trying to set up ssh at home
Hi folks! My new understanding of networking is coming along, but still a little shaky. I have been trying to set up ssh to work on my home machine because I want to practice Linux stuff and access my PC if I happen to be away from home on the weekends. I've installed OpenSSH with success, and from my local machine I can "ssh localhost" with success (127.0.0.1 works too, of course) The problem is I am trying ssh (my ip) and I get "Connection refused". This happens both from my parents' machine (in another town - Go Mom for downloading and running putty), and from my own (that ssh is running on). I suspect the problem has to do with my router, either regarding my rather prudent settings (LAN connection must be authenticated, *and* have a whitelisted MAC address), or more likely, I am missing something in setup to allow incoming connections that get forwarded to my specific machine. This is where my understanding falls apart at the moment... help? I've got a linksys/cisco wrt120n local IP 192.168.1.100 local router IP 192.168.1.1 internet IP in the 24.something range :) Let me know if more info is required. Thanks! ------------------------------------------------------------ Katherine Scrupa Network Technology CCNA student, RRC
Kat wrote:
Hi folks!
My new understanding of networking is coming along, but still a little shaky. I have been trying to set up ssh to work on my home machine because I want to practice Linux stuff and access my PC if I happen to be away from home on the weekends.
I've installed OpenSSH with success, and from my local machine I can "ssh localhost" with success (127.0.0.1 works too, of course)
The problem is I am trying ssh (my ip) and I get "Connection refused".
This happens both from my parents' machine (in another town - Go Mom for downloading and running putty), and from my own (that ssh is running on).
I suspect the problem has to do with my router, either regarding my rather prudent settings (LAN connection must be authenticated, *and* have a whitelisted MAC address), or more likely, I am missing something in setup to allow incoming connections that get forwarded to my specific machine. This is where my understanding falls apart at the moment... help?
I've got a linksys/cisco wrt120n local IP 192.168.1.100 local router IP 192.168.1.1
internet IP in the 24.something range :)
Let me know if more info is required.
Thanks!
------------------------------------------------------------ Katherine Scrupa Network Technology CCNA student, RRC ------------------------------------------------------------------------
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
You need to login to the router web interface and enable port forwarding to 192.168.1.100, on port 22 tcp. You also might be interested in using a dynamic dns service, such as dnydns.org. All the best, Robert
Kat wrote:
Hi folks!
My new understanding of networking is coming along, but still a little shaky. I have been trying to set up ssh to work on my home machine because I want to practice Linux stuff and access my PC if I happen to be away from home on the weekends.
I've done this a few times with OS X Macs (it takes 30 seconds to set up) and ONCE with Linux.
I've installed OpenSSH with success, and from my local machine I can "ssh localhost" with success (127.0.0.1 works too, of course)
The problem is I am trying ssh (my ip) and I get "Connection refused".
It's not getting as far as asking for a login?
This happens both from my parents' machine (in another town - Go Mom for downloading and running putty), and from my own (that ssh is running on).
I take it you are using the 192 address you give us below as the destination...
I suspect the problem has to do with my router, either regarding my rather prudent settings (LAN connection must be authenticated, *and* have a whitelisted MAC address), or more likely, I am missing something in setup to allow incoming connections that get forwarded to my specific machine. This is where my understanding falls apart at the moment... help?
Sean will be able to give more specific advice, but I think the problem isn't your router. I think it sounds like your computer is only partially set up to accept incoming connections. You /may/ have to set up the firewall or permissions in Linux to allow for incoming connections on that port. By using localhost you aren't getting outside your computer. By using the 192 address you are going to the router and back. It would be nice to know if you can ssh out to a working machine... This way we can determine where the problem is. I suspect you are not far from a working solution (maybe a minute and a half). I use a DLink without any special setup and can access my Macs with my Linux box.
I've got a linksys/cisco wrt120n local IP 192.168.1.100 local router IP 192.168.1.1
internet IP in the 24.something range :)
Let me know if more info is required.
I think you almost have it.
Thanks!
------------------------------------------------------------ Katherine Scrupa Network Technology CCNA student, RRC
Later Mike
I agree with Rob Keizer, but Mike Pfaiffer has a point. I've set up ssh to my network a few times and it's generally the router blocking traffic. The best way to see if the router is blocking traffic (which it would only do to traffic coming in from an external ip) or if it's your install of ssh, try sshing to your machine from a different machine on your local network. If it still doesn't work it's likely a firewall issue on your machine. If it makes a successful ssh connection it's your router blocking traffic. Your router should allow port forwarding. Just forward port 22 to point to your linux box... and make sure you have it set to a static ip! I've had my machine's ip address change and ssh stops working then! Cheers rob g On Fri, Jan 22, 2010 at 9:09 PM, Mike Pfaiffer <high.res.mike@gmail.com> wrote:
Kat wrote:
Hi folks!
My new understanding of networking is coming along, but still a little shaky. I have been trying to set up ssh to work on my home machine because I want to practice Linux stuff and access my PC if I happen to be away from home on the weekends.
I've done this a few times with OS X Macs (it takes 30 seconds to set up) and ONCE with Linux.
I've installed OpenSSH with success, and from my local machine I can "ssh localhost" with success (127.0.0.1 works too, of course)
The problem is I am trying ssh (my ip) and I get "Connection refused".
It's not getting as far as asking for a login?
This happens both from my parents' machine (in another town - Go Mom for downloading and running putty), and from my own (that ssh is running on).
I take it you are using the 192 address you give us below as the destination...
I suspect the problem has to do with my router, either regarding my rather prudent settings (LAN connection must be authenticated, *and* have a whitelisted MAC address), or more likely, I am missing something in setup to allow incoming connections that get forwarded to my specific machine. This is where my understanding falls apart at the moment... help?
Sean will be able to give more specific advice, but I think the problem isn't your router. I think it sounds like your computer is only partially set up to accept incoming connections. You /may/ have to set up the firewall or permissions in Linux to allow for incoming connections on that port. By using localhost you aren't getting outside your computer. By using the 192 address you are going to the router and back. It would be nice to know if you can ssh out to a working machine... This way we can determine where the problem is. I suspect you are not far from a working solution (maybe a minute and a half).
I use a DLink without any special setup and can access my Macs with my Linux box.
I've got a linksys/cisco wrt120n local IP 192.168.1.100 local router IP 192.168.1.1
internet IP in the 24.something range :)
Let me know if more info is required.
I think you almost have it.
Thanks!
------------------------------------------------------------ Katherine Scrupa Network Technology CCNA student, RRC
Later Mike
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
On Sat, Jan 23, 2010 at 09:02:50PM -0600, Rob Guderian wrote:
The best way to see if the router is blocking traffic (which it would only do to traffic coming in from an external ip)--
I always ssh to some remote machine, and then try to ssh back again to make sure that the router is set up properly etc. and that I can get to my home machine from a remote IP. If you don't have access to a remote machine for this there are sites that offer shell access with ssh for a one time $1 donation, or perhaps MUUG offers shell access to its members? Peter -- Peter O'Gorman http://pogma.com
On Fri, 2010-01-22 at 19:20 -0600, Kat wrote:
The problem is I am trying ssh (my ip) and I get "Connection refused".
You haven't said what distribution of Linux you are running? The problem you report above is either: a) Your ssh daemon is not set to listen on the LAN ip address. b) ssh is listening, but the firewall on that machine (not the router) is set to block connections on the LAN interface.
This happens both from my parents' machine (in another town - Go Mom for downloading and running putty), and from my own (that ssh is running on).
I suspect the problem has to do with my router, either regarding my rather prudent settings (LAN connection must be authenticated, and have a whitelisted MAC address), or more likely, I am missing something in setup to allow incoming connections that get forwarded to my specific machine. This is where my understanding falls apart at the moment... help?
Before you go any further trying to get your router setup, you positively MUST get it working on the LAN first. You have accomplished step 1 already which is to confirm that ssh is working by sshing to localhost (127.0.0.1). Step 2 is to confirm that ssh is listening and reachable on the LAN IP. That is where you are now. Do this: # netstat -an | grep -E "tcp.*?22.*?LISTEN" You should see something like: tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN That means ssh is listening on all interfaces (IPs). If you still can't ssh to it from itself, then the firewall on the local machine is most likely blocking port 22. Turn the firewall off and try again. Once you've got the machine so it can ssh to itself on the LAN IP then, if you can, you should test ssh from another machine on the same LAN. Step 3 is to configure the firewall/router to port forward the SSH port on the external IP (the 24.x.x.x address) to the internal LAN IP 192.168.1.100). That should be fairly straight forward on the Linksys firewall. Then, ssh to it from the remote computer using firewall's Internet (external) IP address (not the LAN IP). One word of caution; before you do any of this, please make sure your passwords (especially your root password) is something very secure. Once you open up port 22, you will see literally hundreds of attempts per day to hack your root password. I personally recommend changing the port to something else but that throws a bunch more complications into the process and at this point just focus on getting it working, then you can move on to more advanced things like changing the default ssh ports (hint, look in /etc/ssh/sshd_conf). Regards, -- John Lange http://www.johnlange.ca
I am also trying to set up ssh. I installed OpenSSH on Ubuntu server, and downloaded WinSCP for my Windows computer. Both machines are in my home office right now, but the server will be relocated to a business office. I will continue to administer the server so want access from my home office. I need the server to be secure, so I want to use key authentication. My client machine is Windows so I can't run ssh-copy-id, so I just copied the .pub file to the server then copied it to authorized_keys. It's rejecting my key. I have passwords enabled for testing, but want to disable passwords when I actually connect through the internet. I tried to have WinSCP generate the keys and copy the .pub file to the server, and I generated keys on the server and copied the private key to my Windows desktop. WinSCP requires "importing" the private key, it adds some of it's own stuff such as the client's MAC address. Either way the server just rejects the key. I have ensured PubkeyAuthentication is yes, AuthoriedKeysFile is uncommented, and issued the ssh restart command after each change to the server's config file. What am I doing wrong? Rob Dyck
Rob, Is the Ubuntu server "rejecting your key" during the SSH login session? Are there any logs available from either WinSCP or from the SSH server? I think SSHD can provide some verbose real-time logging which might detail the error. Are trying to login as root when testing the keyed & password based logins? Sorry that's all questions & no answers but maybe some part of it will point you in the right direction. Kelly ---- On Sun, May 2, 2010 at 4:17 PM, Robert Dyck <rbdyck2@shaw.ca> wrote:
I am also trying to set up ssh. I installed OpenSSH on Ubuntu server, and downloaded WinSCP for my Windows computer. Both machines are in my home office right now, but the server will be relocated to a business office. I will continue to administer the server so want access from my home office. I need the server to be secure, so I want to use key authentication. My client machine is Windows so I can't run ssh-copy-id, so I just copied the .pub file to the server then copied it to authorized_keys. It's rejecting my key. I have passwords enabled for testing, but want to disable passwords when I actually connect through the internet. I tried to have WinSCP generate the keys and copy the .pub file to the server, and I generated keys on the server and copied the private key to my Windows desktop. WinSCP requires "importing" the private key, it adds some of it's own stuff such as the client's MAC address. Either way the server just rejects the key.
I have ensured PubkeyAuthentication is yes, AuthoriedKeysFile is uncommented, and issued the ssh restart command after each change to the server's config file.
What am I doing wrong?
Rob Dyck
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
My two cents. Sometimes the key that is generated on Windows machines is malformed as far as openssh is concerned. Make sure your authorized_keys entry looks like this ssh-rsa AAAAB3Nz(snip)KZbC1PEWyI4Q4esMJogfsWpXnB8Q== CommentAboutTheKey I've used putty with it's key store 'pageant' with quite some success. It's a background application that does the key auth for you. You decrypt your key once (your private key is _should_ be encrypted.... ) and it happily does nothing most the time. I think putty prompts you for your key, but I seem to remember it having mixed success. Hope that sheds some light on the situation. rob On Sun, May 2, 2010 at 10:24 PM, Kelly Leveille <kel@kelweb.ca> wrote:
Rob,
Is the Ubuntu server "rejecting your key" during the SSH login session? Are there any logs available from either WinSCP or from the SSH server? I think SSHD can provide some verbose real-time logging which might detail the error. Are trying to login as root when testing the keyed & password based logins?
Sorry that's all questions & no answers but maybe some part of it will point you in the right direction.
Kelly
----
On Sun, May 2, 2010 at 4:17 PM, Robert Dyck <rbdyck2@shaw.ca> wrote:
I am also trying to set up ssh. I installed OpenSSH on Ubuntu server, and downloaded WinSCP for my Windows computer. Both machines are in my home office right now, but the server will be relocated to a business office. I will continue to administer the server so want access from my home office. I need the server to be secure, so I want to use key authentication. My client machine is Windows so I can't run ssh-copy-id, so I just copied the .pub file to the server then copied it to authorized_keys. It's rejecting my key. I have passwords enabled for testing, but want to disable passwords when I actually connect through the internet. I tried to have WinSCP generate the keys and copy the .pub file to the server, and I generated keys on the server and copied the private key to my Windows desktop. WinSCP requires "importing" the private key, it adds some of it's own stuff such as the client's MAC address. Either way the server just rejects the key.
I have ensured PubkeyAuthentication is yes, AuthoriedKeysFile is uncommented, and issued the ssh restart command after each change to the server's config file.
What am I doing wrong?
Rob Dyck
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
Have you tried puttygen? (same place you get putty) It'll load or generate a putty keypair.When you have a keypair loaded, it shows you the exact string you will paste into authorized_keys on the server. Sean On Sun, May 2, 2010 at 10:24 PM, Kelly Leveille <kel@kelweb.ca> wrote:
Rob,
Is the Ubuntu server "rejecting your key" during the SSH login session? Are there any logs available from either WinSCP or from the SSH server? I think SSHD can provide some verbose real-time logging which might detail the error. Are trying to login as root when testing the keyed & password based logins?
Sorry that's all questions & no answers but maybe some part of it will point you in the right direction.
Kelly
----
On Sun, May 2, 2010 at 4:17 PM, Robert Dyck <rbdyck2@shaw.ca> wrote:
I am also trying to set up ssh. I installed OpenSSH on Ubuntu server, and downloaded WinSCP for my Windows computer. Both machines are in my home office right now, but the server will be relocated to a business office. I will continue to administer the server so want access from my home office. I need the server to be secure, so I want to use key authentication. My client machine is Windows so I can't run ssh-copy-id, so I just copied the .pub file to the server then copied it to authorized_keys. It's rejecting my key. I have passwords enabled for testing, but want to disable passwords when I actually connect through the internet. I tried to have WinSCP generate the keys and copy the .pub file to the server, and I generated keys on the server and copied the private key to my Windows desktop. WinSCP requires "importing" the private key, it adds some of it's own stuff such as the client's MAC address. Either way the server just rejects the key.
I have ensured PubkeyAuthentication is yes, AuthoriedKeysFile is uncommented, and issued the ssh restart command after each change to the server's config file.
What am I doing wrong?
Rob Dyck
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
-- Sean Walberg <sean@ertw.com> http://ertw.com/
I've had a similar problem because I wasn't thinking and didn't restart the ssh daemon. ( on ubuntu its invoke-rc.d ssh restart ). Robert
participants (9)
-
John Lange -
Kat -
Kelly Leveille -
Mike Pfaiffer -
Peter O'Gorman -
Rob Guderian -
Robert Dyck -
Robert Keizer -
Sean Walberg