I have recently set up a local machine and a laptop, using noip.com, so that I can access the local (host) machine, via my laptop whilst I'm away on a trip - see my previous question here
Everything worked fine - until I thought I would give the machine (and router) a cold reboot - before going away for a couple of months. After following all of the previous steps given to me in my previous questions, I find I can't login back to the server machine from my laptop.
Here are the salient facts:
- Host machine (to be logged into) has SSH service running
- Host machine has static IP address configured (same IP as I was using before)
- No-IP update client is running on the host machine
- I can SSH into host machine from my laptop, when I'm on the same LAN, by using the local IP address 192.168.x.x
- The registered NO-IP address has not expired (I only registered it a few days ago - and I double checked by logging into my account - it has any correct public facing IP address)
- Port forwarding has been set up on the router, with SSH running on the default port of 22.
[[UPDATE]]
$sudo ufw status
To Action From
22 Allow Anywhere
22(v6) Allow Anywhere (v6)
Fail2ban has been installed on the host machine and was working well with my previous setup. I have currently stopped the service, whilst I try to figure out what is going on.
SSH has been set up on the host machine with the following config:
- Port 22
- PermitRootLogin no
- PubkeyAuthentication yes
- PasswordAuthentication no
When I attempt to SSH remotely, using my registered hostname from no-ip, I get the following error (this used to work fine until yesterday):
ssh -v [email protected]
OpenSSH_6.9p1 Ubuntu-2ubuntu0.1, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to myhostname.ddns.net [80.189.109.195] port 22.
debug1: connect to address xxx.yyy.zzz.123 port 22: Connection refused
ssh: connect to host myhostname.ddns.net port 22: Connection refused
Can anyone see what may be going wrong?. I have a flight in a few hours time, and I desperately need to get this sorted out, so I can remotely access my local machine from my laptop.
A few things to check, in order of most likely IME,
Port forwarding. Unless your machine is directly accessible from the internet on
80.xxx.yyy.zzz, that's probably a router's address. You need to tell that router to forward traffic on Port 22 on to your computer. This is router-specific. The best single resource for this is PortForward.com.I see no mention of this here or on the previous question so this seems most likely.
Firewalls can allow traffic from some locations and not others. I don't know what you've set up in this regard but if you're using UFW,
sudo ufw statusshould let you see any deny/allow patterns that affect that port./etc/ssh/sshd_configmight be set up to only allow connections on a certain network. This isn't the default behaviour so again, this will have been something you've inadvertently done.If you've installed
fail2ban, is it possible you've already triggered one of its its automated bans from your external IP?Before you push this onto the Internet using near-stock settings, I'd strongly suggest you read an article I wrote on making SSH secure. People get hacked through inadequate security practices all the time and a SSH server is a direct line to total control.