Connecting to an SSH server behind a NAT

I am having trouble connecting to an SSH server behind a NAT on an ubuntu workstation. I've installed openssh package(both the client and the server) and forwarded port 22 through the NAT and tried to connect remotely:

ssh sebi@xxx.xxx.xxx.xxx

However, the connection is being refused. I ran iptables -L which gives:

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Afterwards, I added an entry for all inbound connections on port 22

sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

The issue is not fixed. After having read about SSH port forwarding I noticed that I had to add the following line

GatewayPorts yes

to /etc/ssh/sshd_config on the server box. I've restarted the service but I still can't connect. Is there something I'm missing?

Sebi

Posted 2014-01-31T22:34:13.353

Reputation: 874

You do not need GatewayPorts for this. That setting is not at all relevant to what you are doing. The problem is very likely something configure on your router performing the NAT. In any case, just do something simple like running tcpdump -qni any port 22 on the ssh server, then attempt to connect. If you don't see any output then your NAT is not working. – Zoredache – 2014-01-31T22:45:29.260

Answers

I've managed to fix it. Apparently a fresh reinstall of openssh-server does the trick. It is highly recommended that the previous installation is completely removed. Run the following:

sudo apt-get remove --purge openssh-server
sudo apt-get install openssh-server

Sebi

Posted 2014-01-31T22:34:13.353

Reputation: 874

The current amount of information is not sufficient to diagnose your problem. You can increase the verbosity of the connection on both server and client, and this output might include key info to solve your problem.

On your server, restart ssh as follows:

    sudo service ssh stop
    sudo /usr/sbin/sshd -d

This starts the server in the debug mode, which means it does not go into the background and it produces error messages to standard error.

On the server side, you start the connection attempt with

    ssh me@remote_server -vvv

When you have this output, post the relevant bits here, and several people will be able to help you (not just me).

MariusMatutiae

Posted 2014-01-31T22:34:13.353

Reputation: 41 321

+1 There seems to have been some issues with the certificates. I haven't gone into the details as reinstalling the package solved the issue. – Sebi – 2014-02-02T13:04:37.493