SSH connection to an remote server from home PC

0

I am new to ssh and have been racking my brains for several days over connecting a home computer to an remote computer. I found out that I can't connect, as they are on different networks. I am sure that this problem has a simple solution, but after a day of futile searching for a solution to my problem, I have to resort to your help.

My remote server is located at the IP address 192.168.0.1, and my home computer is 192.168.18.118 Both are on the same port (temporarily) 1729. The only difference is the username, the home PC username is Thomas, and the remote username is Tom.

Help please solve this problem, the usual connection by typing in the username of the remote server, the IP address of the remote server and the port of the remote server end with a timeout error. Thank you very much in advance.

EDIT 14.10.2019

The problem is that I don’t know how to use all this. I don’t know how to use all this, because on the Internet I watched a half-tone video, articles and much more, but I couldn’t find a concrete explanation of how to connect two such computers via ssh. In addition, it was not possible to find even at least some example of how this is done. Assume that the global IP address of my home PC is 70.***.**.**, and the local address is 192.168.18.118. Also suppose that the global IP address of my remote PC is 75.***.**.**, and the local address is 192.168.0.1. Both included 1729 port and hostname archlinux, username of the home PC Thomas, and the remote Tom. Now the question is, how do I connect these two computers with each other, that is, how do I access from my home PC to a remote one and vice versa? I would be extremely grateful to all of you if you could help me connect my home computer to the remote, as I really need it.

Continue EDIT 14.10.2019

I tried the way you said and got the answer

ssh: connect to host 75.***.**.** port 1729: Connection timed out

For the sake of interest, I tried to connect to my home PC in this way, only with the global IP address of the home PC and with the username on the home PC, and I got this response

ssh: connect to host 70.***.**.** port 1729: Connection refused

EDIT 15.10.2019

$ ss -nltu                                                                                                                                                                                                     
Netid   State Recv-Q Send-Q  Local Address:Port  Peer Address:Port  
udp     UNCONN 0     0         0.0.0.0:68             0.0.0.0:*     
tcp     LISTEN 0     128       127.0.0.1:5432           0.0.0.0:*     
tcp     LISTEN 0     128       127.0.0.1:6463           0.0.0.0:*  
tcp     LISTEN 0     128       0.0.0.0:1729          0.0.0.0:*

How can I complete the process?

EDIT 16.10.2019

Answer to connect on home PC to global IP home PC:

$ ssh Thomas@70.***.**.**        
ssh: connect to host 70.***.**.** port 22: Connection refused

Answer to connect on home PC to global IP remote PC:

$ ssh Tom@75.***.**.** 
ssh: connect to host 75.***.**.** port 22: Connection timed out.

Result of scan home PC global address:

$ nmap 70.***.**.**  -p 22
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-16 00:44 +04
Nmap scan report for 70.***.**.**
Host is up (0.00039s latency).

PORT   STATE  SERVICE
22/tcp closed ssh

Nmap done: 1 IP address (1 host up) scanned in 0.35 seconds

When I scan global IP address my remote PC I give similar answer, but STATE indicate as filtered.

Atom

Posted 2019-10-12T22:34:25.220

Reputation: 1

Are you in power to configure network devices on the remote side? Or can you install software on the remote computer freely? Your question looks like your previous one in disguise, so the answers may be "no" and "no". The sooner it gets clear, the better. What about the local (home) side?

– Kamil Maciorowski – 2019-10-12T22:54:58.677

Thanks for the answer. I want to note that I have all the authority to do whatever I want with both computers. – Atom – 2019-10-13T08:11:29.950

SSH server would need to be set up on the remote PC with the server's port configured for DNAT on the WAN facing router the PC is behind. The RFC1918 subnet the server and client are on has no bearing, as the incoming connection to the server is inbound from WAN and will be seen as a connection from the remote PC's router's WAN IP. Since a port is being passed directly to the PC from the router with no firewalling, it's imperative the SSH server is configured for PKI auth only, with password auth disabled. – JW0914 – 2019-10-13T12:30:23.217

Thank you very much for the detailed answer. Honestly, I know all my addresses, both local and global, both on a remote PC and on my home. See details above, I edited my question. – Atom – 2019-10-14T15:18:08.927

Answers

0

The address of the remote server cannot be 192.168.*.*. This address range is for "local" LANs. It actuall looks like this:

  • your computer is on a local lan, all the devices on that LAN are in the 192.168.. range.
  • One of these devices (usually 192.168.0.1 or 192.168.0.254) is a router. To communicate outside the local LAN devices on the LAN send the packet to the router.
  • The other side of the router is connected to the internet. On that side it has a real internet address (outside the 192.168.. and 10...* ranges).
  • When any device on your LAN connects to the internet it appears as having the internet address of your router (go to https://www.showmyip.com/ to see the address of your router).

This true on the other side, given the 192.168.. address, the server is also on a local LAN, so to communicate with it, you have to know the internet address of the router connected to its local LAN.

But this won't be sufficient, because:

  • routers are normally configured to only let outbound connections through (you can start connections with internet addresses, but the internet cannot start connections to you)
  • assuming they let in inbound connections, routers cannot tell which local device is the intended receiver, because all they have is an address (but that's their own address) and a port. Bu they can be configured to forward all connections to a specific port (for instance, 1749) to a specific machine on the local LAN.

TLDR; you need 1) the actual internet address of your server or its router and 2) make sure that the router is adequately configured to let the connection happen.

PS: in a connection, only the target port is important.

Edit:

To connect to the server from your home PC, you just need to know the internet address (75.xxx.xx.xx) of the server and the port (1729 it seems in your case, otherwise the standard SSH port: 22).

Of course you also need a SSH client. With the command-line SSH, this gives ssh -p 1729 Tom@75.xx.xx.xx, and enter Tom's password when prompted. You can also use a GUI client, such as PuTTY. Configuration is also minimal, it just requires a host name or address and optionally a port.

This is the basics, with suitable configuration you can avoid entering a password, or use a key-bases authentication (which is usually safer unless you use a very, very long password).

Note that the connection is always from your PC to the server.

Edit#2

Checking the server. On a typical server:

ss -nltu
Netid  State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
tcp    LISTEN     0      80     127.0.0.1:3306                     *:*                  
tcp    LISTEN     0      128          *:22                       *:*                  
tcp    LISTEN     0      100          *:25                       *:*                  
tcp    LISTEN     0      128         :::80                      :::*                  
tcp    LISTEN     0      128         :::22                      :::*                  
tcp    LISTEN     0      100         :::25                      :::*                  
tcp    LISTEN     0      128         :::443                     :::*

This command lists the listening ports. 25 is a mailbox, 22 is SSH, 80 & 443 are the HTTP server, 3306 is the MySql DB (but it accepts connections only from the local host). The ':::' sockets are IPv6, and ':' are IPv4.

xenoid

Posted 2019-10-12T22:34:25.220

Reputation: 7 552

Thank you very much for the detailed answer. Honestly, I know all my addresses, both local and global, both on a remote PC and on my home. See details above, I edited my question. – Atom – 2019-10-14T15:17:59.280

@Atom See edited answer – xenoid – 2019-10-14T15:49:06.343

Fine. Thank you very much for the answer, but I have answer questions. :) Please, see edited question. – Atom – 2019-10-14T17:09:03.897

@atom Try with the standard port (22). But then since the server seems to be behind a router is the router config adequate (port forwarding)? – xenoid – 2019-10-14T17:59:58.797

The same result. :( I cannot unambiguously answer whether port forwarding is correct. Could you tell me how I can check this and find out? – Atom – 2019-10-14T18:08:26.737

@atom Either you have set up the router yourself and have configured it (URL to the user's manual?), or it is under the control of some admin and you will have to ask the admin. – xenoid – 2019-10-14T20:24:08.313

If you say where configured it I can answer on your question. I just setup ssh server... – Atom – 2019-10-14T20:34:30.727

@atom Then you have to 1) find out what ports are open on the server (see 2nd edit) and 2) find and admin... – xenoid – 2019-10-14T20:55:39.770

Please, show my last edit question and say how I can use that information? – Atom – 2019-10-14T21:07:07.290

@atom You indeed have something listening on port 1729 and since there is nothing on 22 this could be your SSH (I assume 5432 is a Postgres DB?). But if you have set up the SSH yourself, start by putting in back on port 22 unless you have been instructed to use port 1729. Port 22 is much more like to be already configured on routers and firewalls than a random port like 1729. What OS and versoin is running on the server? – xenoid – 2019-10-14T21:15:04.417

Well, tomorrow I will go to port 22 and let you know the result. Both have Arch Linux with the latest kernel version. The firewall is turned off for convenience. :) – Atom – 2019-10-14T21:25:50.947

I change two ports on 22, what I have do? – Atom – 2019-10-15T10:53:21.197

@Atom I don't understand the question? – xenoid – 2019-10-15T11:46:16.297

You say change port, I complete it. – Atom – 2019-10-15T17:39:49.073

Then retest from the client, using port 22... – xenoid – 2019-10-15T19:21:36.263

Both PC using 22 port. – Atom – 2019-10-15T19:49:04.467

And how is the connection going now? – xenoid – 2019-10-15T20:03:03.447

Please see in question. – Atom – 2019-10-15T20:59:33.663

Ok find someone to help on the server end. – xenoid – 2019-10-15T21:22:17.583

I.e. on the remote PC? – Atom – 2019-10-15T21:34:00.227

Asked: 2019-10-12T22:34:25.220

Viewed: 138 times

Active: 2019-10-15T20:57:12.773