sshd only works on local network

Question

Level 1

4 points

sshd only works on local network

I'm having a little problem on my Mac mini with OS X Server Yosemite. The sshd server will allow me to connect to the machine from my local network but not remotely. Here's what I've done to troubleshoot:

1. Server is behind an Airport Extreme connected to a cable modem. Server has a static IP. Airport uses port forwarding. Server is configured for DNS on the server itself (with a FQDN) and has an Open Directory master, but DHCP is handled by the Airport.

2. The server has other services that are available remotely: VPN, website, mail, etc. So, port forwarding for those services is working.

3. If I forward port 22 (or, let's say, 22222 to 22) to another machine on my network, SSH magically works remotely with the other machine. So, I know that my ISP is not somehow blocking port 22 or ssh connections.

4. When I run both the ssh client and the sshd server in verbose and debug modes, the client simply stops at "connect to address xxx.xxx.xxx.xxx: operation timed out." The server never shows any debug lines while I try to connect remotely (meaning, it never shows that a connection is even being attempted). When I try to connect from within my local network, I can connect without any problems.

5. There are no other services or applications usurping port 22 for SSH or other connections.

6. I don't have a firewall turned on on the server (nor anywhere else in the network).

7. I have already tried a hard reset of the Airport Extreme and reconfigured port forwarding.

I don't know what the problem is. I used to be able to connect remotely via ssh. I can connect locally now, and I can connect remotely if I port forward ssh to a different computer on the local network. Since I can connect locally, I feel like the problem is not with the sshd_config or something else related to the ssh server. But since the server doesn't even acknowledge a remote request to connect via ssh, I am wondering if there is a (software) network configuration problem somewhere on the server wherein it simply refuses to route remote ssh requests. I know it's not a blanket refusal, since my other services are reachable remotely.

Does anyone have any ideas?

Thank you!

Posted on Jul 25, 2015 3:12 AM

Reply

Answer 1

Linc Davis

Level 10

209,739 points

Jul 25, 2015 10:27 AM in response to erostratus

Can you telnet to the server on the forwarded port?

Reply

Answer 2

erostratus Author

Level 1

4 points

Jul 25, 2015 10:36 PM in response to Linc Davis

Yes, telnet works from within the local network and remotely with port 23 forwarded to the server.

Reply

Answer 3

MrHoffman

Level 10

146,653 points

Jul 26, 2015 8:58 AM in response to erostratus

Launch Server.app > select the server and connect > select the server name at the top of the left column > select Access > see if ssh access is restricted, either by default or specifically.

Reply

Answer 4

erostratus Author

Level 1

4 points

Jul 26, 2015 2:41 PM in response to MrHoffman

Sigh. That was exactly it. I had restricted SSH to private networks. I definitely feel foolish but really appreciate you had an easy answer.

Thanks!

Reply