Unable to ssh ubuntu server from internet

Question

I am having a similar problem to why can i not ssh using my domain name but works with ip address?.

When I perform the command ssh username@subdomain.domain.us I am told that my connect is refused but when I do ssh username@X.X.X.X It works. I am using Dynamic DNS through NameCheap but my ip for my subdomain information on NameCheap is updating correctly. So I do not believe that the server itself is the issue.

A nslookup subdomain.domain.us returns the same IP that NameCheap is displaying for my server.

I believe the issue is my router in some way. I am using a Linksys Smart Wi-Fi as my router. For my router I have set my server's hardware address to always receive the same intranet ip, and have set port forwarding up as well (external port 22 routes to X.X.X.X:22). Any help would be appreciated!

cat /etc/ssh/sshd_config

#Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
ListenAddress X.X.X.X #My static intranet ip
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin prohibit-password
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem subdoamin /usr/lib/openssh/subdomain-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

When ssh -vvv username@subdomain.domain.us is run, it outputs this result

SSH_7.6p1, OpenSSL 1.0.2l  25 May 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "subdomain.domain.us" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to subdomain.domain.us [X.X.X.X] port 22. //External IP (that is dynamic but successfully being updated via ddclient)
debug1: connect to address X.X.X.X port 22: Connection refused
ssh: connect to host subdoamin.domain.us port 22: Connection refused

When ssh -vvv username@subdomain.domain.us is run it outputs

OpenSSH_7.6p1, OpenSSL 1.0.2l  25 May 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "X.X.X.X" port 22 //Internal Static IP
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to X.X.X.X [X.X.X.X] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/MY_Desktop/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/My_Desktop/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/My_Desktop/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/My_Desktop/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/My_Desktop/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/My_Desktop/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/My_Desktop/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/My_Desktop/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to X.X.X.X:22 as 'username'
debug3: hostkeys_foreach: reading file "/c/Users/MY_Desktop/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /c/Users/My_Desktop/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from X.X.X.X
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:7OXcsquhqptwXSXOt2ovKt2rPNOnEsHoP55GCkwgL6w
debug3: hostkeys_foreach: reading file "/c/Users/My_Desktop/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /c/Users/My_Desktop/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from 192.168.1.146
debug1: Host 'X.X.X.X' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/My_Desktop/.ssh/known_hosts:2
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /c/Users/My_Desktop/.ssh/id_rsa (0x0)
debug2: key: /c/Users/My_Desktop/.ssh/id_dsa (0x0)
debug2: key: /c/Users/My_Desktop/.ssh/id_ecdsa (0x0)
debug2: key: /c/Users/My_Desktop/.ssh/id_ed25519 (0x0)
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /c/Users/My_Desktop/.ssh/id_rsa
debug3: no such identity: /c/Users/My_Desktop/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /c/Users/My_Desktop/.ssh/id_dsa
debug3: no such identity: /c/Users/My_Desktop/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /c/Users/My_Desktop/.ssh/id_ecdsa
debug3: no such identity: /c/Users/My_Desktop/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /c/Users/My_Desktop/.ssh/id_ed25519
debug3: no such identity: /c/Users/My_Desktop/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

From here it asks for me to verify the user's password which I do. It will then allow me access to the server.

/--EDIT #3 --/

When I ssh -vvv username@externalIP -p 8888 from outside the domain to port 8888 (Which is redirected to 22 on the target machine) It causes terminal to hang and then eventually end the command.

OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /Users/My_Desktop/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "externalIP" port 8888
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to externalIP [externalIP] port 8888.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/My_Desktop/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/My_Desktop/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/My_Desktop/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/My_Desktop/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/My_Desktop/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/My_Desktop/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/My_Desktop/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/My_Desktop/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
ssh_exchange_identification: Connection closed by remote host

Terminates in this message

score 0 · Accepted Answer · 2017-12-03T20:49:04.940

So based on clarifications in the comments, The IP Address in question that you're using sounds like it's your "internal" IP address?

I read your question as testing via the DDNS provided full hostname {subdomain.ddnsdomain}, and then trying to connect via the external IP address, with the qualified domain not working, yet the external IP address would.

I believe now that I understand that you're testing with your external domain-name vs an internal IP address?

If connecting via the DDNS provided domain-name, and the external IP address both provide the same "Connection refused" error, then the issue isn't DNS/Name-resolution/hostname related [which was the debugging path I was initially going down].

EDIT

In your config, try to comment out line: ListenAddress Restart the sshd service:

service ssh restart

Then try again.

If that doesn't work, then in the config file on the server, change the port number to something above 1059 [8888 is good], restart the sshd service, then in your router setup port forwarding for port 8888/TCP.

Then in your client specify port 8888. That should at least let you know if your ISP is blocking port 22.

If this works... I looked up the Linksys WiFi admin that you mentioned, and it looks like you can do different external/internal port forwards, so if 8888 worked, then you can change you SSHD config back to port 22 (just so it's normalized), then in your router forward external port 8888 to internal port 22 for the internal IP address.

Unable to ssh ubuntu server from internet

1 Answers1