Results 1 to 7 of 7

Thread: Remote ssh = Connection Timed Out

  1. #1
    Join Date
    Oct 2008
    Location
    Sunny Arizona
    Posts
    251

    Default Remote ssh = Connection Timed Out

    I've got sshd running on my home machine, and can start an ssh connection from any of the other computers on my home network. However, I can't connect to it from my office computer (or any other computer outside my home LAN). When I try, I get a "connection timed out" error.

    I've setup my router to forward port 22, and have it opened in the firewall. Is there something I'm missing that I need to enable to allow ssh access from outside the LAN?

    I don't have access to my office router, so I'm unable to forward port 22 on the "client" computer. Is this necessary?

    Thank you.

  2. #2
    Join Date
    Oct 2008
    Location
    Sunny Arizona
    Posts
    251

    Default Re: Remote ssh = Connection Timed Out

    More info, here is my /etc/ssh/sshd_config file:

    Code:
    #	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
    
    # This is the sshd server system-wide configuration file.  See
    # sshd_config(5) for more information.
    
    # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
    
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented.  Uncommented options change a
    # default value.
    
    #Port 22
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::
    
    # Disable legacy (protocol version 1) support in the server for new
    # installations. In future the default will change to require explicit
    # activation of protocol 1
    Protocol 2
    
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
    
    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 1024
    
    # Logging
    # obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    #LogLevel INFO
    
    # Authentication:
    
    #LoginGraceTime 2m
    #PermitRootLogin yes
    #StrictModes yes
    #MaxAuthTries 6
    #MaxSessions 10
    
    #RSAAuthentication yes
    #PubkeyAuthentication yes
    #AuthorizedKeysFile	.ssh/authorized_keys
    
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    
    # To disable tunneled clear text passwords, change to no here!
    PasswordAuthentication no
    #PermitEmptyPasswords no
    
    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    
    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    
    # Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
    # mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
    # in this release. The use of 'gssapi' is deprecated due to the presence of 
    # potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
    #GSSAPIEnableMITMAttack no
     
    
    # Set this to 'yes' to enable PAM authentication, account processing, 
    # and session processing. If this is enabled, PAM authentication will 
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication.  Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    UsePAM yes
    
    #AllowAgentForwarding yes
    #AllowTcpForwarding yes
    #GatewayPorts no
    X11Forwarding yes 
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #TCPKeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #UseDNS yes
    #PidFile /var/run/sshd.pid
    #MaxStartups 10
    #PermitTunnel no
    #ChrootDirectory none
    
    # no default banner path
    #Banner none
    
    # override default of no subsystems
    Subsystem	sftp	/usr/lib64/ssh/sftp-server
    
    # This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
    AcceptEnv LC_IDENTIFICATION LC_ALL
    
    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    #	X11Forwarding no
    #	AllowTcpForwarding no
    #	ForceCommand cvs server
    There are a ton of options in there that I didn't know about.

    Does anybody know if one of these options blocks external access?

  3. #3
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,973

    Default Re: Remote ssh = Connection Timed Out

    As long as you do not specify any restriction on systems to connect in your sshd config, there is no difference for systems outside/inside the LAN there.

    Did you try if you have connection from one system to the other with e.g. traceroute?
    Henk van Velden

  4. #4
    Join Date
    Oct 2008
    Location
    Sunny Arizona
    Posts
    251

    Default Re: Remote ssh = Connection Timed Out

    Got it! I did some more searching and apparently my isp blocks port 22. (Comcast sucks!) I changed to a different port and now it works great

    Thanks for your response hcvv. Next step = NX!

  5. #5
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Remote ssh = Connection Timed Out

    It's a good idea to use a different port from 22 anyway. Too many script kiddies trying password guessers on the port. Mostly an annoyance filling up the logs.

  6. #6
    Join Date
    Oct 2008
    Location
    Sunny Arizona
    Posts
    251

    Default Re: Remote ssh = Connection Timed Out

    Quote Originally Posted by ken_yap View Post
    It's a good idea to use a different port from 22 anyway. Too many script kiddies trying password guessers on the port. Mostly an annoyance filling up the logs.
    Yeah, I was planning on switching once I made sure it was all working correctly anyway, so I guess i should have just done it to begin with...

  7. #7
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Remote ssh = Connection Timed Out

    And if you put an entry in .ssh/config for the host, you can use short hostnames, not have to remember the special port, and specify the username.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •