Re: ssh tunnelling testing [solved]
On Mon, 7 Dec 2020 20:23:28 +0100
john doe <johndoe65534@mail.com> wrote:
> On 12/7/2020 8:11 PM, Gary Dale wrote:
> > On 2020-12-07 14:03, john doe wrote:
> >> On 12/7/2020 7:54 PM, Gary Dale wrote:
> >>> On 2020-12-07 13:24, john doe wrote:
> >>>> On 12/7/2020 6:38 PM, Gary Dale wrote:
> >>>
> >>>>
> >>>>> (actually through the /etc/hosts file using the server's name).
> >>>>>
> >>>>> I've set up port forwarding on both my routers (I have an inner
> >>>>> network
> >>>>> and an outer one, using the outer network for devices I don't
> >>>>> really control). I can access my Apache2 server on the inner
> >>>>> network by forwarding port 80 on the outer network to the WAN
> >>>>> address of the inner
> >>>>> router and forwarding that to my server. Pointing my browser to
> >>>>> the external IP address of the outer router brings up the
> >>>>> default page - which I can change so I know it's the actual
> >>>>> local page > However, when I try to ssh to the same address, it
> >>>>> just times out.
> >>>>>
> >>>>> I've compared the sshd.conf file on my local server to one on a
> >>>>> remote server and they are identical. The only uncommented
> >>>>> lines are:
> >>>>>
> >>>>> PasswordAuthentication no
> >>>>> ChallengeResponseAuthentication no
> >>>>> UsePAM yes
> >>>>> X11Forwarding yes
> >>>>> PrintMotd no
> >>>>> AcceptEnv LANG LC_*
> >>>>> Subsystem sftp /usr/lib/openssh/sftp-server
> >>>>>
> >>>>>
> >>>>> Any ideas on what's going wrong?
> >>>>
> >>>> - This looks like your port forwarding is not working...
> >>>> - What are the logs saying?
> >>>> - Is the SSH server allowing access from the outside?
> >>>>
> >>>>
> >>>> Note that it is unclear to me how you can test outside access
> >>>> from the inside.
> >>>>
> >>> Your first point is what I am complaining about. The outer router
> >>> doesn't have a log function and an ssh attempt never shows up on
> >>> the inner router. As I explained in the initial post, I've set up
> >>> the port forwarding to allow it and the sshd.conf file is
> >>> identical to one that allows access from the outside.
> >>>
> >>> I can test outside access from the inside by trying to connect to
> >>> the external address. As with my browser example, the request
> >>> goes to the device that has the particular IP address being
> >>> sought. That is the external port on the outer router. I can also
> >>> ssh to the external port on the inner router (which I can't think
> >>> of a reason to do except for testing). Interestingly, this works
> >>> but doesn't get logged.
> >>>
> >>>
> >>>
> >>
> >> Sorry, I'm lost at your setup, the only thing that I can say is
> >> that something looks to be rong with regard to your firewall
> >> config.
> >
> > The thing is the forwarding setup is the same for port 22 as it is
> > for port 80. I know that the port 80 forwarding is working so why
> > isn't the port 22 forwarding?
> >
> > I still don't know the answer to that one, but when I changed the
> > external port to something else (on the outer router), it started
> > working.
>
> Something is rong if it works that way.
>
> You did not use the same rule for both port 80 and 22, if yes, this
> would mean that port 22 and 80 are redirected to port 80, which is not
> what you want.
>
> In other words, you need one rule per redirect port.
>
> > Now I just have to remember to set the -p option in ssh to
> > connect.
> >
> >
>
> To avoid the -p option:
>
> $ cat ~/.ssh/config
> Host sshserver
> HostName <FQDN-TO-USE>
> Port <PORT-TO-USE>
>
> $ ssh sshserver
>
>
You can also put all the TCP port tunneling rules there, along with the
path to the key (you are using keys, are you not?).
--
Joe
Reply to: