SSH to virtualized Ubuntu Server not working

[lubblig]

So I've got Ubuntu Server 14.04.3 installed in a virtualbox vm. The vm is using bridged internet to get it's own ip locally and I can successfully ping it.

 

SSH is installed and I can connect locally from other computers on the network.

 

Though, when I try to connect from outside my network, it doesn't work.

 

I've port forwarded port 22 for both udp and tcp (I think only tcp is used though but still).

 

I'm using my external ip, not the 192.168.1.X one.

 

I'm using the exact same username and password as when I connect locally.

 

So, I'm sort of out of ideas. Why is it not working?

 

 

 

Btw, the server has Lamp server installed and is used as an apache2 web server. If that helps anyone..

[Sunshine1868]

when you go to type "ssh UNAME@IP" in your terminal, does it give any response?

...does it acknowledge the ssh request? or does it just time out?

 

also, what OS are you using client-side?

 

double check that UFW (on the ubuntu VM allows ssh through)

use "sudo ufw status" to see whether it is 1) enabled, and 2) allows port 22

[lubblig]

When I do sudo ufw status
It tells me it's inactive. I'm not sure what it is but I can ssh locally.

Also, I use putty to connect so I simply type the ip and then log in.

 

EDIT:

Client OS is windows, again using putty.

[Fetzie]

Is the firewall maybe not letting you in? Check you haven't got yourself blacklisted.

[lubblig]

Is the firewall maybe not letting you in? Check you haven't got yourself blacklisted.

Hehe, how?

 

I'm kind of new to setting up servers and stuff. Especially linux stuff. Some instructions to what and where would be nice

 

EDIT: But since I'm able to connect locally, why would it blacklist me just because it's an external ip?

[Sunshine1868]

IM BACK! (sorry, for some reason I got locked out of the forum)

 

are you still having the issue?

[lubblig]

IM BACK! (sorry, for some reason I got locked out of the forum)

 

are you still having the issue?

No worries. But yes I still have issues. Still works locally but not outside of my network.

[Guest]

maybe something wrong in the config file of the OpenSSH package, did you enable username login? its not enabled by default, Once I couldn't login to my server, later realized I had no authentication method enabled

[lubblig]

maybe something wrong in the config file of the OpenSSH package, did you enable username login? its not enabled by default, Once I couldn't login to my server, later realized I had no authentication method enabled

I have no idea. If you could guide me through checking it and enabling it I'd really appreciate that. I'm a complete noob at linux and linux servers so I don't really know what I'm doing to be honest.

 

But if I'm able to log in locally, wouldn't that mean it is enabled? (Again, I've got no idea so you are welcome to try and help me with that anyway. It might definitely be that, I just had a thought.)

[Footy]

what IP is the VM and what IP is your router?

[lubblig]

The ip of the VM is 192.168.1.128 and the router is 192.168.1.1

[Ginz]

Try

sudo apt-get install openssh-server

If that is already installed, then try connect the vm to itself using ssh.

ssh 192.168.1.128

Edit: Ignore me, didn't read properly, it's probably your ISP blocking it. What you can try do is set your router to port forward a different port, e.g. 45000 to port 22 on 192.168.1.128 and then ssh to your external IP with port 45000

Edited October 26, 2015 by Ginz

[Sunshine1868]

Try

sudo apt-get install openssh-server

If that is already installed, then try connect the vm to itself using ssh.

ssh 192.168.1.128

Edit: Ignore me, didn't read properly, it's probably your ISP blocking it. What you can try do is set your router to port forward a different port, e.g. 45000 to port 22 on 192.168.1.128 and then ssh to your external IP with port 45000

 

WARNING: I wouldn't do this if I were you... port 22 is the secure ssh port. if you move up to something else and leave that port open, other things can access it. If you want to avoid risking compromising security, stay on port 22 and test other methods of accessing this VM on the network

[Sunshine1868]

Quick question: when you access your server through ssh locally, are you doing it on the machine that the Ubuntu server is hosted on? or a different machine on the same local network?

 

also: be sure the VM has a DHCP reservation on a static IP address. This will ensure that it is always there. Then port forward the ssh port (22) to that IP. (if you have not already taken these steps)

[lubblig]

Quick question: when you access your server through ssh locally, are you doing it on the machine that the Ubuntu server is hosted on? or a different machine on the same local network?

also: be sure the VM has a DHCP reservation on a static IP address. This will ensure that it is always there. Then port forward the ssh port (22) to that IP. (if you have not already taken these steps)

No it's on another computer and on my smartphone.

It does, it's always 192.168.1.128. The port (22) is forwarded.

[Footy]

on your VM can you type ifconfig  &  route

[lubblig]

on your VM can you type ifconfig  &  route

yes, do you want the results or are you just asking to see if it works?

[Footy]

results

[FizzyFantom]

Your ISP might be blocking port 22. I have seen several cases of ISP blocking port 25 (SMTP), so I think that some could block 22 as well.

 

Have you tried it with a higher port? If not then I suggest you do. For security reasons it is suggested that you use a randomly selected high numbered port for SSH unless you have a specific reason to use port 22. Also you should check your security settings such as disallowing root login and setting a password input timeout. On top of this you could use tools such as Fail2Ban to block attackers and monitor connection attempts.

 

Best of luck

[lubblig]

results

I don't know how to copy and get it out of the VM, so I've got a screenshot instead.

 

[lubblig]

Ok, I don't think my ISP is blocking port 22 but I could check to make sure.

Your ISP might be blocking port 22. I have seen several cases of ISP blocking port 25 (SMTP), so I think that some could block 22 as well.

Have you tried it with a higher port? If not then I suggest you do. For security reasons it is suggested that you use a randomly selected high numbered port for SSH unless you have a specific reason to use port 22. Also you should check your security settings such as disallowing root login and setting a password input timeout. On top of this you could use tools such as Fail2Ban to block attackers and monitor connection attempts.

Best of luck

But Sunshine1868 said that it's not good to do so since port 22 apparently is secure for ssh. Is that wrong or what?

Also, as I'm a noob at this. I wouldn't mind if you'd explain how to check the security settings and also how to get and setup Fail2Ban. It all sounds like great advice but I simply don't know how. I'm a nooby windows user. I don't know all of this advanced linux stuff
 

WARNING: I wouldn't do this if I were you... port 22 is the secure ssh port. if you move up to something else and leave that port open, other things can access it. If you want to avoid risking compromising security, stay on port 22 and test other methods of accessing this VM on the network

[FizzyFantom]

Ok, I don't think my ISP is blocking port 22 but I could check to make sure.

But Sunshine1868 said that it's not good to do so since port 22 apparently is secure for ssh. Is that wrong or what?

Also, as I'm a noob at this. I wouldn't mind if you'd explain how to check the security settings and also how to get and setup Fail2Ban. It all sounds like great advice but I simply don't know how. I'm a nooby windows user. I don't know all of this advanced linux stuff

 

This guide is pretty good for the basic security stuff:

http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html

 

The stock settings in Ubuntu OpenSSH are pretty good, but double-check them anyway.

 

Port 22 is neither safe or unsafe in and of itself, but it has become a big target for attackers of SSH and is not recommended as a result. If you forward port 22 to a server it will be pretty much constantly attacked if you publish that server anywhere. Using a higher port mitigates this as the attackers won't know what port to connect on.

High number ports may be found through port scanning attacks, but you firewall ought to catch this if it's worth its salt.

[lubblig]

This guide is pretty good for the basic security stuff:

http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html

 

The stock settings in Ubuntu OpenSSH are pretty good, but double-check them anyway.

 

Port 22 is neither safe or unsafe in and of itself, but it has become a big target for attackers of SSH and is not recommended as a result. If you forward port 22 to a server it will be pretty much constantly attacked if you publish that server anywhere. Using a higher port mitigates this as the attackers won't know what port to connect on.

High number ports may be found through port scanning attacks, but you firewall ought to catch this if it's worth its salt.

Ok, no it isn't really published anywhere so it shouldn't be an issue.

 

But I guess I'll change it to be safe.

 

 

I'll look into that guide and see if I can understand it. I'll ask otherwise. Hopefully this'll work.

[Hobinrood]

Okay, lets see here..

 

You are unable to SSH your Ubuntu server using port 22(default port) using OpenSSH-server. You can ping your virtual machine and the other way around right?

 

Step one I always to is to type "sudo service sshd status" this gets the status of the ssh server service, if  it's running or stopped. You can always use "top" to get a general overview and scroll through the processes.

 

Check you firewall, utw in this case. To see if the service is allow access  from the outside. (This should be automatic from when you install the OS or when you install OpenSSH-server.

 

If it's running and it still does not work, you can always change the port that ssh uses, "sudo nano /etc/ssh/sshd.conf" change portnr from 22 to for example 2222. Then type "sudo service sshd reload" or restart either way goes. 

 

Then using putty or terminal from another linux machine, enter port 2222 and the usual IP-address to your virtual machine.

 

If your accessing the virtual machine from remotely port forward 2222 to 22 to your virtual machines IP.

 

This is my general troubleshooting routine apart from the port number part.

 

If it still does not work for some reason check your virtualbox setting for the virtual machine.