On 23/04/2023 18:27, Chris Green wrote:

Theo <theom+news@chiark.greenend.org.uk> wrote:

Geeknix <usenet@apple.geeknix135.net> wrote:

I'd like to ask for tips. I have a Pi running a number of services. One
is SSH to allow Telnet access via Putty. I use certificates for
authentication. While at home on LAN I can Putty into the Pi just fine
using IP 192.168.0.181:22

I have dynamic DNS for external access so I can use address
<me>.ddns.net:22 then port forwarding on my router to the Pi. Now this
works with other services like web server. So I know DDNS and port
forwarding works.

What could be blocking SSH? Anyway to check logs on Pi?

Do you have any firewalling on the Pi, router or ISP that might interfere? >> Try a different external port other than 22?

Yes, on many routers you not only have to configure the port
forwarding you also hove to open up the relevant ports on the
firewall.

I think he said he already tried that.
--
Microsoft : the best reason to go to Linux that ever existed.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 23/04/2023 07:00, Geeknix wrote:

I'd like to ask for tips. I have a Pi running a number of services. One
is SSH to allow Telnet access via Putty. I use certificates for authentication. While at home on LAN I can Putty into the Pi just fine
using IP 192.168.0.181:22

Thanks for all the replies, I'm away from home until Wednesday (SG
time), I'll try the suggestions then and let you all know the outcome!

RenMas

--
Don't be afraid of the deep...
--[ bbs.bottomlessabyss.net|https|telnet=2023|ssh=2222 ]--
--[ Remove the fruit and digits for valid email address ]--
--[ usenet <at> apple.geeknix135.net ]--

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

Dana Sun, 23 Apr 2023 10:30:04 GMT, Geeknix <usenet@apple.geeknix135.net> napis'o:

On 2023-04-22, Vincent Coen <nospam.Vincent.Coen@f1.n250.z2.fidonet.org> wrote:

Hello Geeknix!

Saturday April 22 2023 23:00, you wrote to All:

I'd like to ask for tips. I have a Pi running a number of services.
One is SSH to allow Telnet access via Putty. I use certificates
for authentication. While at home on LAN I can Putty into the Pi just
fine using IP 192.168.0.181:22

I have dynamic DNS for external access so I can use address
<me>.ddns.net:22 then port forwarding on my router to the Pi. Now this
works with other services like web server. So I know DDNS and port
forwarding works.

Silly questions, but have you opened SSH (instead of telnet - very low
security) and have you set up secure key authority etc.

Not sure what you mean, when I open the port on the router I have
selected All (i.e. TCP and UDP) for port 22.

Ok, but you have to forward that port to your 102.168.0.181:22

Small point - on mine systems I have extra security set to verify all MAC
addresses as well as user / passwords and they are only allowed using defined
ip addresses in a specific network and no I have no need to get through from >> outside but do have a box set up as a concentrator if needs must with security
set to above B1.

I have disabled username/password and only accept pre-shared keys.

Thanks Vincent.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

Dana Mon, 24 Apr 2023 20:59:57 +0800, Geeknix <usenet@apple.geeknix135.net> napis'o:

On 23/04/2023 07:00, Geeknix wrote:

I'd like to ask for tips. I have a Pi running a number of services. One
is SSH to allow Telnet access via Putty. I use certificates for
authentication. While at home on LAN I can Putty into the Pi just fine
using IP 192.168.0.181:22

Thanks for all the replies, I'm away from home until Wednesday (SG
time), I'll try the suggestions then and let you all know the outcome!

You can also forward some highet ot to your 192.168.0.181:22
You have to do that on your router provided by your ISP.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 2023-04-22, Geeknix <usenet@apple.geeknix135.net> wrote:

I'd like to ask for tips. I have a Pi running a number of services. One
is SSH to allow Telnet access via Putty. I use certificates for authentication. While at home on LAN I can Putty into the Pi just fine
using IP 192.168.0.181:22

I have dynamic DNS for external access so I can use address
<me>.ddns.net:22 then port forwarding on my router to the Pi. Now this
works with other services like web server. So I know DDNS and port
forwarding works.

What could be blocking SSH? Anyway to check logs on Pi?

Thank you everyone for your replies. I tried everything you mentioned
and it all looked good. I turned on logging in Putty and more detailed
logs in auth.log on sshd.

When fiddling with the router firewall I noticed I had 2 port forwards
to 22 on the Pi. Basically I was forwarding 4440 (changed from 4444 as
it seemed to be used by other protocols) and 22 from external to local
22. I deleted external 22 and left only 4440. And it started working
around this time, so I suspect I created some kind of clash on the
router!?

Anyway, is really great I can now access my Pi with SSH. Thanks again!

--
Don't be afraid of the deep...
--[ bbs.bottomlessabyss.net | https | telnet=2023 ]--
--[ /query geeknix on libera.chat | tilde.chat ]--

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 30/04/2023 14:00, Geeknix wrote:

Anyway, is really great I can now access my Pi with SSH. Thanks again!

👍

--
“Some people like to travel by train because it combines the slowness of
a car with the cramped public exposure of 
an airplane.”

Dennis Miller

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)