[SOLVED] SSH between Multiple networks.

[Venkat teja Ravi]

My pc is connected to the Home network and the Proxmox Host node is connected to Different/ Outer network. I want to establish an SSH connection between these. Is it possible to do that?

Home PC IP address is: 192.168.29.158
Home PC Public address is 49.xx.xxx.175

Proxmox host node IP is: 192.168.10.2
Proxmox host node Public IP is: 202.xx.xxx.0

 

[spirit]

so, you have a public ip address, and your server have a public address....it's internet....

just ssh your server public address "ssh root@202.xx.xxx.0"

 

[Venkat teja Ravi]

so, you have a public ip address, and your server have a public address....it's internet....

just ssh your server public address "ssh root@202.xx.xxx.0"

It is showing connection timedout.

 

[spirit]

It is showing connection timedout.

can you ping the ip ? maybe a firewall somewhere ?

 

[Venkat teja Ravi]

can you ping the ip ? maybe a firewall somewhere ?

Yeah, I can ping

 

[spirit]

Yeah, I can ping

so, it's look like you have a firewall somewhere blocking the port 22.

 

[Venkat teja Ravi]

so, it's look like you have a firewall somewhere blocking the port 22.

pve-firewall is disabled
ufw is disabled
There are no firewalls.

 

[Hannes Laimer]

Hey,

just to be sure, you can run lsof -i -P -n | grep LISTEN to check if and where the ssh service is listening. Can you reach the WebUI?

 

[Venkat teja Ravi]

Hey,

just to be sure, you can run lsof -i -P -n | grep LISTEN to check if and where the ssh service is listening. Can you reach the WebUI?

$ lsof -i -P -n | grep sshd
sshd 47984 root 3u IPv4 142493938 0t0 TCP *:22 (LISTEN)
sshd 47984 root 4u IPv6 142493940 0t0 TCP *:22 (LISTEN)

Yes, I can reach the web UI.

 

[Hannes Laimer]

Ok, what you can try is to change the port on which the ssh service is listening, so if something should block ssh, this would get around that.
In the /etc/ssh/sshd_config file is a line for the port (#Port 22).

1. Uncomment that and change the 22 to something like 54633(just has to be smaller than 65535)
2. Now you have to restart the ssh service with systemctl restart sshd

When you connect to the server you have to add a -p <port_nr> to your ssh command. If you are able to connect now, something between your PC and the server was blocking ssh.

 

[Venkat teja Ravi]

Ok, what you can try is to change the port on which the ssh service is listening, so if something should block ssh, this would get around that.
In the /etc/ssh/sshd_config file is a line for the port (#Port 22).

1. Uncomment that and change the 22 to something like 54633(just has to be smaller than 65535)
2. Now you have to restart the ssh service with systemctl restart sshd

When you connect to the server you have to add a -p <port_nr> to your ssh command. If you are able to connect now, something between your PC and the server was blocking ssh.

I have changed the port to 54633 and restarted the sshd service.
ssh root@202.xxx.xx.0 -p 54633 (results in a connection refused.)

 

[oguz]

does this public IP belong to your PVE server? or is it the public IP of the network where it's located behind router NAT?

if it's not the actual IP address of the server, then you might have to forward the port on your router, e.g.

you -> 202.xx.xx.0:22 -> 192.168.10.2:22

where the port 22 (or 54633 or whatever you chose) would be allowed on the router and forwarded to the internal IP address of the PVE server via NAT

 

[Venkat teja Ravi]

does this public IP belong to your PVE server? or is it the public IP of the network where it's located behind router NAT?

if it's not the actual IP address of the server, then you might have to forward the port on your router, e.g.

you -> 202.xx.xx.0:22 -> 192.168.10.2:22

where the port 22 (or 54633 or whatever you chose) would be allowed on the router and forwarded to the internal IP address of the PVE server via NAT

Hi, I am a newbie actually. Can you please elaborate more?

 

[oguz]

Hi, I am a newbie actually. Can you please elaborate more?

not sure how i can elaborate more unless you answer my question:

does this public IP belong to your PVE server? or is it the public IP of the network where it's located behind router NAT?

what i mean is, where is your PVE server located in the first place? is this a residential location with a home router? is it behind some kind of networking device?

if it's connected to a router/switch/modem etc. device, then most likely you will have to do "port forwarding".

you can usually set that up on the web interface of your network device.

let's say your router IP address is 192.168.10.1 and your PVE server IP is 192.168.10.2 -- the public IP address 202.xx.xx.0 is what you'll use to reach this network from outside.

on your router's panel you have to allow the port you want to reach (22 for default ssh, or 54633 if you want to keep this port) to be forwarded to the internal IP address of your PVE server in that network:

you -> 202.xx.xx.0:YOUR_PORT -> 192.168.10.2:YOUR_PORT

then you would connect from outside using ssh 202.xx.x.0 -p PORT, which would be forwarded by the router to your server.

hope this explains more

 

[Venkat teja Ravi]

not sure how i can elaborate more unless you answer my question:


what i mean is, where is your PVE server located in the first place? is this a residential location with a home router? is it behind some kind of networking device?

if it's connected to a router/switch/modem etc. device, then most likely you will have to do "port forwarding".

you can usually set that up on the web interface of your network device.

let's say your router IP address is 192.168.10.1 and your PVE server IP is 192.168.10.2 -- the public IP address 202.xx.xx.0 is what you'll use to reach this network from outside.

on your router's panel you have to allow the port you want to reach (22 for default ssh, or 54633 if you want to keep this port) to be forwarded to the internal IP address of your PVE server in that network:



then you would connect from outside using ssh 202.xx.x.0 -p PORT, which would be forwarded by the router to your server.

hope this explains more

not sure how i can elaborate more unless you answer my question:


what i mean is, where is your PVE server located in the first place? is this a residential location with a home router? is it behind some kind of networking device?

if it's connected to a router/switch/modem etc. device, then most likely you will have to do "port forwarding".

you can usually set that up on the web interface of your network device.

let's say your router IP address is 192.168.10.1 and your PVE server IP is 192.168.10.2 -- the public IP address 202.xx.xx.0 is what you'll use to reach this network from outside.

on your router's panel you have to allow the port you want to reach (22 for default ssh, or 54633 if you want to keep this port) to be forwarded to the internal IP address of your PVE server in that network:



then you would connect from outside using ssh 202.xx.x.0 -p PORT, which would be forwarded by the router to your server.

hope this explains more

Thank you for explaining in a much detailed way. The details where the PVE server I have:
- I took a server in a private data center.
- I do not have the details of the router modem. Atleast I cannot access their router interface for adding port forwarding I suppose.
- The public IP 202.xx.xxx.0 . This IP I got it from using curl ifconfig.me
- Are there any alternative ways to do the port forwarding operations other than using router modem interface (access is with the data center staff)?
- Can I use iptables for port forwarding?(From Public IP to private IP).

 

[oguz]

Thank you for explaining in a much detailed way. The details where the PVE server I have:
- I took a server in a private data center.

how exactly do you access the server at the moment?

- Are there any alternative ways to do the port forwarding operations other than using router modem interface (access is with the data center staff)?

if the server is indeed behind some firewall/router then you'll have to allow those ports that you want access to. how you do that depends on the exact network setup of your hoster

 

[Venkat teja Ravi]

how exactly do you access the server at the moment?

I access it via http://202.xx.xxx.2:8006 web UI.
-> What I don't understand is The IP address 202.xx.xxx.2 That I use for accessing Web UI ends with a 2 .
- > The Pub.IP that I got from curl ifconfig.me has 202.xx.xxx.0 ends with 0.

Can you please tell me whether I am doing any mistake in here?

 

[oguz]

I access it via http://202.xx.xxx.2:8006 web UI.

http or https?

-> What I don't understand is The IP address 202.xx.xxx.2 That I use for accessing Web UI ends with a 2 .
- > The Pub.IP that I got from curl ifconfig.me has 202.xx.xxx.0 ends with 0.

in that case there's most likely a firewall of some sort in between?

can you access the server via ssh if you use the IP address that ends with 2? try like ssh 202.xx.xx.2 -p 54633

 

[Venkat teja Ravi]

http or https?

It is http.

can you access the server via ssh if you use the IP address that ends with 2? try like ssh 202.xx.xx.2 -p 54633

-> I have changed the default port to 54633. By editing /etc/ssh/sshd_config. And tried SSH.

Got Output:

Connection Lost
failed to connect to /202.xx.xxx.2 (port 54633) from **** (port ****): connect fail
ed: ETIMEDOUT (Connection timed out)
connect failed: ETIMEDOUT (Connection timed out)