changed port forwarding so that it now uses port 8022 as the external port, but still port 22 as the internal port. I've also turned on an option in my router settings that it responds to pings.
Now, if I ping my public IP, it does respond. However, if I test whether or not port 8022 is open via the yougetsignal website listed above, it still says it's closed.
If I attempt to SSH:
> ssh -vvv [email protected] -p 8022
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "xx.xxx.xxx.xx" port 8022
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to xx.xxx.xxx.xx [xx.xxx.xxx.xx] port 8022.
debug1: connect to address xx.xxx.xxx.xx port 8022: Operation timed out
ssh: connect to host xx.xxx.xxx.xx port 8022: Operation timed out
I also called my ISP, and although it was a confusing conversation, it didn't seem like they were blocking the ports I was trying to use...
Following a suggestion below, I ran sudo nmap --packet-trace --traceroute --reason xx.xxx.xxx.xx
. Here is a subset of the output. Port 8022 is not listed, but I imagine it should be:
Host is up, received reset ttl 253 (0.0028s latency).
Not shown: 996 filtered ports
Reason: 996 no-responses
PORT STATE SERVICE REASON
135/tcp closed msrpc reset ttl 253
139/tcp closed netbios-ssn reset ttl 253
445/tcp closed microsoft-ds reset ttl 253
1025/tcp closed NFS-or-IIS reset ttl 253
I'm not sure where the problem is... the ubuntu machine? the router? Any ideas how to figure this out?
Thanks!
Solution 1:
I had similar problem few days ago. Your modem or router may not be configured as a bridge. It depends on the ISP. In normal mode it will block all the incoming connections, but switching it into bridge mode gives all access. I had to call my ISP to change that, so I would have public IP address (not exactly fixed for long time but that's enough for me) and my router now works as a bridge for all the connections.
It is all about that ISP are lack of IP addresses and hide users beside few other routing stuff. You need to truly have public IP address.