ssh: acces denied (only from remote network)

Hi,
I can't get my sshd to work properly: it allows connections from the other computer in my home network, but says "ssh: connect to host <ip> port 22: Connection refused" when trying to connect from the outside.

Iptables are set to "policy accept" without any additional rules.

/etc/host.deny:
ALL:ALL
/etc/hosts.allow:
sshd:ALL

Sshd's configuration:
owl:/home/mitja# cat /etc/ssh/sshd_config | grep -v ^# | tr -s '\n'
Port 22
ListenAddress ::
ListenAddress 0.0.0.0
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 600
PermitRootLogin yes
StrictModes no
UseDNS no
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
PasswordAuthentication yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
MaxStartups 3
Banner /etc/issue.net
Subsystem sftp /usr/lib/sftp-server
UsePAM yes

The server seems to be up and running:
owl:/home/mitja# ps aux | grep sshd
root 1691 0.0 0.7 3428 1468 ? Ss 12:32 0:00 /usr/sbin/sshd
root 1878 0.0 0.3 3244 7022 on ::.0 pts/0 R+ 13:11 0:00 grep sshd
owl:/home/mitja# netstat -ln | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN

Running the daemon manually with debug info:
owl:/home/mitja# sshd -d
debug1: sshd version OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8.sarge.1
owl:/home/mitja# debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.

I get the same response when trying port 22 with the telnet command:
owl:/home/mitja# telnet <ip> 22
Trying <ip>...
telnet: Unable to connect to remote host: Connection refused

Running the client:
owl:/home/mitja# ssh mitja@<ip> -v -v
OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8.sarge.1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to <ip> [<ip>] port 22.
debug1: connect to address <ip> port 22: Connection refused
ssh: connect to host <ip> port 22: Connection refused

Everything works fine when connecting to server in question locally (or, as mentioned, from the other machine in the network):
mitja@owl:~$ ssh mitja@localhost
Password:
<etc.>

Home network consists of two computers and an ADSL modem, all connected via a switch. DSL provider gives me two external IPs, so there's no need for masquerade or any kind of proxying.

The server in question is a Debian, kerl version 2.6.3.

I'm stuck and can't think of anything; does anybody with more experience know where else to look?

Some more info:

I just installed telnetd to discover that the problem appears there, too.
Connecting from localhost works fine, but not so from the remote network.

Until recently (coupla days), apache worked normally for remote as well as local accesses. Just before I wanted to write that it still works, I checked it once again - and it doesn't work. Connection refused, of course. So it hasn't got much to do with ssh as such, it seems. IIRC I did an apt-get upgrade in between - could that be the cause in any way (clashing versions,...)?

The server responds to pinging, though.

Thanks once more,
Mitja

proxy server in the way and they've been closing down the ports ?


Mitja wrote:

> Some more info:
>
> I just installed telnetd to discover that the problem appears there, too.
> Connecting from localhost works fine, but not so from the remote network.
>
> Until recently (coupla days), apache worked normally for remote as well as
> local accesses. Just before I wanted to write that it still works, I
> checked it once again - and it doesn't work. Connection refused, of
> course. So it hasn't got much to do with ssh as such, it seems. IIRC I did
> an apt-get upgrade in between - could that be the cause in any way
> (clashing versions,...)?
>
> The server responds to pinging, though.
>
> Thanks once more,
> Mitja

>> I just installed telnetd to discover that the problem appears there, too.
>> Connecting from localhost works fine, but not so from the remote network.
>>
>> Until recently (coupla days), apache worked normally for remote as well as
>> local accesses. Just before I wanted to write that it still works, I
>> checked it once again - and it doesn't work. Connection refused, of
>> course. So it hasn't got much to do with ssh as such, it seems. IIRC I did
>> an apt-get upgrade in between - could that be the cause in any way
>> (clashing versions,...)?
>>
>> The server responds to pinging, though.
>>

> proxy server in the way and they've been closing down the ports ?

Nope, forgot to mention that. The connection goes directly via my ISP, which doesn't block any ports.

Mitja wrote:
>>> I just installed telnetd to discover that the problem appears there,
>>> too.
>>> Connecting from localhost works fine, but not so from the remote
>>> network.
>>>
>>> Until recently (coupla days), apache worked normally for remote as
>>> well as
>>> local accesses. Just before I wanted to write that it still works, I
>>> checked it once again - and it doesn't work. Connection refused, of
>>> course. So it hasn't got much to do with ssh as such, it seems. IIRC
>>> I did
>>> an apt-get upgrade in between - could that be the cause in any way
>>> (clashing versions,...)?
>>>
>>> The server responds to pinging, though.
>>>
>
>> proxy server in the way and they've been closing down the ports ?
>
>
> Nope, forgot to mention that. The connection goes directly via my ISP,
> which doesn't block any ports.

Whats is the status of your firewall?

--
Respectfully,


CL Gilbert

"Verily, verily, I say unto you, He that entereth not by the door() into
the sheepfold{}, but climbeth up some other *way, the same is a thief
and a robber." John 10:1

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D

For a free Java interface to Freechess.org see
http://www.rigidsoftware.com/Chess/chess.html