Page 1 of 1

ssh to RPi externally

Posted: Wed May 22, 2013 8:59 am
by skeniver
Hi there,

I am trying to set up my Pi so that I can ssh to it from work. I have a static IP at home and have assigned the Pi a static IP too. I've also port forwarded port 1024 to port 22 on the router and assigned it to the Pi.

But I still can't connect from outside the LAN. I have allowed incoming ssh traffic in the iptables:

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
and allowed verbose logging for ssh. Trying to log in logs this:

Code: Select all

May 22 09:53:01 raspberrypi CRON[2699]: pam_unix(cron:session): session opened for user pi by (uid=0)
May 22 09:53:01 raspberrypi sudo:       pi : TTY=unknown ; PWD=/home/pi ; USER=root ; COMMAND=/usr/bin/python /hom$
May 22 09:53:01 raspberrypi sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 22 09:53:07 raspberrypi sudo: pam_unix(sudo:session): session closed for user root
May 22 09:53:07 raspberrypi CRON[2699]: pam_unix(cron:session): session closed for user pi
Can anyone help me get this working?

Re: ssh to RPi externally

Posted: Wed May 22, 2013 9:24 am
by Davespice
Hi there
When I forward ports I tend to keep the number the same on both sides.
So here is my suggestion.

Forward port say... 49500 on your router to 49500 on your Pi.

On the Pi, edit the SSH server config, like so;

Code: Select all

cd /etc/ssh
sudo nano sshd_config
Look for these lines near the top of the file.

Code: Select all

# What ports, IPs and protocols we listen for
Port 22
Add this line just below Port 22.

Code: Select all

Port 49500
Press Ctrl - X, Y and enter to save and quit.

This will make the SSH server on the Pi listen on port 49500. Reboot the Pi for this to take effect.
Now try to conenct externally again but this time use port 49500.

Code: Select all

ssh *yourIP* -l pi -p 49500

Re: ssh to RPi externally

Posted: Wed May 22, 2013 10:42 am
by sprinkmeier

Code: Select all

Chain INPUT (policy ACCEPT)
The firewall is allowing traffic by default, so no need for the ssh rule.

If you've set a static address on the RasPi, did you set a gateway too?

Code: Select all

ip route
Can you get any logging out of your gateway?
Can you run

Code: Select all

sudo tcpdump -npi any tcp port 22
on the RasPi and then try to log in, both from the local network and remotely?

Re: ssh to RPi externally

Posted: Thu May 23, 2013 12:20 pm
by skeniver
Hi,

Dave: I've changed the port forward to use the same ports and added Port 40075 to the sshd_config, but still no luck.

Here's part of the ssh_config file:

Code: Select all

# What ports, IPs and protocols we listen for
Port 22
Port 40075

# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
sprink: Here is the contents of my /etc/network/interfaces file:

Code: Select all

auto lo

iface lo inet loopback
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.254

allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp
and here is the result of a tcpdump for port 40075:

Code: Select all

sudo tcpdump -npi any tcp port 40075
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
13:10:08.019704 IP 82.132.237.233.47223 > 192.168.1.100.40075: Flags [S], seq 3766328526, win 49640, options [mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
13:10:08.019917 IP 192.168.1.100.40075 > 82.132.237.233.47223: Flags [S.], seq 876497901, ack 3766328527, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 5], length 0
13:10:09.143729 IP 82.132.237.233.47223 > 192.168.1.100.40075: Flags [S], seq 3766328526, win 49640, options [mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
13:10:09.143896 IP 192.168.1.100.40075 > 82.132.237.233.47223: Flags [S.], seq 876497901, ack 3766328527, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 5], length 0
13:10:09.219539 IP 192.168.1.100.40075 > 82.132.237.233.47223: Flags [S.], seq 876497901, ack 3766328527, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 5], length 0
13:10:11.219539 IP 192.168.1.100.40075 > 82.132.237.233.47223: Flags [S.], seq 876497901, ack 3766328527, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 5], length 0
13:10:11.405923 IP 82.132.237.233.47223 > 192.168.1.100.40075: Flags [S], seq 3766328526, win 49640, options [mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
13:10:11.406089 IP 192.168.1.100.40075 > 82.132.237.233.47223: Flags [S.], seq 876497901, ack 3766328527, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 5], length 0
13:10:15.219539 IP 192.168.1.100.40075 > 82.132.237.233.47223: Flags [S.], seq 876497901, ack 3766328527, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 5], length 0
13:10:15.911016 IP 82.132.237.233.47223 > 192.168.1.100.40075: Flags [S], seq 3766328526, win 49640, options [mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
13:10:15.911183 IP 192.168.1.100.40075 > 82.132.237.233.47223: Flags [S.], seq 876497901, ack 3766328527, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 5], length 0
13:10:17.021221 IP 82.132.237.233.47223 > 192.168.1.100.40075: Flags [R], seq 3766328527, win 49640, length 0
Does this provide any clues? Thanks again