Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Scientists are people who build the Brooklyn Bridge and then buy it. -- William Buckley


computers / comp.sys.raspberry-pi / Re: SSH from Internet to Pi

SubjectAuthor
* SSH from Internet to PiGeeknix
+* SSH from Internet to PiVincent Coen
|`* Re: SSH from Internet to PiGeeknix
| +- SSH from Internet to PiVincent Coen
| +- Re: SSH from Internet to PiMartin Gregorie
| `- Re: SSH from Internet to PiNikolaj Lazic
+* Re: SSH from Internet to PiTheo
|+* Re: SSH from Internet to PiGeeknix
||`- Re: SSH from Internet to PiThe Natural Philosopher
|+* Re: SSH from Internet to PiChris Green
||`- Re: SSH from Internet to PiThe Natural Philosopher
|`* Re: SSH from Internet to PiGeeknix
| `- Re: SSH from Internet to PiMartin Gregorie
+- Re: SSH from Internet to PiThe Natural Philosopher
+* Re: SSH from Internet to PiGeeknix
|`- Re: SSH from Internet to PiNikolaj Lazic
`* Re: SSH from Internet to PiGeeknix
 `- Re: SSH from Internet to PiThe Natural Philosopher

1
SSH from Internet to Pi

<slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6334&group=comp.sys.raspberry-pi#6334

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx11.iad.POSTED!not-for-mail
Newsgroups: comp.sys.raspberry-pi
From: use...@apple.geeknix135.net (Geeknix)
Subject: SSH from Internet to Pi
Organization: GeekNix
User-Agent: slrn/1.0.3 (Linux)
Message-ID: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
Lines: 18
X-Complaints-To: abuse(at)newshosting.com
NNTP-Posting-Date: Sat, 22 Apr 2023 23:00:04 UTC
Date: Sat, 22 Apr 2023 23:00:04 GMT
X-Received-Bytes: 1130
 by: Geeknix - Sat, 22 Apr 2023 23:00 UTC

I'd like to ask for tips. I have a Pi running a number of services. One
is SSH to allow Telnet access via Putty. I use certificates for
authentication. While at home on LAN I can Putty into the Pi just fine
using IP 192.168.0.181:22

I have dynamic DNS for external access so I can use address
<me>.ddns.net:22 then port forwarding on my router to the Pi. Now this
works with other services like web server. So I know DDNS and port
forwarding works.

What could be blocking SSH? Anyway to check logs on Pi?

Thanks!

--
Don't be afraid of the deep...
--[ bbs.bottomlessabyss.net | https | telnet=2023 ]--
--[ /query geeknix on libera.chat | tilde.chat ]--

SSH from Internet to Pi

<1682208786@f1.n250.z2.fidonet.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6335&group=comp.sys.raspberry-pi#6335

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.quux.org!news.bbs.nz!.POSTED.agency.bbs.nz!not-for-mail
From: nospam.V...@f1.n250.z2.fidonet.org (Vincent Coen)
Newsgroups: comp.sys.raspberry-pi
Subject: SSH from Internet to Pi
Date: Sun, 23 Apr 2023 01:06:14 +1300
Organization: Agency HUB, Dunedin - New Zealand
Message-ID: <1682208786@f1.n250.z2.fidonet.org>
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Info: news.bbs.nz; posting-host="8IWYKlztXHa0+IViEdY46zrq8kpk7dC9fTbT74JiSDQ";
logging-data="12705"; mail-complaints-to="abuse@news.bbs.nz"
User-Agent: VSoup v1.2.9.47Beta [95/NT]
X-Comment-To: Geeknix
X-MailConverter: SoupGate-Win32 v1.05
 by: Vincent Coen - Sat, 22 Apr 2023 12:06 UTC

Hello Geeknix!

Saturday April 22 2023 23:00, you wrote to All:

> I'd like to ask for tips. I have a Pi running a number of services.
> One is SSH to allow Telnet access via Putty. I use certificates
> for authentication. While at home on LAN I can Putty into the Pi just
> fine using IP 192.168.0.181:22

> I have dynamic DNS for external access so I can use address
> <me>.ddns.net:22 then port forwarding on my router to the Pi. Now this
> works with other services like web server. So I know DDNS and port
> forwarding works.

> What could be blocking SSH? Anyway to check logs on Pi?

Silly questions, but have you opened SSH (instead of telnet - very low
security) and have you set up secure key authority etc.

Small point - on mine systems I have extra security set to verify all MAC
addresses as well as user / passwords and they are only allowed using defined
ip addresses in a specific network and no I have no need to get through from
outside but do have a box set up as a concentrator if needs must with security
set to above B1.

Vincent

Re: SSH from Internet to Pi

<Icq*iGsez@news.chiark.greenend.org.uk>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6336&group=comp.sys.raspberry-pi#6336

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!news.chmurka.net!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!.POSTED.chiark.greenend.org.uk!not-for-mail
From: theom+n...@chiark.greenend.org.uk (Theo)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: SSH from Internet to Pi
Date: 23 Apr 2023 04:04:02 +0100 (BST)
Organization: University of Cambridge, England
Message-ID: <Icq*iGsez@news.chiark.greenend.org.uk>
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
Injection-Info: chiark.greenend.org.uk; posting-host="chiark.greenend.org.uk:212.13.197.229";
logging-data="31363"; mail-complaints-to="abuse@chiark.greenend.org.uk"
User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (Linux/5.10.0-20-amd64 (x86_64))
Originator: theom@chiark.greenend.org.uk ([212.13.197.229])
 by: Theo - Sun, 23 Apr 2023 03:04 UTC

Geeknix <usenet@apple.geeknix135.net> wrote:
> I'd like to ask for tips. I have a Pi running a number of services. One
> is SSH to allow Telnet access via Putty. I use certificates for
> authentication. While at home on LAN I can Putty into the Pi just fine
> using IP 192.168.0.181:22
>
> I have dynamic DNS for external access so I can use address
> <me>.ddns.net:22 then port forwarding on my router to the Pi. Now this
> works with other services like web server. So I know DDNS and port
> forwarding works.
>
> What could be blocking SSH? Anyway to check logs on Pi?

Do you have any firewalling on the Pi, router or ISP that might interfere?
Try a different external port other than 22?

To see logs:

On the client, Putty has a logging window that tells you what happened on
its side of the connection. On ther server, /var/log/auth.log often tells
you if there was a problem with keys or similar.

Post the logs here if you need help with them.

Theo

Re: SSH from Internet to Pi

<slrnu4a198.365.usenet@raspberrypi.geeknix.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6338&group=comp.sys.raspberry-pi#6338

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx16.iad.POSTED!not-for-mail
Newsgroups: comp.sys.raspberry-pi
From: use...@apple.geeknix135.net (Geeknix)
Subject: Re: SSH from Internet to Pi
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
<Icq*iGsez@news.chiark.greenend.org.uk>
Organization: GeekNix
User-Agent: slrn/1.0.3 (Linux)
Message-ID: <slrnu4a198.365.usenet@raspberrypi.geeknix.net>
Lines: 10
X-Complaints-To: abuse(at)newshosting.com
NNTP-Posting-Date: Sun, 23 Apr 2023 10:30:06 UTC
Date: Sun, 23 Apr 2023 10:30:06 GMT
X-Received-Bytes: 909
 by: Geeknix - Sun, 23 Apr 2023 10:30 UTC

On 2023-04-23, Theo <theom+news@chiark.greenend.org.uk> wrote:
> Try a different external port other than 22?

I have tried port 4444 for external access, that still forwards to port
22 on the Pi.

--
Don't be afraid of the deep...
--[ bbs.bottomlessabyss.net | https | telnet=2023 ]--
--[ /query geeknix on libera.chat | tilde.chat ]--

Re: SSH from Internet to Pi

<u23341$3p7ar$6@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6339&group=comp.sys.raspberry-pi#6339

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: tnp...@invalid.invalid (The Natural Philosopher)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: SSH from Internet to Pi
Date: Sun, 23 Apr 2023 12:00:16 +0100
Organization: A little, after lunch
Lines: 32
Message-ID: <u23341$3p7ar$6@dont-email.me>
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 23 Apr 2023 11:00:17 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="91d9a98034c4b24e58a5cefbd3cd1de5";
logging-data="3972443"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19YkB+OnG0hecva9NXbOsTB615ZY0UDxtw="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.10.0
Cancel-Lock: sha1:WxIn8tb7DGQNrmG4eB9eKfHhFos=
In-Reply-To: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
Content-Language: en-GB
 by: The Natural Philosop - Sun, 23 Apr 2023 11:00 UTC

On 23/04/2023 00:00, Geeknix wrote:
> I'd like to ask for tips. I have a Pi running a number of services. One
> is SSH to allow Telnet access via Putty. I use certificates for
> authentication. While at home on LAN I can Putty into the Pi just fine
> using IP 192.168.0.181:22
>
> I have dynamic DNS for external access so I can use address
> <me>.ddns.net:22 then port forwarding on my router to the Pi. Now this
> works with other services like web server. So I know DDNS and port
> forwarding works.
>
> What could be blocking SSH? Anyway to check logs on Pi?
>
> Thanks!
>
Should be no different. I have a similar setup here - Ah!

I remember. I couldn't forward port 22. The router was using it for
secure remote login.

Just try using an arbitrary high port on the router.

--
You can get much farther with a kind word and a gun than you can with a
kind word alone.

Al Capone

Re: SSH from Internet to Pi

<u234ed$3pj6n$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6340&group=comp.sys.raspberry-pi#6340

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: tnp...@invalid.invalid (The Natural Philosopher)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: SSH from Internet to Pi
Date: Sun, 23 Apr 2023 12:22:53 +0100
Organization: A little, after lunch
Lines: 36
Message-ID: <u234ed$3pj6n$1@dont-email.me>
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
<Icq*iGsez@news.chiark.greenend.org.uk>
<slrnu4a198.365.usenet@raspberrypi.geeknix.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 23 Apr 2023 11:22:53 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="91d9a98034c4b24e58a5cefbd3cd1de5";
logging-data="3984599"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1973b/VhqRzH2fKAyI4ezDG0mq7s/ZlP9E="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.10.0
Cancel-Lock: sha1:FXW08RmT/Uk3zDa2WNIvLIqc5ss=
In-Reply-To: <slrnu4a198.365.usenet@raspberrypi.geeknix.net>
Content-Language: en-GB
 by: The Natural Philosop - Sun, 23 Apr 2023 11:22 UTC

On 23/04/2023 11:30, Geeknix wrote:
> On 2023-04-23, Theo <theom+news@chiark.greenend.org.uk> wrote:
>> Try a different external port other than 22?
>
> I have tried port 4444 for external access, that still forwards to port
> 22 on the Pi.
>
Hmm. Let me see how I did it here.
Ok I used a high port on the router and 22 on the target machine

Worked for me on *86 platform. Mint. so basically debian with frills

Have you enabled global access to sshd in /etc/ssh/sshd.config and friends?

I think that is the default, but check anyway

Match Address is the line to look at. I think

Ok a good way to test this is to telnet to the ssh port on your public
interface and see whether the daemon is responding or not

$telnet media.larksrise.com 2345
Trying 212.69.38.60...
Connected to media.larksrise.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5

.....etc. Oh, I edited the port number, so don't get cute

--
All political activity makes complete sense once the proposition that
all government is basically a self-legalising protection racket, is
fully understood.

SSH from Internet to Pi

<1682262103@f1.n250.z2.fidonet.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6341&group=comp.sys.raspberry-pi#6341

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.nk.ca!news.chmurka.net!news.bbs.nz!.POSTED.agency.bbs.nz!not-for-mail
From: nospam.V...@f1.n250.z2.fidonet.org (Vincent Coen)
Newsgroups: comp.sys.raspberry-pi
Subject: SSH from Internet to Pi
Date: Sun, 23 Apr 2023 15:57:33 +1300
Organization: Agency HUB, Dunedin - New Zealand
Message-ID: <1682262103@f1.n250.z2.fidonet.org>
References: <slrnu4a17b.365.usenet@raspberrypi.geeknix.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Info: news.bbs.nz; posting-host="8IWYKlztXHa0+IViEdY46zrq8kpk7dC9fTbT74JiSDQ";
logging-data="26833"; mail-complaints-to="abuse@news.bbs.nz"
User-Agent: VSoup v1.2.9.47Beta [95/NT]
X-MailConverter: SoupGate-Win32 v1.05
X-Comment-To: Geeknix
 by: Vincent Coen - Sun, 23 Apr 2023 02:57 UTC

Hello Geeknix!

Sunday April 23 2023 10:30, you wrote to me:

> On 2023-04-22, Vincent Coen
> <nospam.Vincent.Coen@f1.n250.z2.fidonet.org> wrote:
>> Hello Geeknix!
>>
>> Saturday April 22 2023 23:00, you wrote to All:
>>
>> > I'd like to ask for tips. I have a Pi running a number of
>> services.
>> > One is SSH to allow Telnet access via Putty. I use certificates
>> > for authentication. While at home on LAN I can Putty into the Pi
>> just
>> > fine using IP 192.168.0.181:22
>>
>> > I have dynamic DNS for external access so I can use address
>> > <me>.ddns.net:22 then port forwarding on my router to the Pi. Now
>> this
>> > works with other services like web server. So I know DDNS and port
>> > forwarding works.
>>
>> Silly questions, but have you opened SSH (instead of telnet - very
>> low security) and have you set up secure key authority etc.

> Not sure what you mean, when I open the port on the router I have
> selected All (i.e. TCP and UDP) for port 22.

Should only be TCP - according to my router settings for port trigger but both
for port forwarding so look correct.

>> Small point - on mine systems I have extra security set to verify
>> all MAC addresses as well as user / passwords and they are only
>> allowed using defined ip addresses in a specific network and no I
>> have no need to get through from outside but do have a box set up as
>> a concentrator if needs must with security set to above B1.

> I have disabled username/password and only accept pre-shared keys.

Yep, for ssh that is best as far as I know but I have extra security that
means
users system must have declared MAC code (I also make use of users CPU
model and serial numbers - but that was an experiment that seems to work.

Vincent

Re: SSH from Internet to Pi

<4c6ghj-3hso3.ln1@esprimo.zbmc.eu>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6342&group=comp.sys.raspberry-pi#6342

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!newsreader4.netcologne.de!news.netcologne.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: cl...@isbd.net (Chris Green)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: SSH from Internet to Pi
Date: Sun, 23 Apr 2023 18:27:00 +0100
Lines: 24
Message-ID: <4c6ghj-3hso3.ln1@esprimo.zbmc.eu>
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net> <Icq*iGsez@news.chiark.greenend.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net /ujh2QR+7guoD9SkIYIqSQtZbxYqgObuuG232YqHGAQ/Ut9i8=
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:rp5eISrzKB+iuRZQ3mWmBH6oGg0=
User-Agent: tin/2.6.2-20220130 ("Convalmore") (Linux/5.15.0-69-generic (x86_64))
 by: Chris Green - Sun, 23 Apr 2023 17:27 UTC

Theo <theom+news@chiark.greenend.org.uk> wrote:
> Geeknix <usenet@apple.geeknix135.net> wrote:
> > I'd like to ask for tips. I have a Pi running a number of services. One
> > is SSH to allow Telnet access via Putty. I use certificates for
> > authentication. While at home on LAN I can Putty into the Pi just fine
> > using IP 192.168.0.181:22
> >
> > I have dynamic DNS for external access so I can use address
> > <me>.ddns.net:22 then port forwarding on my router to the Pi. Now this
> > works with other services like web server. So I know DDNS and port
> > forwarding works.
> >
> > What could be blocking SSH? Anyway to check logs on Pi?
>
> Do you have any firewalling on the Pi, router or ISP that might interfere?
> Try a different external port other than 22?
>
Yes, on many routers you not only have to configure the port
forwarding you also hove to open up the relevant ports on the
firewall.

--
Chris Green
·

Re: SSH from Internet to Pi

<slrnu4a17b.365.usenet@raspberrypi.geeknix.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6344&group=comp.sys.raspberry-pi#6344

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.mixmin.net!news2.arglkargh.de!news.karotte.org!news.uzoreto.com!peer03.ams4!peer.am4.highwinds-media.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx16.iad.POSTED!not-for-mail
Newsgroups: comp.sys.raspberry-pi
From: use...@apple.geeknix135.net (Geeknix)
Subject: Re: SSH from Internet to Pi
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
<1682208786@f1.n250.z2.fidonet.org>
Organization: GeekNix
User-Agent: slrn/1.0.3 (Linux)
Message-ID: <slrnu4a17b.365.usenet@raspberrypi.geeknix.net>
Lines: 35
X-Complaints-To: abuse(at)newshosting.com
NNTP-Posting-Date: Sun, 23 Apr 2023 10:30:04 UTC
Date: Sun, 23 Apr 2023 10:30:04 GMT
X-Received-Bytes: 2122
 by: Geeknix - Sun, 23 Apr 2023 10:30 UTC

On 2023-04-22, Vincent Coen <nospam.Vincent.Coen@f1.n250.z2.fidonet.org> wrote:
> Hello Geeknix!
>
> Saturday April 22 2023 23:00, you wrote to All:
>
> > I'd like to ask for tips. I have a Pi running a number of services.
> > One is SSH to allow Telnet access via Putty. I use certificates
> > for authentication. While at home on LAN I can Putty into the Pi just
> > fine using IP 192.168.0.181:22
>
> > I have dynamic DNS for external access so I can use address
> > <me>.ddns.net:22 then port forwarding on my router to the Pi. Now this
> > works with other services like web server. So I know DDNS and port
> > forwarding works.
>
> Silly questions, but have you opened SSH (instead of telnet - very low
> security) and have you set up secure key authority etc.

Not sure what you mean, when I open the port on the router I have
selected All (i.e. TCP and UDP) for port 22.

> Small point - on mine systems I have extra security set to verify all MAC
> addresses as well as user / passwords and they are only allowed using defined
> ip addresses in a specific network and no I have no need to get through from
> outside but do have a box set up as a concentrator if needs must with security
> set to above B1.

I have disabled username/password and only accept pre-shared keys.

Thanks Vincent.

--
Don't be afraid of the deep...
--[ bbs.bottomlessabyss.net | https | telnet=2023 ]--
--[ /query geeknix on libera.chat | tilde.chat ]--

Re: SSH from Internet to Pi

<slrnu4a136.365.usenet@raspberrypi.geeknix.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6345&group=comp.sys.raspberry-pi#6345

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!newsfeed.hasname.com!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx16.iad.POSTED!not-for-mail
Newsgroups: comp.sys.raspberry-pi
From: use...@apple.geeknix135.net (Geeknix)
Subject: Re: SSH from Internet to Pi
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
<Icq*iGsez@news.chiark.greenend.org.uk>
Organization: GeekNix
User-Agent: slrn/1.0.3 (Linux)
Message-ID: <slrnu4a136.365.usenet@raspberrypi.geeknix.net>
Lines: 35
X-Complaints-To: abuse(at)newshosting.com
NNTP-Posting-Date: Sun, 23 Apr 2023 10:30:05 UTC
Date: Sun, 23 Apr 2023 10:30:05 GMT
X-Received-Bytes: 2000
 by: Geeknix - Sun, 23 Apr 2023 10:30 UTC

On 2023-04-23, Theo <theom+news@chiark.greenend.org.uk> wrote:
> Geeknix <usenet@apple.geeknix135.net> wrote:
>> I'd like to ask for tips. I have a Pi running a number of services. One
>> is SSH to allow Telnet access via Putty. I use certificates for
>> authentication. While at home on LAN I can Putty into the Pi just fine
>> using IP 192.168.0.181:22
>>
>> I have dynamic DNS for external access so I can use address
>> <me>.ddns.net:22 then port forwarding on my router to the Pi. Now this
>> works with other services like web server. So I know DDNS and port
>> forwarding works.
>>
>> What could be blocking SSH? Anyway to check logs on Pi?
>
> Do you have any firewalling on the Pi, router or ISP that might interfere?
> Try a different external port other than 22?

Thanks for your reply. I haven't knowingly setup a firewall on the Pi
perhaps the router has one but the same steps I use to allow HTTP and
Minecraft have opened those ports for use.

> On the client, Putty has a logging window that tells you what happened on
> its side of the connection.

Great, I'll try and figure out how to see that window.

> On ther server, /var/log/auth.log often tells you if there was a problem
> with keys or similar.

I'll check that out also. Thank you.

--
Don't be afraid of the deep...
--[ bbs.bottomlessabyss.net | https | telnet=2023 ]--
--[ /query geeknix on libera.chat | tilde.chat ]--

Re: SSH from Internet to Pi

<u233q3$3pbut$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6346&group=comp.sys.raspberry-pi#6346

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: mar...@mydomain.invalid (Martin Gregorie)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: SSH from Internet to Pi
Date: Sun, 23 Apr 2023 11:12:03 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 50
Message-ID: <u233q3$3pbut$1@dont-email.me>
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
<1682208786@f1.n250.z2.fidonet.org>
<slrnu4a17b.365.usenet@raspberrypi.geeknix.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 23 Apr 2023 11:12:03 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="bc8eb60980f870aec4edbe43b38534ec";
logging-data="3977181"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/QCGAZADAMNFUAWPIHgqclMEq6Kd9I96M="
User-Agent: Pan/0.149 (Bellevue; 4c157ba git@gitlab.gnome.org:GNOME/pan.git)
Cancel-Lock: sha1:RKqylFI7Fe4qzRn2cdsFi1AKOvI=
 by: Martin Gregorie - Sun, 23 Apr 2023 11:12 UTC

On Sun, 23 Apr 2023 10:30:04 GMT, Geeknix wrote:

> On 2023-04-22, Vincent Coen <nospam.Vincent.Coen@f1.n250.z2.fidonet.org>
> wrote:
>> Hello Geeknix!
>>
>> Saturday April 22 2023 23:00, you wrote to All:
>>
>> > I'd like to ask for tips. I have a Pi running a number of services.
>> > One is SSH to allow Telnet access via Putty. I use certificates for
>> > authentication. While at home on LAN I can Putty into the Pi just
>> > fine using IP 192.168.0.181:22
>>
>> > I have dynamic DNS for external access so I can use address
>> > <me>.ddns.net:22 then port forwarding on my router to the Pi. Now
>> > this works with other services like web server. So I know DDNS and
>> > port forwarding works.
>>
>> Silly questions, but have you opened SSH (instead of telnet - very low
>> security) and have you set up secure key authority etc.
>
> Not sure what you mean, when I open the port on the router I have
> selected All (i.e. TCP and UDP) for port 22.
>
>> Small point - on mine systems I have extra security set to verify all
>> MAC addresses as well as user / passwords and they are only allowed
>> using defined ip addresses in a specific network and no I have no need
>> to get through from outside but do have a box set up as a concentrator
>> if needs must with security set to above B1.
>
> I have disabled username/password and only accept pre-shared keys.
>
> Thanks Vincent.

Pedantry, maybe, but Telnet != ssh

Telnet offers a very basic tty-like service over a plaintext channel,
while ssh provides a secure, encrypted service. Their connection protocols
are not compatible.

Similarly with ftp vs. ssh2 for file transfers: I wouldn't dream of using
telnet, ftp or Kermit outside my LAN, which is firewalled off from the
wider Internet, but I have no problems with using ssh or ssh2 to log in to
a remote (trusted) system or to transfer files to or from them.

--

Martin | martin at
Gregorie | gregorie dot org

Re: SSH from Internet to Pi

<u234bo$3pbut$2@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6347&group=comp.sys.raspberry-pi#6347

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: mar...@mydomain.invalid (Martin Gregorie)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: SSH from Internet to Pi
Date: Sun, 23 Apr 2023 11:21:28 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 45
Message-ID: <u234bo$3pbut$2@dont-email.me>
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
<Icq*iGsez@news.chiark.greenend.org.uk>
<slrnu4a136.365.usenet@raspberrypi.geeknix.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 23 Apr 2023 11:21:28 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="bc8eb60980f870aec4edbe43b38534ec";
logging-data="3977181"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19iQ9NNShqUsCb7F6tul/f1o/eZDZPgmiI="
User-Agent: Pan/0.149 (Bellevue; 4c157ba git@gitlab.gnome.org:GNOME/pan.git)
Cancel-Lock: sha1:DSztcNF7yqfJQCkZn06hwvuzs+M=
 by: Martin Gregorie - Sun, 23 Apr 2023 11:21 UTC

On Sun, 23 Apr 2023 10:30:05 GMT, Geeknix wrote:

> On 2023-04-23, Theo <theom+news@chiark.greenend.org.uk> wrote:
>> Geeknix <usenet@apple.geeknix135.net> wrote:
>>> I'd like to ask for tips. I have a Pi running a number of services.
>>> One is SSH to allow Telnet access via Putty. I use certificates for
>>> authentication. While at home on LAN I can Putty into the Pi just fine
>>> using IP 192.168.0.181:22
>>>
>>> I have dynamic DNS for external access so I can use address
>>> <me>.ddns.net:22 then port forwarding on my router to the Pi. Now this
>>> works with other services like web server. So I know DDNS and port
>>> forwarding works.
>>>
>>> What could be blocking SSH? Anyway to check logs on Pi?
>>
>> Do you have any firewalling on the Pi, router or ISP that might
>> interfere?
>> Try a different external port other than 22?
>
> Thanks for your reply. I haven't knowingly setup a firewall on the Pi
> perhaps the router has one but the same steps I use to allow HTTP and
> Minecraft have opened those ports for use.
>
>> On the client, Putty has a logging window that tells you what happened
>> on its side of the connection.
>
> Great, I'll try and figure out how to see that window.
>
>> On ther server, /var/log/auth.log often tells you if there was a
>> problem with keys or similar.
>
> I'll check that out also. Thank you.

Use 'nmap' to see what ports are accessible on your firewall, rpi's etc
from inside your LAN.

http://grc.com/ - the Gibson Research Corp - provides "Shields Up", which
scans your firewall from the outside and reports which ports are
accessible to an intruder.

--

Martin | martin at
Gregorie | gregorie dot org

Re: SSH from Internet to Pi

<u25f7m$8h01$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6348&group=comp.sys.raspberry-pi#6348

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: tnp...@invalid.invalid (The Natural Philosopher)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: SSH from Internet to Pi
Date: Mon, 24 Apr 2023 09:39:18 +0100
Organization: A little, after lunch
Lines: 26
Message-ID: <u25f7m$8h01$1@dont-email.me>
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
<Icq*iGsez@news.chiark.greenend.org.uk> <4c6ghj-3hso3.ln1@esprimo.zbmc.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 24 Apr 2023 08:39:18 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="09834a1bd18b72d0fc168e542e3cb1be";
logging-data="279553"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18piMWScNDJFvgeeoUzvkpSw/FHf/DXDFE="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.10.0
Cancel-Lock: sha1:rATKfAobBaTE+fSMKXcOkSRPdgs=
Content-Language: en-GB
In-Reply-To: <4c6ghj-3hso3.ln1@esprimo.zbmc.eu>
 by: The Natural Philosop - Mon, 24 Apr 2023 08:39 UTC

On 23/04/2023 18:27, Chris Green wrote:
> Theo <theom+news@chiark.greenend.org.uk> wrote:
>> Geeknix <usenet@apple.geeknix135.net> wrote:
>>> I'd like to ask for tips. I have a Pi running a number of services. One
>>> is SSH to allow Telnet access via Putty. I use certificates for
>>> authentication. While at home on LAN I can Putty into the Pi just fine
>>> using IP 192.168.0.181:22
>>>
>>> I have dynamic DNS for external access so I can use address
>>> <me>.ddns.net:22 then port forwarding on my router to the Pi. Now this
>>> works with other services like web server. So I know DDNS and port
>>> forwarding works.
>>>
>>> What could be blocking SSH? Anyway to check logs on Pi?
>>
>> Do you have any firewalling on the Pi, router or ISP that might interfere?
>> Try a different external port other than 22?
>>
> Yes, on many routers you not only have to configure the port
> forwarding you also hove to open up the relevant ports on the
> firewall.
>
I think he said he already tried that.
--
Microsoft : the best reason to go to Linux that ever existed.

Re: SSH from Internet to Pi

<h3v1M.988620$S2l4.202746@fx12.ams1>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6352&group=comp.sys.raspberry-pi#6352

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!feeder1.feed.usenet.farm!feed.usenet.farm!peer01.ams4!peer.am4.highwinds-media.com!news.highwinds-media.com!peer02.ams1!peer.ams1.xlned.com!news.xlned.com!fx12.ams1.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.10.0
Subject: Re: SSH from Internet to Pi
Newsgroups: comp.sys.raspberry-pi
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
Content-Language: en-GB
From: use...@apple.geeknix135.net (Geeknix)
In-Reply-To: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 17
Message-ID: <h3v1M.988620$S2l4.202746@fx12.ams1>
X-Complaints-To: abuse(at)newshosting.com
NNTP-Posting-Date: Mon, 24 Apr 2023 12:59:57 UTC
Organization: Newshosting.com - Highest quality at a great price! www.newshosting.com
Date: Mon, 24 Apr 2023 20:59:57 +0800
X-Received-Bytes: 1559
 by: Geeknix - Mon, 24 Apr 2023 12:59 UTC

On 23/04/2023 07:00, Geeknix wrote:
> I'd like to ask for tips. I have a Pi running a number of services. One
> is SSH to allow Telnet access via Putty. I use certificates for
> authentication. While at home on LAN I can Putty into the Pi just fine
> using IP 192.168.0.181:22

Thanks for all the replies, I'm away from home until Wednesday (SG
time), I'll try the suggestions then and let you all know the outcome!

RenMas

--
Don't be afraid of the deep...
--[ bbs.bottomlessabyss.net|https|telnet=2023|ssh=2222 ]--
--[ Remove the fruit and digits for valid email address ]--
--[ usenet <at> apple.geeknix135.net ]--

Re: SSH from Internet to Pi

<slrnu4d8dp.14hho.nlazicBEZ_OVOGA@mudrac.ffzg.hr>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6354&group=comp.sys.raspberry-pi#6354

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!newsfeed.CARNet.hr!.POSTED.193.198.212.8!not-for-mail
From: nlazicBE...@mudrac.ffzg.hr (Nikolaj Lazic)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: SSH from Internet to Pi
Date: Mon, 24 Apr 2023 15:35:21 -0000 (UTC)
Organization: CARNet, Croatia
Message-ID: <slrnu4d8dp.14hho.nlazicBEZ_OVOGA@mudrac.ffzg.hr>
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
<1682208786@f1.n250.z2.fidonet.org>
<slrnu4a17b.365.usenet@raspberrypi.geeknix.net>
Reply-To: nlazicBEZ_OVOGA@mudrac.ffzg.hr
Injection-Date: Mon, 24 Apr 2023 15:35:21 -0000 (UTC)
Injection-Info: news1.carnet.hr; posting-host="193.198.212.8";
logging-data="1589571"; mail-complaints-to="abuse@CARNet.hr"
User-Agent: slrn/1.0.2 (Linux)
 by: Nikolaj Lazic - Mon, 24 Apr 2023 15:35 UTC

Dana Sun, 23 Apr 2023 10:30:04 GMT, Geeknix <usenet@apple.geeknix135.net> napis'o:
> On 2023-04-22, Vincent Coen <nospam.Vincent.Coen@f1.n250.z2.fidonet.org> wrote:
>> Hello Geeknix!
>>
>> Saturday April 22 2023 23:00, you wrote to All:
>>
>> > I'd like to ask for tips. I have a Pi running a number of services.
>> > One is SSH to allow Telnet access via Putty. I use certificates
>> > for authentication. While at home on LAN I can Putty into the Pi just
>> > fine using IP 192.168.0.181:22
>>
>> > I have dynamic DNS for external access so I can use address
>> > <me>.ddns.net:22 then port forwarding on my router to the Pi. Now this
>> > works with other services like web server. So I know DDNS and port
>> > forwarding works.
>>
>> Silly questions, but have you opened SSH (instead of telnet - very low
>> security) and have you set up secure key authority etc.
>
> Not sure what you mean, when I open the port on the router I have
> selected All (i.e. TCP and UDP) for port 22.

Ok, but you have to forward that port to your 102.168.0.181:22

>
>> Small point - on mine systems I have extra security set to verify all MAC
>> addresses as well as user / passwords and they are only allowed using defined
>> ip addresses in a specific network and no I have no need to get through from
>> outside but do have a box set up as a concentrator if needs must with security
>> set to above B1.
>
> I have disabled username/password and only accept pre-shared keys.
>
> Thanks Vincent.
>

Re: SSH from Internet to Pi

<slrnu4d8ka.14hho.nlazicBEZ_OVOGA@mudrac.ffzg.hr>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6355&group=comp.sys.raspberry-pi#6355

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!newsfeed.CARNet.hr!.POSTED.193.198.212.8!not-for-mail
From: nlazicBE...@mudrac.ffzg.hr (Nikolaj Lazic)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: SSH from Internet to Pi
Date: Mon, 24 Apr 2023 15:38:50 -0000 (UTC)
Organization: CARNet, Croatia
Message-ID: <slrnu4d8ka.14hho.nlazicBEZ_OVOGA@mudrac.ffzg.hr>
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
<h3v1M.988620$S2l4.202746@fx12.ams1>
Reply-To: nlazicBEZ_OVOGA@mudrac.ffzg.hr
Injection-Date: Mon, 24 Apr 2023 15:38:50 -0000 (UTC)
Injection-Info: news1.carnet.hr; posting-host="193.198.212.8";
logging-data="1589571"; mail-complaints-to="abuse@CARNet.hr"
User-Agent: slrn/1.0.2 (Linux)
 by: Nikolaj Lazic - Mon, 24 Apr 2023 15:38 UTC

Dana Mon, 24 Apr 2023 20:59:57 +0800, Geeknix <usenet@apple.geeknix135.net> napis'o:
> On 23/04/2023 07:00, Geeknix wrote:
>> I'd like to ask for tips. I have a Pi running a number of services. One
>> is SSH to allow Telnet access via Putty. I use certificates for
>> authentication. While at home on LAN I can Putty into the Pi just fine
>> using IP 192.168.0.181:22
>
> Thanks for all the replies, I'm away from home until Wednesday (SG
> time), I'll try the suggestions then and let you all know the outcome!

You can also forward some highet ot to your 192.168.0.181:22
You have to do that on your router provided by your ISP.

Re: SSH from Internet to Pi

<slrnu4so5q.o2b.usenet@raspberrypi.geeknix.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6415&group=comp.sys.raspberry-pi#6415

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!1.us.feeder.erje.net!feeder.erje.net!feeder1.feed.usenet.farm!feed.usenet.farm!peer02.ams4!peer.am4.highwinds-media.com!news.highwinds-media.com!peer01.ams1!peer.ams1.xlned.com!news.xlned.com!fx15.ams1.POSTED!not-for-mail
Newsgroups: comp.sys.raspberry-pi
From: use...@apple.geeknix135.net (Geeknix)
Subject: Re: SSH from Internet to Pi
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
Organization: GeekNix
User-Agent: slrn/1.0.3 (Linux)
Message-ID: <slrnu4so5q.o2b.usenet@raspberrypi.geeknix.net>
Lines: 30
X-Complaints-To: abuse(at)newshosting.com
NNTP-Posting-Date: Sun, 30 Apr 2023 13:00:03 UTC
Date: Sun, 30 Apr 2023 13:00:03 GMT
X-Received-Bytes: 1948
 by: Geeknix - Sun, 30 Apr 2023 13:00 UTC

On 2023-04-22, Geeknix <usenet@apple.geeknix135.net> wrote:
> I'd like to ask for tips. I have a Pi running a number of services. One
> is SSH to allow Telnet access via Putty. I use certificates for
> authentication. While at home on LAN I can Putty into the Pi just fine
> using IP 192.168.0.181:22
>
> I have dynamic DNS for external access so I can use address
><me>.ddns.net:22 then port forwarding on my router to the Pi. Now this
> works with other services like web server. So I know DDNS and port
> forwarding works.
>
> What could be blocking SSH? Anyway to check logs on Pi?

Thank you everyone for your replies. I tried everything you mentioned
and it all looked good. I turned on logging in Putty and more detailed
logs in auth.log on sshd.

When fiddling with the router firewall I noticed I had 2 port forwards
to 22 on the Pi. Basically I was forwarding 4440 (changed from 4444 as
it seemed to be used by other protocols) and 22 from external to local
22. I deleted external 22 and left only 4440. And it started working
around this time, so I suspect I created some kind of clash on the
router!?

Anyway, is really great I can now access my Pi with SSH. Thanks again!

--
Don't be afraid of the deep...
--[ bbs.bottomlessabyss.net | https | telnet=2023 ]--
--[ /query geeknix on libera.chat | tilde.chat ]--

Re: SSH from Internet to Pi

<u2lrlg$3hh9g$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6416&group=comp.sys.raspberry-pi#6416

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: tnp...@invalid.invalid (The Natural Philosopher)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: SSH from Internet to Pi
Date: Sun, 30 Apr 2023 14:49:36 +0100
Organization: A little, after lunch
Lines: 13
Message-ID: <u2lrlg$3hh9g$1@dont-email.me>
References: <slrnu4820a.r0f.usenet@raspberrypi.geeknix.net>
<slrnu4so5q.o2b.usenet@raspberrypi.geeknix.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 30 Apr 2023 13:49:36 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="055d44a25903078dddb3986f9c7abde4";
logging-data="3720496"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1927n6jQUuMQZxw0uM53d3um2C+72hYjWY="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.10.0
Cancel-Lock: sha1:+6CmtCf/yzyTVLXDe2z80KK0oBw=
Content-Language: en-GB
In-Reply-To: <slrnu4so5q.o2b.usenet@raspberrypi.geeknix.net>
 by: The Natural Philosop - Sun, 30 Apr 2023 13:49 UTC

On 30/04/2023 14:00, Geeknix wrote:

> Anyway, is really great I can now access my Pi with SSH. Thanks again!
>
👍

--
“Some people like to travel by train because it combines the slowness of
a car with the cramped public exposure of 
an airplane.”

Dennis Miller

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor