0

Foreword

  • I do have an public IP, which I can verify on WhatIsMyIPAddress;
  • When I try to connect to my computer from the outside via any of these 
    ssh myusername@mypublicIP
ssh -p 22 myusername@mypublicIP
ssh -p 2222 myusername@mypublicIP
...
    I see no output for a while and, eventually, I get this error 
    ssh: connect to host mypublicIP port 2222: Connection timed out
    This is expected, I believe, as I've not configured the port forwarding yet (for any port).

My attempt to configure port forwarding for SSH

So I proceed to try configuring it in my router's config page¹.

The router config page allows doing so via two interfaces: SIMPLIFIED PORT MAPPING and PORT MAPPING, but with neither of them do I have success:

  • When I try via PORT MAPPING, as soon as I set the Internal port to 22, I see the following error, and the Add button becomes greyed out, so I can't finalize the setting

The selected port is not available, as it is currently used for interior of your FASTGate services.

enter image description here

  • When I try via SIMPLIFIED PORT MAPPING, I successfully finalize the setting (I just have to select SSH on port 2222 in/out and my computer from a dropdown menu, and hit Add, but when I try sshing into my machine from the outside, I get 
    $ ssh -p 2222 myusername@mypublicIP
ssh: connect to host mypublicIP port 2222: Connection refused
    which tells me that the configuration I've done is having some effect, because I get a refused error instead of timed out, but something is still not quite right. enter image description here

Fwiw, my router is from my provider (I'm in Italy), FastWeb.

Improve this question
14
  • Your description seems incomplete – which external port to which internal port did you end up configuring in the router? And which ports did you configure sshd to listen on? E.g. you're trying to connect to port 2222, but under "PORT MAPPING" you don't mention actually trying to add a rule for it.
    – grawity_u1686
    Commented Jul 16, 2021 at 9:52
  • @user1686, under "SIMPLIFIED PORT MAPPING", I can't configure ports myself; the only possible alternative is SSH on port 2222 in/out (there was a typo in the question), which I suspect means that the external port is 2222 and the internal port is the SSH port which is 22. Under "PORT MAPPING", as soon as I put 22 for the internal port (there was a typo in the question), the button to confirm becomes greyed out, whatever I fill the other fields with, so I simply can't add the rule.
    – Enlico
    Commented Jul 16, 2021 at 10:39
  • @user1686, I've also added a couple of screenshots.
    – Enlico
    Commented Jul 16, 2021 at 10:47
  • Is your SSH server internally reachable on port 2222? If it isn’t, this cannot work.
    – Daniel B
    Commented Jul 16, 2021 at 11:04
  • @DanielB, do you mean doing ssh -p 2222 myusername@mypublicIPaddress from my own computer? If this is what you mean, I get Connection refused regardless of whether I set up the simplified port forwarding or not.
    – Enlico
    Commented Jul 16, 2021 at 12:27

3 Answers 3

Reset to default
2

I do not have enough reputation in this community in order to add a simple comment, so I have to resort to a fully-fledged answer. I am Italian too and have the same modem & issue, and I can provide more certainty about the fact that the

  • try hard-resetting the router to see if it will then allow me to set 22 as the internal port during port mapping

option would not work. For Italian readers, this seems to prove that this modem features such a bug since early 2020, due to a firmware update.

Thank you Enrico for your self-answer, I was becoming insane trying to solve this!

Edit:

In order to try and forget about this issue, I also created a config file inside ~/.ssh, at every SSH client I am planning to use, that contains:

Host raspberry_at_home
    HostName 192.168.1.17
    Port 2222
    User andrea

Host raspberry_when_outside
    HostName <MY_PUBLIC_IP>
    Port 2222
    User andrea

so that I can also connect locally without having to specify each time a different port than the default 22 (i.e., the imposed 2222). For instance, I now can just run:

ssh raspberry_when_outside

All of this said, if I understood the issue correctly, this bug in our modem will not allow anyone to connect to more than 1 SSH server inside the same LAN (from outside the network), as it only allows to use the predetermined 2222 port for the task, to which you can of course bind a single local IP address: this is 100% true if all is done with the "simplified"/tailored configuration provided by Fastweb. I still did not fully understand what @Enlico meant with

  • set up port forwarding from external port wxyz to internal port 2222

But I still managed to solve my issue without that step.

Hope this may help someone in the future (maybe Technicolor employees too)!

TL;DR

  • Use the simplified Port Mapping SSH configuration provided by the Modem
  • (As @Enlico said) "Set Port 2222 in /etc/ssh/sshd_config so that my computer, as the SSH server, listens on port 2222 (to which I can forward) instead of 22 (to which I can't for the router is stupid)"
  • Optionally, create ~/.ssh/config and customize the file as suggested above
Improve this answer
2
  • 1
    Thank you very much, happy to see that somebody confirms what I've observed.
    – Enlico
    Commented Jul 2, 2022 at 20:40
  • Thanks to you for saving me a bunch of hours! :)
    – Jetboy
    Commented Jul 2, 2022 at 20:45
1

I've asked for help on archlinux' IRC channel.

The outcome of the investigation was that something is wrong with my router, which doesn't allow me to forward to port 22 via the "normal" port mapping interface, as the first screenshot in the question shows.

To fix this, it seems I have two options:

  • try hard-resetting the router to see if it will then allow me to set 22 as the internal port during port mapping,
  • call the ISP, FastWeb, to ask help.

Probably the first option is the easiest to try, given the (statistically) scarce knowledge of the technical people at FastWeb, but probably also the least likely to have an impact; after all, I've not done any harm to the router, and, as far as I can tell based on my memory, the issue started precisely after a hard-reset of the router.

To work around the problem for now, I had to

  • set Port 2222 in /etc/ssh/sshd_config so that my computer, as the SSH server, listens on port 2222 (to which I can forward) instead of 22 (to which I can't for the router is stupid),
  • set up port forwarding from external port wxyz to internal port 2222.
Improve this answer
0

SSH is not going to accept the connecton if it sees you coming in on port 2222 and it's probably listing on port 22. You can check with sudo lsof -i -P | grep LISTEN | grep sshd on which port ssh is accepting connections. (on the machine where you are connecting to with ssh)

You can change the SSH ports using these commands:

sudo sed -i "s/#Port 22/Port 2222/" /etc/ssh/sshd_config
sudo systemctl restart sshd
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .