Nocxy
Posts: 11
Joined: Sat Apr 27, 2019 1:51 pm

Remote SSH connection

Sat Apr 27, 2019 2:06 pm

Hi

I just bought a Raspberry Pi 3 B+. I'm currently using a Mac. I need to connect in SSH to get rid of mouse/keyboard/screen. At the moment, everything seems to work... at least in the same subnet. I changed the port in

Code: Select all

nano /etc/ssh/sshd_config
I forwarded the port 2400 in my router as shown below. I never had to forward a port so maybe did I do something wrong.
Screenshot 2019-04-27 at 15.59.03.png
Screenshot 2019-04-27 at 15.59.03.png (159.98 KiB) Viewed 1157 times
It works when I try

Code: Select all

ssh pi@192.168.1.12 -p 2400
I verified on yougetsignal and my port 2400 is open for 192.168.1.12.

When I try to connect with my external IP address, it doesn't work.

Here's what I tried:

Code: Select all

ssh -p 2400 pi@myIPaddress
What did I do wrong ?

Thanks a lot in advance.

User avatar
B.Goode
Posts: 9023
Joined: Mon Sep 01, 2014 4:03 pm
Location: UK

Re: Remote SSH connection

Sun Apr 28, 2019 4:26 pm

Welcome to the Raspberry Pi forums.

When I try to connect with my external IP address, it doesn't work.

In what context did you do that test?

Was your Mac workstation on a Lan external to your home network? (ie. were you really calling home from 'the Internet'?)

If you were calling from your Mac on the local lan: my understanding is that some home broadband routers don't permit a workstation on the home Lan to make this sort of 'boomerang' (or 'trombone') connection.

(And you have already confirmed that a connection within the Lan works as expected, so you are not being denied a service.)
Last edited by B.Goode on Sun Apr 28, 2019 5:12 pm, edited 1 time in total.

Andyroo

Re: Remote SSH connection

Sun Apr 28, 2019 4:40 pm

You could hunt for a free ssh proxy (such as https://www.ssh-free.com/webproxy/) but I’m a bit dubious over these as this is direct access to the command line rather than the webserver :roll:

No disrespect to any folk who provide this service - I’m just uncomfortable with the idea personally.

Edit: Changing the port only helps a bit unless your ISP blocks it. More and more scanners check ports for activity rather than service and then check services on that port :cry:

Nocxy
Posts: 11
Joined: Sat Apr 27, 2019 1:51 pm

Re: Remote SSH connection

Mon Apr 29, 2019 9:00 am

Thank you for your answers.

My computer and my Raspberry were in the same subnet. I would like to connect to it while I'm in front of it to make sure that I would be able to do so when I'm not in the same network. I can only connect using the internal IP address.

Currently I am behind a TP-Link A7 router that I'm trying to configure. I put port 2400 as internal and external.

User avatar
B.Goode
Posts: 9023
Joined: Mon Sep 01, 2014 4:03 pm
Location: UK

Re: Remote SSH connection

Mon Apr 29, 2019 9:40 am

I would like to connect to it while I'm in front of it to make sure that I would be able to do so when I'm not in the same network. I can only connect using the internal IP address.



Almost certainly a restriction in your home broadband Internet router.

Port forwarding is probably only implemented for data arriving from a source that is on the Internet side of the router. In your test, that is not the case.

Nocxy
Posts: 11
Joined: Sat Apr 27, 2019 1:51 pm

Re: Remote SSH connection

Mon Apr 29, 2019 10:32 am

I tried to connect in network sharing with my smartphone connected in 4G. I get Operation timed out. I thought my current 20 Mbps down would be enough to connect.

Andyroo

Re: Remote SSH connection

Mon Apr 29, 2019 10:44 am

Nocxy wrote:
Mon Apr 29, 2019 10:32 am
I tried to connect in network sharing with my smartphone connected in 4G.
SSH is not 'network sharing', you need a terminal emulator that handles SSH on your phone.
Nocxy wrote:
Mon Apr 29, 2019 10:32 am
I thought my current 20 Mbps down would be enough to connect.
Way more than needed so thats not an issue.

Are you sure the Pi has internet access?
Does the Pi have a firewall blocking port 2400?
Is SSH up and running and listening to port 2400:

Code: Select all

sudo netstat --tcp --listening --programs --numeric
will give you something like:

Code: Select all

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      463/sshd            
tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      3071/vncserver-x11- 
tcp6       0      0 :::22                   :::*                    LISTEN      463/sshd            
tcp6       0      0 :::5900                 :::*                    LISTEN      3071/vncserver-x11- 
and you are looking for :2400 as sshd

Nocxy
Posts: 11
Joined: Sat Apr 27, 2019 1:51 pm

Re: Remote SSH connection

Mon Apr 29, 2019 10:51 am

I connected my smartphone in 4G so that my computer (connected in network sharing to my smartphone) would be in another network.

I get this :

Code: Select all

Active Internet Connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:2400            0.0.0.0:*               LISTEN      441/sshd            
tcp6       0      0 :::2400                 :::*                    LISTEN      441/sshd
The Pi accepts to ping www.rust-lang.org.

Andyroo

Re: Remote SSH connection

Mon Apr 29, 2019 10:59 am

Can you run

Code: Select all

ssh -v -p 2400 pi@myIPaddress
This gives a debug log (-v is verbose mode) of what ssh is doing.

Nocxy
Posts: 11
Joined: Sat Apr 27, 2019 1:51 pm

Re: Remote SSH connection

Mon Apr 29, 2019 1:33 pm

It took a while after the 4th line (debug1: Connecting to myIPaddress [myIPaddress] port 2400.).

I get this :

Code: Select all

OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to myIPaddress [myIPaddress] port 2400.
debug1: connect to address myIPaddress port 2400: Operation timed out
ssh: connect to host myIPaddress port 2400: Operation timed out

User avatar
Cancelor
Posts: 759
Joined: Wed Aug 28, 2013 4:09 pm
Location: UK

Re: Remote SSH connection

Mon Apr 29, 2019 1:49 pm

Inside your net you will ssh to an IP something like 192.168.1.12 but from the internet you would have to use the IP given to your router by your ISP, it will not be a 192.168.x.x IP it will be more like 23.201.16.56

Go to https://www.whatismyip.com/ to find the external IP of your router. I would suggest you don't post it here when you do find it ;-)

Also I'm looking at the service / third column of the router config ... I would think this should be ssh as opposed to none?
Last edited by Cancelor on Mon Apr 29, 2019 2:04 pm, edited 1 time in total.
Can't find the thread you want? Try googling : YourSearchHere site:raspberrypi.org

Nocxy
Posts: 11
Joined: Sat Apr 27, 2019 1:51 pm

Re: Remote SSH connection

Mon Apr 29, 2019 1:58 pm

I wouldn't hide it if I were using my internal IP.

Btw, I tried to copy the ssh_config file but my command failed

Code: Select all

scp -P 2400 pi@192.168.1.176:ssh_config /etc/ssh
scp: ssh_config: No such file or directory

User avatar
Cancelor
Posts: 759
Joined: Wed Aug 28, 2013 4:09 pm
Location: UK

Re: Remote SSH connection

Mon Apr 29, 2019 2:05 pm

Also I'm looking at the service / third column of the router config ... I would think this should be ssh as opposed to none?
Can't find the thread you want? Try googling : YourSearchHere site:raspberrypi.org

Nocxy
Posts: 11
Joined: Sat Apr 27, 2019 1:51 pm

Re: Remote SSH connection

Mon Apr 29, 2019 2:16 pm

As I mentioned, I hid it because it was my external IP.

Do you know why I can't transfer this file from the Pi to my computer ?

I don't understand which third column you're talking about.

User avatar
B.Goode
Posts: 9023
Joined: Mon Sep 01, 2014 4:03 pm
Location: UK

Re: Remote SSH connection

Mon Apr 29, 2019 2:33 pm

I don't understand which third column you're talking about.

See the image in your initial post....

Nocxy
Posts: 11
Joined: Sat Apr 27, 2019 1:51 pm

Re: Remote SSH connection

Mon Apr 29, 2019 2:41 pm

Oh right.

I don't use this anymore. It was at my family's. It's the ISP's modem and if I select "SSH" I can only redirect port 23 (22 for telnet etc).

Right now I'm using my TP-Link A7.
Screenshot 2019-04-29 at 16.40.12.png
Screenshot 2019-04-29 at 16.40.12.png (150.92 KiB) Viewed 996 times
In "Service Type", I can only select DNS, FTP, GOPHER, HTTP, NNTP, POP3, PPTP, SMTP, SOCK or TELNET.

Can you tell me what's wrong with the scp transfer ?

Ernst
Posts: 1267
Joined: Sat Feb 04, 2017 9:39 am
Location: Germany

Re: Remote SSH connection

Mon Apr 29, 2019 2:59 pm

Nocxy wrote:
Mon Apr 29, 2019 2:16 pm
As I mentioned, I hid it because it was my external IP.

Do you know why I can't transfer this file from the Pi to my computer ?

I don't understand which third column you're talking about.
To get ssh to work you need to take one step at a time, be aware of where you are and where you want to go, and where the services are located. When you do not succeed then gather information, make it presentable and ask for help.

The first information you should provide is what you have installed on the raspberry pi/PC, this may not be relevant but it can help.
What we would like to know is how the raspberry pi is connected to the network and the IP address / subnet mask
The next piece of information would be what is the operating system installed on the (client) PC and how this device is connected to the network and the IP address / subnet mask

Important: do not hide any information if you are using a network like 192.168.x.x

Are both devices in the same subnet ? That means IP addresses in the same network using the same subnet mask ?

The first test is to confirm that the (client) PC can communicate to the Raspberry Pi within the local network.
Before you start change the ssh port on the Raspberry back to 22, there is no need to hide the internal port number
Use the ssh on your PC to connect to the raspberry pi, if this is not successful use -v and show the result in your reply.
---
About your scp problem: did you read the error message ? Where is the file you would like to transfer ? (and why)
You must be aware that scp from the raspberry pi to your PC requires that sshd (or similar) must be running on your PC.
If you do not have an sshd service installed on your PC you will not be able to connect to the PC.
---
If you local test was successful change the port forwarding on your router to forward external port 2400 to the internal IP address of your raspberry pi on port 22. Then use your phone as a mobile access point for your PC. Try ssh using the external address with port 2400.
Important: You can not connect to the Pi using the external address when the PC is connected to the local network , your PC must be connected to the external network (aka internet).
Note: depending on your router / mobile access point both the PC and the raspberry pi may show a similar network, this is not wrong because the router and the access point will translate the internal addresses for external communication.
---
Final note: are you sure that you want the whole world trying to break into your raspberry pi ? Even with a changed port you must be aware that there will be attempts to connect. It is highly recommended to change the password to something very difficult, it is even more recommended to disable ssh password access on the pi and to use public/private keys only.
The road to insanity is paved with static ip addresses

Andyroo

Re: Remote SSH connection

Mon Apr 29, 2019 3:11 pm

The TP-Link A7 supports a VPN so that would be a safer option https://www.tp-link.com/us/support/faq/1545/


I cannot make out from this section of the manual https://www.tp-link.com/us/user-guides/ ... ub-title-1 if you have to set the service type - if so you may have to move the Pi into the DMZ. It would be worth setting this up and trying it to see if the issue clears and then you know it’s a router problem.

Nocxy
Posts: 11
Joined: Sat Apr 27, 2019 1:51 pm

Re: Remote SSH connection

Mon Apr 29, 2019 3:44 pm

@Ernst : You just mentioned what I already answered to : when I use the 4G of my smartphone to connect my computer, I can't connect in SSH either.
Btw, as I already mentioned, I only hide when it is my external address and I can connect in SSH under the same subnet as written in the first post.

My IPaddress and netmask:

Code: Select all

inet 192.168.1.176  netmask 255.255.255.0
I didn't install anything except Rust support today. I also updated with apt-get.

Pi is currently connected via ethernet and my laptop via wifi. I currently use macOS on my laptop.

For the scp, I posted what I wrote in the terminal. I would like to transfer the sshd_config file to my computer.

---

Quite surprising...

ssh -v -p 2400 pi@myIPaddress
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to myIPaddress [myIPaddress] port 2400.
debug1: connect to address myIPaddress port 2400: Operation timed out

---

I didn't consider generating keys as "installing" something so I didn't mentioned it above.. I generated a 4096-bits key, then disabled password and passphrase when I use my laptop and I transfered the content of the public key to authorized_keys.

@Andyroo: I didn't understand what you meant. Did you ask me to put 192.168.1.176 (Pi's internal IP address) in the DMZ zone ? How would I be able to access it?

Andyroo

Re: Remote SSH connection

Mon Apr 29, 2019 4:00 pm

I suggested the DMZ just to test if the router will allow the port the be passed through or if it’s your ISP that blocking incoming traffic.

I understand it’s pointless in there long run for you but it may answer the router question - I think it’s either that or your ISP as the Pi is working LAN side.

Nocxy
Posts: 11
Joined: Sat Apr 27, 2019 1:51 pm

Re: Remote SSH connection

Mon Apr 29, 2019 4:14 pm

I get the same thing.

I think I could maybe try with "raspberrypi@myIPaddress" but if it were the problem I wouldn't get the debug messages...

I found a solution here and I tried it both on my computer and on the Raspberry Pi :

Code: Select all

pi@raspberrypi:~ $ time echo 'exit' | telnet portquiz.net 443
Trying 52.47.209.216...
Connected to portquiz.net.
Escape character is '^]'.
Connection closed by foreign host.

real	0m0,062s
user	0m0,005s
sys	0m0,015s
pi@raspberrypi:~ $ time echo 'exit' | telnet portquiz.net 2400
Trying 52.47.209.216...
Connected to portquiz.net.
Escape character is '^]'.
Connection closed by foreign host.

real	0m0,059s
user	0m0,012s
sys	0m0,008s
I thought it would mean that the Pi can access whatever it wants to.

I guess the best thing to do right now would be formatting it...

I tried to disable the rule and connect with port 22:

Code: Select all

ssh -v pi@myIPaddress
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to myIPaddress [myIPaddress] port 22.
debug1: connect to address myIPaddress port 22: Operation timed out
ssh: connect to host myIPaddress port 22: Operation timed out

Ernst
Posts: 1267
Joined: Sat Feb 04, 2017 9:39 am
Location: Germany

Re: Remote SSH connection

Mon Apr 29, 2019 4:55 pm

What was the result of step 1 ?
The road to insanity is paved with static ip addresses

Nocxy
Posts: 11
Joined: Sat Apr 27, 2019 1:51 pm

Re: Remote SSH connection

Wed May 01, 2019 6:09 pm

The first test is to confirm that the (client) PC can communicate to the Raspberry Pi within the local network.
Before you start change the ssh port on the Raspberry back to 22, there is no need to hide the internal port number
Use the ssh on your PC to connect to the raspberry pi, if this is not successful use -v and show the result in your reply.
Is it the first step that you're talking about ? I already confirmed that in the first post.

How can I scp from the Raspberry? I can scp to the Raspberry but not folders. Is it normal?

User avatar
B.Goode
Posts: 9023
Joined: Mon Sep 01, 2014 4:03 pm
Location: UK

Re: Remote SSH connection

Wed May 01, 2019 8:55 pm

How can I scp from the Raspberry? I can scp to the Raspberry but not folders. Is it normal?

"How can I scp from the Raspberry? "

Pretty much as with an intra-system copy using cp, just specify the source and destination filenames. man scp will show you the syntax for specifying remote host filenames.

" I can scp to the Raspberry but not folders. Is it normal?"

Does that mean you can copy individual files, but not directory structures? Again, refer to the documentation.

Ernst
Posts: 1267
Joined: Sat Feb 04, 2017 9:39 am
Location: Germany

Re: Remote SSH connection

Wed May 01, 2019 9:04 pm

Nocxy wrote:
Wed May 01, 2019 6:09 pm
The first test is to confirm that the (client) PC can communicate to the Raspberry Pi within the local network.
Before you start change the ssh port on the Raspberry back to 22, there is no need to hide the internal port number
Use the ssh on your PC to connect to the raspberry pi, if this is not successful use -v and show the result in your reply.
Is it the first step that you're talking about ? I already confirmed that in the first post.

How can I scp from the Raspberry? I can scp to the Raspberry but not folders. Is it normal?
Don't worry, you have arrived on my ignore list. Next time consider that there a many forum volunteers helping those who need help. When I spend quite a bit of time to write a post then I expect that the same attention is used to craft a reply.
The road to insanity is paved with static ip addresses

Return to “Beginners”