unable to connect server using ssh from outside of home netw

hi,

I am using ssh to connect my suse linux enterprise server.I am able to
connect if i am in the home networ but if i try to connect from outside
home network i am getting the following errors.

Network:connection timeout
Network:connection refused.

I already forwarded port 22 in my router.I have been trying to resolve
this issue from past 2 day,but no success.Can any one please help how to
resolve this issue.

/etc/ssh # ps -ef | grep sshd
root      4009     1  0 16:45 ?        00:00:00 /usr/sbin/sshd -o
PidFile=/var/run/sshd.init.pid


Here is my sshd_config and ssh_config Files.

:/etc/ssh # cat sshd_config
#	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped
with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 22
#AddressFamily any
ListenAddress 192.168.2.102
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

LoginGraceTime 600
PermitRootLogin no
StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys

# For this to work you will also need host keys in
/etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable support for the deprecated 'gssapi'
authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is
included
# in this release. The use of 'gssapi' is deprecated due to the
presence of 
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not
susceptible to.
#GSSAPIEnableMITMAttack no


# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem sftp	/usr/lib64/ssh/sftp-server

# This enables accepting locale enviroment variables LC_* LANG, see
sshd_config(5).
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
LC_MESSAGES 
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
AcceptEnv LC_IDENTIFICATION LC_ALL
AllowTcpForwarding yes
Compression yes
MaxAuthTries 6
PermitRootLogin no
PrintMotd yes
PubkeyAuthentication yes
RSAAuthentication no

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	ForceCommand cvs server


/etc/ssh # cat ssh_config
#	$OpenBSD: ssh_config,v 1.23 2007/06/08 04:40:40 pvalchev Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a
comprehensive
# list of available options, their meanings and defaults, please see
the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no

# If you do not trust your remote host (or its administrator), you
# should not forward X11 connections to your local X11-display for
# security reasons: Someone stealing the authentification data on the
# remote side (the "spoofed" X-server by the remote sshd) can read
your
# keystrokes as you type, just like any other X11 client could do.
# Set this to "no" here for global effect or in your own ~/.ssh/config
# file if you want to have the remote X11 authentification data to 
# expire after two minutes after remote login.
ForwardX11Trusted yes

#   RhostsRSAAuthentication no
#   RSAAuthentication yes
PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
ConnectTimeout 200
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
Port 22
Protocol 2
#   Cipher 3des
#   Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no 

# Set this to 'yes' to enable support for the deprecated 'gssapi'
authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is
included
# in this release. The use of 'gssapi' is deprecated due to the
presence of 
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not
susceptible to.
#   GSSAPIEnableMITMAttack no

# This enables sending locale enviroment variables LC_* LANG, see
ssh_config(5).
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
LC_MESSAGES 
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
SendEnv LC_IDENTIFICATION LC_ALL


-- 
ukatru
------------------------------------------------------------------------



0
ukatru
11/20/2009 3:06:07 AM
novell.sles.configure 3559 articles. 0 followers. Follow

6 Replies
520 Views

Similar Articles

[PageSpeed] 36

On Fri, 20 Nov 2009 03:06:07 GMT
ukatru <ukatru@no-mx.forums.novell.com> wrote:

> 
> hi,
> 
> I am using ssh to connect my suse linux enterprise server.I am able to
> connect if i am in the home networ but if i try to connect from
> outside home network i am getting the following errors.
> 
> Network:connection timeout
> Network:connection refused.
> 
> I already forwarded port 22 in my router.I have been trying to resolve
> this issue from past 2 day,but no success.Can any one please help how
> to resolve this issue.
Hi
Maybe your ISP is blocking inbound ports like ssh? 

I wouldn't open port 22 on the internet, too many script kiddies. Move
the ssh port to something like 12222 on the router and forward that to
the host port 22.

-- 
Cheers Malcolm ��� (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.37-0.1-default
up 4 days 0:25, 4 users, load average: 0.00, 0.04, 0.06
GPU GeForce 8600 GTS Silent - CUDA Driver Version: 190.18

0
malcolmlewis
11/20/2009 3:29:26 AM
Hi,

I have laready checked that by using port check tool,here is the
output.

Success: I can see your service on 99.60.49.161 on port (22)
Your ISP is not blocking port 22


-- 
ukatru
------------------------------------------------------------------------
ukatru's Profile: http://forums.novell.com/member.php?userid=70628
View this thread: http://forums.novell.com/showthread.php?t=393350

0
ukatru
11/20/2009 5:06:06 AM
On Fri, 20 Nov 2009 05:06:06 GMT
ukatru <ukatru@no-mx.forums.novell.com> wrote:

> 
> Hi,
> 
> I have laready checked that by using port check tool,here is the
> output.
> 
> Success: I can see your service on 99.60.49.161 on port (22)
> Your ISP is not blocking port 22
>
Hi
Then maybe the port forwarding on you router isn't working?

If you check the system logs do you see anything in the firewall or
messages log file in /var/log/

Just did a quick nmap on the posted ip address and no ports are open...

-- 
Cheers Malcolm ��� (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.37-0.1-default
up 4 days 2:16, 4 users, load average: 0.25, 0.13, 0.10
GPU GeForce 8600 GTS Silent - CUDA Driver Version: 190.18

0
malcolmlewis
11/20/2009 5:22:00 AM
when i see the log messgaes the port number is always changing.

Nov 19 19:09:50 poojitha sshd[4664]: Server listening on 192.168.2.102
port 12223.
Nov 19 19:12:17 poojitha sshd[4664]: Received signal 15; terminating.
Nov 19 19:12:17 poojitha sshd[5152]: Server listening on 192.168.2.102
port 22.
Nov 19 19:13:14 poojitha sshd[5273]: Did not receive identification
string from 69.169.175.176
Nov 19 19:13:56 poojitha sshd[5157]: Accepted keyboard-interactive/pam
for ukatru from 192.168.2.101 port 2446 ssh2

Nov 19 19:16:45 poojitha sshd[5395]: Accepted keyboard-interactive/pam
for ukatru from 192.168.2.101 port 2466 ssh2


-- 
ukatru
------------------------------------------------------------------------
ukatru's Profile: http://forums.novell.com/member.php?userid=70628
View this thread: http://forums.novell.com/showthread.php?t=393350

0
ukatru
11/20/2009 6:06:06 AM
On Fri, 20 Nov 2009 06:06:06 GMT
ukatru <ukatru@no-mx.forums.novell.com> wrote:

> 
> when i see the log messgaes the port number is always changing.
> 
> Nov 19 19:09:50 poojitha sshd[4664]: Server listening on 192.168.2.102
> port 12223.
> Nov 19 19:12:17 poojitha sshd[4664]: Received signal 15; terminating.
> Nov 19 19:12:17 poojitha sshd[5152]: Server listening on 192.168.2.102
> port 22.
> Nov 19 19:13:14 poojitha sshd[5273]: Did not receive identification
> string from 69.169.175.176
> Nov 19 19:13:56 poojitha sshd[5157]: Accepted keyboard-interactive/pam
> for ukatru from 192.168.2.101 port 2446 ssh2
> 
> Nov 19 19:16:45 poojitha sshd[5395]: Accepted keyboard-interactive/pam
> for ukatru from 192.168.2.101 port 2466 ssh2
> 
> 
Hi
I just tried here on a SLES11 VM coming from rootshell.be and it
connected fine.

[CODE]
Nov 20 07:13:57 sles11vm sshd[13118]: 
Accepted keyboard-interactive/pam for malcolml from 192.168.10.249 port
57574 ssh2 

Nov 20 07:27:17 sles11vm sshd[13811]: 
Accepted keyboard-interactive/pam for malcolml from 66.7.149.161 port
38420 ssh2
[/CODE]

So it must be the sshd configuration, can you roll back to the default
ssh configuration and see if it works? Then can work through your
changes.

-- 
Cheers Malcolm ��� (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.37-0.1-default
up 4 days 10:28, 4 users, load average: 0.10, 0.19, 0.18
GPU GeForce 8600 GTS Silent - CUDA Driver Version: 190.18

0
malcolmlewis
11/20/2009 1:34:04 PM
* ukatru (Fri, 20 Nov 2009 03:06:07 GMT)
> I am using ssh to connect my suse linux enterprise server.I am able to
> connect if i am in the home networ but if i try to connect from outside
> home network i am getting the following errors.
> 
> Network:connection timeout
> Network:connection refused.
> 
> I already forwarded port 22 in my router.I have been trying to resolve
> this issue from past 2 day,but no success.Can any one please help how to
> resolve this issue.

See if the port forwarding works (use tcpdump to see if the packets on 
port 22 are actually arriving), make sure the firewall is stopped, run 
ssh with -vvv.

Thorsten
0
Thorsten
11/20/2009 11:00:08 PM
Reply:

Similar Artilces:

Unable to connect to local host web server and unable to use ASP.Configuration tool
Am having trouble with Visual Web Developer 2005 express since I installed it. Have repaired it several times to no avail. Anytime I try to run or debug a project I get the message "Unable to connect to Visual Studio's Local Host Web Server". I get this message how ever I try to run the browser such as F5, using run in browser commands, or using ASP.NET configuration on the web site menu option, or running debug. Every time I take one of these actions I get an icon on my task bar showing the local host and port#. The only way I can get  the browser...

8.0.3 (5002): Selecting from proxy table gives -656 Unable to connect to server 'server': Connection in use"
ASA 8.0.3, selecting from a proxy table, and the proxy table is on the same machine/engine. On one machine, we're getting: "Unable to connect to server "B": [Sybase][ODBC Driver]Connection in use" error 656 So, database "A" is trying to connect to database "B" and failing. I've never seen this one before. The only other database connections are from Mobilink and another application of ours, and they are only connecting to database "A". Even with Mobilink not running (and our application), and only using DBISQLC ...

Connection loss when copying from server to server using ssh
Hi All, I've tied this at three sites, and all sites/servers give the same issue. *Issue:* Using a openSUSE 11.0 system with GNOME trying to copy files from one server to another results in my network connection dying (it then reconfigures itself and dies again and keeps doing this until I abort the copy). To specify I'm first opening Nautilus to 'Server A' by ssh'ing to it (ssh://192.168.200.201 in this case), then open another Nautilus window to 'Server B' (ssh://192.168.200.202) : All is working dandy until I try to copy something from 'Ser...

Error Using DNS Provider Procedures--"The underlying connection was closed: Unable to connect to the remote server."
Hi, We are using the DNS Provider and DNS Client Component that comes with MPS Companion(Version 1.1). We have installed the DNS Provider in a Windows 2000 Server machine where core MPS is installed. We have installed the DNS Client Component in a Windows 2003 Server machine where DNS server is installed. When we try running the procedures CreateResourceRecord,RefreshDNSZone etc from the Windows 2000 Server using provtest utility it is throwing the floowing error "The underlying connection was closed: Unable to connect to the remote server." I am attaching a sa...

Unable to connect to database server using
We are running SQLAnywhere Server 5.5.03 Build 1666 on Window NT 4.0 for the last 4 years The server listens to the default port #1498 ( as it has been for the last 4 years). Our database size is 500 MB. This afternoon, all of a sudden the client applications were unable to connect to the database. We couldn't even connect to the database using ISQL or SQLCentral. We restared the NT server (cold-booted) twice, we restarted the client machines but no luck. We thought it might be a general network problem but it was not. PCAnywhere was working fine on the machine and it too liste...

Connecting to the Netware Server using ssh
Hi all, I am connecting to Netware Server using ssh 1.24 version. Here is th sample code for the same. use Net::SSH::Perl; use Net::SSH::Perl::Cipher; my $ssh = Net::SSH::Perl->new("xx.xx.xx.xx", cipher => "DES", interactive => "true", debug => 1); $ssh->login("username", "passwd"); # $ssh->login; my ($out, $in)=$ssh->open2("m xxx.nlm"); ( Previously i tried cmd but my consle screen hangs and does not go forward) close $in; while (<$out>) { # Proces...

connect a database in remote server (can connect to the server via SSH)
Hi, All: I am a new to perl. My perl code need to connect to the database in the remote server, and I can login that server via SSH. Can anyone give me a hint about how can I do that? Many thanks. On 7/17/07, zhangxiaoyu912@gmail.com <zhangxiaoyu912@gmail.com> wrote: > I am a new to perl. My perl code need to connect to the database in > the remote server, and I can login that server via SSH. Can anyone > give me a hint about how can I do that? Many thanks. Have you seen what's on CPAN? http://search.cpan.org/search?query=ssh&mode=all Good luck w...

help. when using Profile GetPropertyValue, I get the following connection error: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure
 Hi,I need some help. I am getting this error after I complete the asp.net register control and click on the continue button. It crashed when it tries to get it calls this Profile property((string)(this.GetPropertyValue("Address1")));When I look at the stack, it is coming from my ProfileWrapper class which adds user address, city, etc.. from a class which inherits fromSystem.Web.Profile.ProfileBase. From the stack, it is calling the System.Web.Profile and crashed when it tries to open a connection atSystem.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObj...

Error When Debugging (Unable to start debugging on the web server. Unable to connect to the web server. Varify that the web server is running and that incoming HTTP request are not blocked by a firewa
Hi, When im going to run asp.net website its giving this error. Unable to start debugging on the web server. Unable to connect to the web server. Varify that the web server is running and that incoming HTTP request are not blocked by a firewall.  please help me to solve this problem. Thank you. Pubudu  If you are running your site off of a different machine than you are developing on, you need to install and configure the Visual Studio Remote Debugger on that machine. try to change the address from http://localhost to http://yourIP...   i hope it's worked...mak...

unable to connect to server using enterprise manager
Server does not exist or access is denied ... Im trying to replicate a database (on web hosting server) my own local machine I have successfully registered the server in enterprise manager, i know i have username/password correct [server status shows a blank white dot??] Any ideas??? Maybe my network wont allow me, i cannot telnet to the server even specifying the particular port? I have managed to backup the database via services provided by web hosting company, is there a way i can expand the database from this backup file using enterprise manager surely??? TIA i manage...

unable to use telnet to connect to smpt server
I'm using something like telnet smtp.yahoo.com 25 and it comes back as not being able to connect to host on port 25. I don't have port 25 blocked anywhere. I turned off the firewall and even opened up port 25 on the hardware firewall router. Any ideas? If I ping it I can connect. -- imterpsfan2 ------------------------------------------------------------------------ Many ISPs are blocking outbound port 25. I cannot connect either. That is not the yahoo server that I am supposed to be using. Hmm, I cannot connect from a work system either, and I know th...

Unable to connect to SQL2005 server after configuring aspnet_regsql
Hello, I have configured my database on SQL server with aspnet_sqlreg and created the tables and stored procedures required. As my server is remote, i edited the machine.cofig.comments file in the C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG folder with the following connection string <connectionStrings>        <clear />              <add name="MySqlProviderConnection" connectionString="Data Source=??.136.14.???;Initial Catalog=AAAA;Persist Securi...

Monitoring ssh connectivity to a server using perl !
--20cf30334af3e9f60f0495badfad Content-Type: text/plain; charset=ISO-8859-1 Hi all, What's the best way to monitor ssh connectivity, and not just ssh port availability, to a server using perl assuming following constraints ? I tried for Net::SSH but public private key is not allowed. I tried for Net::SSH::Perl etc but these are not built in perl distribution (active perl on windows or part of perl distribution of linux / solaris). Can we do it via "IO::Socket::INET" ? Thanks & Regards, Amit Saxena --20cf30334af3e9f60f0495badfad-- --0016367b645217cbb...

Users refused SSH connection of home directory server.
I have an odd situation when using SSH connections for secure FTP file access on my NW6.5 servers. I've got two main data servers. Both are identical in setup: NW6.5SP8/eDir 8.8SP5 VM's running on identical Dell PE1950's attached to a Hitachi SAN array. One server hosts the users' home folders, the other holds data shared across the enterprise. I have a third data server at a remote campus. With the server that hosts the user's home folders, I've several accounts that are not able to connect. The server logs indicate a failed password. That same user,...

Web resources about - unable to connect server using ssh from outside of home netw - novell.sles.configure

First Capital Connect - Wikipedia, the free encyclopedia
( FCC ) is a British train operating company , owned by FirstGroup , operating the Thameslink Great Northern franchise . FCC operates passenger ...

Connect
mobile photography technology, culture and community www.dpreview.com News Reviews Features Phones Tablets Cameras Apps Forums Mobile photography ...

CloudCraze Connects Consumers To Facebook Brands Via Cloud Technology
Brands on Facebook are always looking for new, efficient ways to connect with customers . CloudCraze, which recently released its 3.0 e-commerce ...

Apple celebrates App Store records as it notes iTunes Connect’s usual holiday break
Apple has posted the dates of the usual holiday shutdown of iTunes Connect , running for eight days from 22 to 29 December inclusive. During ...

FishbowlNY Newsstand: Connect The Dots
FishbowlNY Newsstand: Connect The Dots

IFTTT gains support for Honeywell Total Connect Comfort with new channel
... creative ideas to make this even better and one of those is home automation. With that in mind, IFTTT is unveiling its Honeywell Total Connect ...

Hillary Clinton connects with Latina voters - Business Insider Deutschland
Clinton is building a targeted campaign infrastructure aimed at Latinas.

Crave giveaway: 128GB SanDisk Connect Wireless Stick
Win a $99.99 compact storage device for the mobile era that has its own Wi-Fi network built right in. Can't beat that for a Black Friday deal. ...

Google Search Connects Trump To Hitler
Searching for Trump's book suggests Mein Kampf as related search

Salesforce Connect Improves Data Integration for Enterprise Apps
Salesforce has renamed and updated its Lightning Connect services to help users access and manage data in external enterprise apps.

Resources last updated: 12/11/2015 6:58:53 AM