[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh tunnelling testing

On 2020-12-07 13:24, john doe wrote:
On 12/7/2020 6:38 PM, Gary Dale wrote:
I'm running Debian/Buster on various servers, including my home server.
I'm trying to set up an ssh tunnel that I can use post-pandemic in case
I need to access my home network remotely. I'm already doing this to
various remote servers so I thought this should just work, since I can
already access my home server locally using its 192.168... address

Is it a classe C private Ipv4 address?

I thought that was obvious.

(actually through the /etc/hosts file using the server's name).

I've set up port forwarding on both my routers (I have an inner network
and an outer one, using the outer network for devices I don't really
control). I can access my Apache2 server on the inner network by
forwarding port 80 on the outer network to the WAN address of the inner
router and forwarding that to my server. Pointing my browser to the
external IP address of the outer router brings up the default page -
which I can change so I know it's the actual local page > However, when I try to ssh to the same address, it just times out.

I've compared the sshd.conf file on my local server to one on a remote
server and they are identical. The only uncommented lines are:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem       sftp    /usr/lib/openssh/sftp-server

Any ideas on what's going wrong?

- This looks like your port forwarding is not working...
- What are the logs saying?
- Is the SSH server allowing access from the outside?

Note that it is unclear to me how you can test outside access from the

Your first point is what I am complaining about. The outer router doesn't have a log function and an ssh attempt never shows up on the inner router. As I explained in the initial post, I've set up the port forwarding to allow it and the sshd.conf file is identical to one that allows access from the outside.

I can test outside access from the inside by trying to connect to the external address. As with my browser example, the request goes to the device that has the particular IP address being sought. That is the external port on the outer router. I can also ssh to the external port on the inner router (which I can't think of a reason to do except for testing). Interestingly, this works but doesn't get logged.

Reply to: