# ssh access not working

## mystified

I had to allow a technical support team that has the software for our support board ssh access into my Gentoo box so they could check some configuration files.  I told them my ip and username and password.  They told me they couldn't ssh in, that the operation just timed out.  I can ssh to other servers, I can ssh between boxes.  I don't understand why they couldn't ssh into my box.  I have port 22 open for ssh.  Any ideas?  Except for maybe they're not bright enough to know how to use ssh?   :Very Happy:   And yes, I know what a great security risk it was but I had no choice.  If they had been able to get in I was going to change my password and then call my isp and have them assign me a new ip.Last edited by mystified on Mon Apr 30, 2007 6:04 pm; edited 1 time in total

----------

## nahpets

Is your company firewall blocking port 22?  Can they ping your machine from the outside?

----------

## mystified

No, there's nothing blocking it.  I don't know if they could ping it as they didn't say so.  I can ask someone else to try.

----------

## mystified

I had someone else try and they could not ping me.

----------

## nahpets

So there must be a firewall somewhere blocking traffic to your Gentoo box from the outside world.  Do you have a firewall such as Shorewall installed on the Gentoo box?  Maybe a local firewall is blocking pings and port 22.

----------

## mystified

I haven't installed any firewalls because I have SP and a NAT firewall on my router.

----------

## timeBandit

 *mystified wrote:*   

> I haven't installed any firewalls because I have SP and a NAT firewall on my router.

 Do you have the router configured to forward port 22 on your external IP to the same port on the internal (NAT'ed) IP of the machine running SSH?

----------

## mystified

I'm not sure what you mean.  Do you want me to configure portforwarding for port 22 using my external ip address?

----------

## timeBandit

Sorry: Your NAT router has an IP address on the WAN, assigned by your ISP. That's the IP I presume you gave the support personnel. The box running your SSH server is behind the router and has a private or internal IP address not visible outside your LAN. On the router, are you forwarding port 22 from the WAN to the internal address of the machine running SSH? (Typically it's "virtual server" or "port forwarding" setup or something like that.)

----------

## mystified

Ok, think I found the problem.  I got assigned a new internal ip for this computer so I had to change it in my router.

Edit: nope that didn't work.

----------

## nahpets

 *mystified wrote:*   

> Ok, think I found the problem.  I got assigned a new internal ip for this computer so I had to change it in my router.
> 
> Edit: nope that didn't work.

 

But is your router configured to forward incoming traffic on port 22 to the Gentoo box?  By default, your router should be blocking all traffic, which is probably what's going on.

----------

## mystified

Right now it's configured for Port Forwarding ssh starting and ending port 22 Server IP 192.168.1.2

I don't know what settings I need to disable blocking incoming traffic.

----------

## bunder

 *mystified wrote:*   

> I don't know what settings I need to disable blocking incoming traffic.

 

you can't.  that is a design feature of a nat router.  port forwarding is your only option.

----------

## mystified

Are you saying that no one can ssh into my box from outside then?

----------

## nahpets

If you set up port forwarding properly, then it should work.  What router are you using?  I'm sure if you google, you'll be able to find a 'howto' telling you how to configure ssh port forwarding for your specific router.

----------

## bunder

sorry for the confusion, but nahpets has it right.

cheers

----------

## mystified

That's what I don't understand.  I currently have it configured the way it should be.  I have port forwarding, service ssh, port 22, ip 192.168.1.2 which is the ip of this computer.  Yet it doesn't work.    :Sad: 

----------

## nahpets

How are you testing if port forwarding works?  Can you ssh into 192.168.1.2 from another computer on your network?  Also, if you try sshing into your router from one of your local machines, do you get redirected to the ssh server?

----------

## mystified

I can ssh into my computer from my laptop just fine. If I try to ssh into my router nothing happens.  It just times out.

----------

## imanassypov

dude,

not only do you need port forwarding, but you also need to have a NAT setup on that firewall of yours, something that would translate your private ip address which nobody sees out on the internet, to an ip address that belongs to your external segment. Worse come to worst, you can port-overload if you have just one external ip address available.

----------

## karlh-voip

Tell me what kind of router you are using and I should be able to guide you through the settings, as I am familiar with most router configs these days.

----------

## mystified

I have a Netgear WGT624.  And I'm not a dude.    :Wink: 

----------

## nahpets

You can also try a simple test by using a DDNS service like no-ip.com.  Setup an url from no-ip like 'mystified.hopto.org' to point to your router.  From a test machine, you can try 'ssh mystified.hopto.org'.  This should make your connection request to port 22 look like it's coming from outside your network, and your router should forward the request to 192.168.1.2 if you've setup port forwarding correctly.

Also, is it possible that your ISP is blocking incoming SSH connections?

----------

