SSHHowto router's firewall setting

Asked by Carl David on 2009-03-24

The SSHHowto says "you might need to tell your router's firewall to allow connections to port 22" but doesn't say how to do this. I'm used to SSHing into a RedHat Linux, which allowed access from home to an office computer. Now, having upgraded to Ubuntu, I can't work from home. Connection is refused. Can someone help?
Thanks
Carl David
(<email address hidden>)

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu openssh Edit question
Assignee:
No assignee Edit question
Solved by:
marcobra (Marco Braida)
Solved:
2009-03-26
Last query:
2009-03-26
Last reply:
2009-03-24
Tomasz 'Zen' Napierala (tzn) said : #1

Hi,
First, what are you trying to achive? Are you trying to ssh into your home computer running Ubuntu or are you trying to ssh from your home Ubuntu box to another machine?

Carl David (carl-david) said : #2

First, what are you trying to achive? Are you trying to ssh into your
home computer running Ubuntu or are you trying to ssh from your home
Ubuntu box to another machine?

NEITHER. I'm trying to SSH from a PuppyLinux installation at home (one
128M storage) to an office Ubuntu machine behind the Univerisity's
firewall, and
And default fire walls on the Ubuntu machine.
Carl
p.s. thanks for the help!!!!!

Craig Huffstetler (xq) said : #3

On your router you need to go to Port Forwarding and know the I.P. address of your local computer and remote computer.

Ffor example, if the computer running Ubuntu on the University computer is 192.168.1.1 then know that. Then go into the University's Firewall, or contact an administrator, and have them open the port "22" or the SSHd port for the specific I.P. address you are going to SSH in from.

You need to port forward, or open access, for the specific port SSH listens from (usually 22) and forward it to the computer you want SSH access on. In most cases it is privileged to do such things. For you university they will want to know the computer you are coming from (the I.P. address), the reason, etc. and they will forward that port (22) directly the SSH daemon on the computer you are trying to access. Thus this will allow you access on the computer.

If it's NOT just the router or JUST a firewall, the same thing applies. They need to edit the rules (or you need to edit the rules) to allow access from your home computer's I.P. address to access the specific computer and port (22) or whatever the SSH daemon is being run on.

Both of these threads would be good for you to read:
http://www.linuxquestions.org/questions/susenovell-60/allowing-ssh-from-internet-via-router-port-forward.-440099/
and
http://www.ssh.com/support/documentation/online/ssh/adminguide/32/Port_Forwarding.html
or
http://rimuhosting.com/howto/firewall.jsp

Sincerely,

Craig

Craig Huffstetler (xq) said : #4

What router do you have? This may help. It's all in port forwarded, I believe. However the phrase of your question leads to me multiple conclusions and/or answers.

Where are you SSHing to? What is your goal (access to -- from what location)? Do you know the port? Do you know the IP addresses? Is it just home from work? Or work from home?

Craig

Please ask to your system admin first, (i'm sure he will not happy to listen what are you trying to do, you will break the corporate policy) then:

I think you must tunnel your ssh connection... http://en.wikipedia.org/wiki/Tunneling_protocol

http://souptonuts.sourceforge.net/sshtips.htm

Please read this page http://www.freebsd.org/doc/en/books/handbook/openssh.html starting from "14.11.8 SSH Tunneling" and try similar on Ubuntu.

Hope this helps

Carl David (carl-david) said : #6

Forgive my naivety. The problem was that an old Red Hat installation had been replaced with a Ubuntu installation with the same (static) IP. When accessed from home, the known_sites included the old RedHat rather than either none or the new Ubuntu site.
Thanks to all who tried to help!
Carl David