Linux CentOs: Setup ssh & sftp


I have a desktop server which has CentOs 5. When im on the same LAN with the desktop server, i'm able to ssh but not when i tried to ssh from the public IP. How do i setup ssh and sftp for public IP??

The iptables result is:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps 
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere       state RELATED,ESTABLISHED 
ACCEPT     all  --     anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     esp  --  anywhere             anywhere            
ACCEPT     ah   --  anywhere             anywhere            
ACCEPT     udp  --  anywhere            udp dpt:mdns 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:hosts2-ns 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:8140 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 


Posted 2012-01-06T14:07:52.287

Reputation: 149

You need to run the sshd daemon on your server side in order to be able to ssh to it. It should be easy to install. Configurating sshd is done in /etc/ssh/sshd_config as far as I know. Make sure your config allows listening on some port n which you use, and that it does listen to the right ip address. – None – 2012-01-06T15:03:44.787



If there is a separate router that connects your LAN to the Internet, that router probably uses NAT, in which case you need to set up port forwarding for port 22 (hint: make the outside port something different to reduce the rate of attacks recorded in logs).

If this isn't the problem, consider updating your question with details of network arrangements.


Posted 2012-01-06T14:07:52.287

Reputation: 70 632

I agree. Since it's working on the same LAN and your SSH rule is from anywhere, it's not a problem with the local firewall. – Aaron Copley – 2012-01-06T17:48:12.013