Why can't I connect to my home SSH (SFTP) server? What am I doing wrong?

Question

I am new to this topic of creating a SFTP server on one's computer. I would like to be able to access the folder on my Windows XP computer via SFTP from another computer or a phone.

The following is what I have done so far:

I have installed SSH Windows and everything is setup correctly because I can access it (the folder on my pc) via WinSCP.

I however cannot access it from my phone. It doesn't connect.

The phone can be on the same wireless network as the Windows XP computer, but I would prefer to be able to access this when not in the same network.

Now, from what I have read and understood, the following is the information needed to connect:

1) Host Name: This would be my computer's ip address which I access by typing ipconfig in a cmd prompt (I access this easily on my computer because I simply put in localhost or 127.0.0.1)

2) Port Number: That would be port 22 (I have also added this to my router in the port forwarding section).

3) Username: This would be my Windows XP username. This however is my full name, including my middle initial followed by a period. I am wondering if this is maybe causing problems in accessing it from my phone, since the name has spaces and punctuation (the period).

4) Password: The password of my Windows XP computer

Extra Info: When I say phone, I mean an Android phone and I am using an ftp / sftp app to access my pc via the phone's cellular network (I also tried the wireless, but that didn't work as well). I have tried more than one program. On one program it tells me Connection timed out and on another it tells me "timeout:socket is not established"

Also, I know that I can use the site noip, but I prefer to connect this way first. Also, because I am new to this, I would like to look into what exactly noip is doing and if they would be seeing my files as they are transferred from phone to pc.

Thanking you in advance for your help.

UPDATE 1: Thanks for responses thus far. The problem seems to be that I cannot get port 22 open. I can get port 21 (which I added just a little while ago in the Virtual Servers section of my Belkin router's interface), but that only shows as open when I am using a program called PFPortChecker that I have installed. If I go to the site canyouseeme.org, it however tells me that it could not see that port because the connection timed out. On that same site, I get the same error message for Port 22. With the port checker program, it just simply tells me that the port is not open or not reachable.

UPDATE 2:

• Short version: I can connect!!! Things are working.
• Longer version: I was finally able to connect. It was a stupid mistake on my part. In my Belkin interface where one specifies ports to be opened, there are checkboxes in a column under the heading of Enable. I for some reason didn't check it, but did so for port 21. I think having two previous entries that I created years ago unchecked as well because I wanted them present but not enabled might have thrown me off visually.
  
  New Problem which was eventually resolved:
  
  However, after a while, I all of a sudden couldn't connect anymore. I was eventually able to connect again, but then later on I couldn't. In between those times, I had my phone transferring files to my computer. At different times, port 22 would be open and then closed according to the software mentioned above and also the website mentioned above as well as http://www.yougetsignal.com/tools/open-ports/ which seemed to be more accurate. The software program and these sites were checking if the port was open using my external / public ip address. Port 21, which I had also opened to see if I would experience any problems, would also at times be shown as closed and other times as opened.
  
  I then created a static ip address. I thought I had one already, but I didn't. The ip address on my computer (the internal one) however was never changing, but just to rule this out as a problem, I went ahead and created the static ip address. I however was still having problems connecting.
  
  In the end, it turned out to be my Windows Firewall. I thought it wasn't this because even though I disabled it, at the suggestion of user235252, I was able to connect again, but also still successfully when I then enabled it. I was however eventually disconnected again and unable to connect again as I had my phone transferring files again.
  
  I decided to add Port 22 to the Exceptions list, and lo and behold, I have been able to connect and re-connect successfully for at least 24 hours.
  
  When I am connected wirelessly to the same network as my computer, I use my internal ip address, and I can connect to my computer. When I turn the wireless off and am using the cell phone's network, I use my external / public ip, and I can connect to my computer.

I am so happy that I can connect. This is cool and my first time doing something like this. I however have much more to learn, especially with regards to security, one of them being restricting access to the other folders on my computer. I would also love to someday create the type of server that allows one to host a website.

Thanks to everyone for their help.

Answer 1

1) Host Name: This would be my computer's ip address which I access by typing ipconfig in a cmd prompt (I access this easily on my computer because I simply put in localhost or 127.0.0.1)

No, to access it from the cellular network you need your public IP address (if you have one). There are sites that will tell you that (e.g. whatismyip.com, if memory serves).

And even that is not enough; that would probably be the IP address of your home router, where your internal network is masqueraded and connected to the Internet.

Your PC will have an internal address such as 192.168.1.5 or something like that.

So you need also to tell your router that whenever a connection request comes in, directed to port 22/tcp (ssh) on the public address, it is to be routed to the internal address corresponding to your XP machine. This function is usually called "virtual server" or "reverse port mapping" on routers.

When both the phone and the PC are connected to the same wireless access point, they are in the same network and their addresses are sort of "mutually public", and things work easier, as well as faster.

To make a (perhaps too simplistic) example, it's sort of like phoning inside the same hotel - you don't need country and area code, just a room number. But if you want to call the same room from outside the hotel, you can't simply dial "42" - you need the hotel's public telephone number, and the guy at the reception must be told to route the call to the appropriate room, or it will never go through.

In some setups, your PC could be exposed on the Internet and have a public IP address of its own (and you would see it with ipconfig), but this isn't at all typical (partly because of the scarcity of available IP addresses, but mostly because of the risks. You really don't want everyone in the world to be able to directly connect to your PC whenever they feel like it, even if the PC has a firewall).

Usually, 127.0.0.1 (localhost) is the address with which a machine can speak to itself. So it can't be used by anyone else (if I tried from my PC, it too would connect to itself, not to you).

A second IP address is assigned for connections to the local network, and usually it is something like 192.168.x.y (I have 192.168.0.7 at the moment). That's the "room number" - lots of PCs out there will have those same addresses, but they're in separate hotels (networks), and can't speak to each others. When your phone is connected to your WiFi, you want to use that kind of address. Finally my ISP supplies me with a public address (e.g. 151.38.90.44), and that one would allow people to contact me, and no one else (at the same moment) is allowed to have that address. You will have yours, which could change if you power cycle your router, and that's the one to use from the "outside".

Answer 2

First things first, try connecting via IP when on wireless. The really important part is to use your computers internal address, probably a 192.168.. address. You can use ipconfig from the command line to get the address. Other ways to get the IP are detailed in this question.

If that works, then you can try accessing it from outside your network. For that to work, you'll need to use the external IP and port forwarding, where you'll want to point connections to your external IP to your internal IP. I'd also suggest using a non-standard external port, so that random scans for open port 22's don't end up connecting to your system.

One other suggestion would me to make your computer have a constant IP address - I tend to have my router assign statically via MAC address.

Note that noip.com doesn't address any of the above. The only bit it'll help with is that instead of having to use your external IP address, you could have a name associated with it (e.g. instead of 169.254.123.45 you could connect to yourname.no-ip.org). You'll still need to enable port forwarding. The only thing it does is create a DNS entry for your system, and no traffic besides the initial lookup for where to direct your request goes through their servers. The fact that you're using SFTP would also encrypt the traffic, minimizing risk.

Update: It's not clear from your update if you were using your internal or external IP. If you're using your external IP, your ISP might be blocking ports below 1024. That's why I mentioned using a non-standard port, and forwarding that to port 22 on your intranet. Try forwarding from a port somewhere between 1024 and 65535, and to port 22 internally.

Answer 3

Go to control panel and disable your firewall. Try it from an external IP and if it works, you can add an exception for the port you set it it.