Re: possible ssh problem

To: debian-user@lists.debian.org
Subject: Re: possible ssh problem
From: Greg Wooledge <greg@wooledge.org>
Date: Fri, 29 Aug 2025 19:31:07 -0400
Message-id: <[🔎] 20250829233107.GI28172@wooledge.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 56670b01-6c6e-4d6d-a4e5-90c5ac8caf3e@aol.com>
References: <89fcd05c-ae05-49dd-a587-8929ed131de2.ref@aol.com> <[🔎] 89fcd05c-ae05-49dd-a587-8929ed131de2@aol.com> <[🔎] aLIsarFmm6WZZ9hg@mail.bitfolk.com> <[🔎] 56670b01-6c6e-4d6d-a4e5-90c5ac8caf3e@aol.com>

On Fri, Aug 29, 2025 at 16:01:53 -0700, Paul Scott wrote:
> On 8/29/25 3:40 PM, Andy Smith wrote:
> 1) Your dyndns.org entry is not pointing to the correct IP address.
> 
> ping and looking at my account on dyndns.org, the IP is correct.

Let's say your dyndns name is paul, so I can write meaningful sentences.

Do you mean you simply ran 'ping paul.dyndns.org' and then looked at
something on the dyndns.org web site (after logging in as paul), and
they happened to agree with each other?

Well of course they did.  This is meaningless.

What you need to compare are the IP in dyndns against your *actual IP*
address.

You can determine your actual IP address by doing something like

    curl http://wooledge.org/myip.cgi

There are many other sites that offer the same service.

> 2) Your ISP is blocking incoming connections, either on port 22 or on
>    all ports, before it hits your router/server.
> 
> I'm not sure how to determine that.

Not easily done, admittedly.  It's a process of elimination thing.  When
you've verified that EVERY single thing is in place and working, then
by process of elimination, if the incoming connections still aren't
working from multiple client systems, you might conclude that your ISP
has set up a firewall.

> 3) Your router is blocking incoming connections, either on port 22 or
>    on all ports.
> 
> 4) You've forgotten to configure your router to forward incoming port 22
>    to your internal host.
> 
> 5) You've configured your router to forward incoming port 22, but to the
>    wrong internal IP address.
> 
> I haven't knowingly changed anything on my router.

Instead of saying "I don't know", go *find out* the answers.  These are
prompts for you.  It's not a closed-book quiz.

Look at #4 for example.  Instead of shrugging and saying "I don't know",
go look at your router's configuration.  Log into it, and look at the
web interface it presents.  Find the place where port forwarding is
set up.  You MUST have set this up at some point, if it ever worked at
all.  This is not a thing that will ever work out of the box.

So, find where the port forwarding is configured, and LOOK at it.  See
if it's correct.  The internal IP address and port number that the ssh
connections are being forwarded to must match your Debian system's LAN
IP address and your sshd's listening port number.

You can get your Debian system's IP address using

    ip -brief addr

or a huge variety of similar/variant commands.

You can get your sshd's listening port using

    grep Port /etc/ssh/sshd_config

or by reading the whole file to see the lines in context.  Other ways
to accomplish a similar goal would include

    sudo ss -ntlp | grep sshd
    sudo lsof -i | grep sshd

and so on.  Those will look for an actual sshd process and see what
it's listening to.  The /etc/ssh/sshd_config file will show what the
sshd process *should* be listening to, if it's running, but won't
tell you that it's actually running.

Reply to:

Follow-Ups:
- Re: possible ssh problem
  - From: Paul Scott <waterhorsemusic@aol.com>

References:
- possible ssh problem
  - From: Paul Scott <waterhorsemusic@aol.com>
- Re: possible ssh problem
  - From: Andy Smith <andy@strugglers.net>
- Re: possible ssh problem
  - From: Paul Scott <waterhorsemusic@aol.com>

Prev by Date: Re: possible ssh problem
Next by Date: Re: lazy old guy asks question
Previous by thread: Re: possible ssh problem
Next by thread: Re: possible ssh problem
Index(es):
- Date
- Thread