0
I have run into some issues with my home ssh server that i want to connect to from outside of the home. I will describe what i have done and how i have attempted to fix it.
My home computer is windows 10. I was recommended from putty's website to use bitvise ssh server which i have installed. I can access the server with sftp from inside my LAN just fine.
on my router i have the following port forwards and firewall rules
TCP port 22 allow all(IN) pointed to 192.168.0.10(my win10 pc)
Just in case the above does not work:
TCP port 8022 allow all(IN) pointed to 192.168.0.10
The firewall had a rule for ssh allowed by default, so i had to add just the 8022
Now, windows firewall has been configured the same way as my router firewall. All port forwards and firewalls have been configured correctly. All private/public keys are working as they should.
Here is the issue. I try to connect via the public IP address. All i get is a 10060 error and no pop ups from bitvise stating someone is trying to login. I looked up error 10060 and its a timeout error. I have followed all troubleshooting steps from bitvise and still will not connect. I even tried using protocol obfuscation on both the client and server with a special keyword, still will not work:(
What else can i do to make this ssh server work over the internet? Did i miss a step with my router or windows machine?
thanks
EDIT: right as i hit submit for this question my server poped up saying: accepted ssh connection from 5.x.x.x (north amaerica) terminated ssh connection from 5.x.x.x due to bad obfuscation keyword
this is good news, at least SOMEONE is getting in hahaha, but why not me??? or my friend who just tried. no hits on server log at all
this has never happened and i didnt change anything. its been 3 days haha
Lt72884
Posted 2019-12-11T18:47:02.073
Reputation: 1
Would bet it's the same as https://superuser.com/questions/1504819/unable-to-access-local-server-using-fqdn-but-can-access-from-internet/ again.
– user1686 – 2019-12-11T19:01:57.043ok, im reading that now. I do have an interesting thing happening as we speak. my server just poped up saying accepted ssh from 192.168.0.10 but failoed due to bad password and key??? i do not have any ssh clients open at all, but this just happened 3 times in the last minute from an INSIDE private ip that happened to be my actual server machine. – Lt72884 – 2019-12-11T19:21:42.230
I finished the article you posted. My issue is different than theirs. I can actually login to my ssh server via my LAN. To confirm that port forwards are working, i just setup a minecraft server on port 8022 and had someone at their home try and connect to it and they were able to. So the port forward is working just fine. I just cant access the ssh server outside the dang router haha – Lt72884 – 2019-12-11T19:34:44.173
1You said you "try to connect via the public IP address". Do you try this when actually being outside the LAN? – user1686 – 2019-12-11T19:37:35.293
yes:) and still no go. However, i found another thread by you, that seems to shed some light.. the ssh encapsulation is indeed different than, lets say, minecraft. the beginning header, or envelope tells what service it is. maybe its being dropped at the service level because its ssh and not just a typical protocol? because NOTHING hits the logs of my server from the outside world.. Except once from tha 5.x.x.x. – Lt72884 – 2019-12-11T19:40:02.017
ok, to confirm. I have tried ssh over a bunch of random ports including 443. I tried 443 based on the notion that https is port 443, BUT like you said in this article:https://superuser.com/questions/1471825/issues-with-ssh-from-an-external-ip?rq=1 the PAYLOAD is encrypted, not the beginning of the encapsulation. Meaning, what if my isp is blocking ssh at their end? i have heard of this, especially with port 80 so people cant run their own websites for business without paying for the "business" line from the ISP?? if it is true, how does one mimic HTTPS with SSH?? i saw stunnel mentioned? thnks
– Lt72884 – 2019-12-11T22:24:52.843NEW INFORMATION:
As per my ISP, they do not BLOCK ssh or the port. I have directly spoken to their engineers.
Next piece of new information. I do know for a fact that the roputer and friewall are working correctly because i turned on the server last night for ONE hour test. I put its listening port as port 22. with in 15 minutes i had 35 attempts from outsiders trying to get in, most likely scans. Thats the good news. here is the bad news, i have tried from 10 differnt public pc,s outside my house, all of which never even hit the server, the packets are droppd "flow socket error 10060" – Lt72884 – 2019-12-18T17:24:19.337
continuation: The server never even gets the chance to at least reject my attempts like it does with the other 35 from last night. All my attempts from the 10 pc's i tried, including at my parents house, friends house and school, all yield the same result. They never even hit the server. But yet i had 35 attempts from other users, and they were all rejected from the server itself because of bad credentials – Lt72884 – 2019-12-18T17:32:37.003