Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Nov 17, 2012, 09:33 AM   #1
Kilamite
macrumors G3
 
Kilamite's Avatar
 
Join Date: Mar 2007
Location: Edinburgh, Scotland
SSH/SFTP from outside to my Mac

I have a Raspberry Pi and a Mac with SSH enabled. I want to SSH to my Mac from outside, however having trouble differentiating between my Mac and Raspberry Pi.

If I SSH from the outside using my public IP, my router always relays that onto the Raspberry Pi. I can then tunnel from the Pi to my Mac, but that isn't ideal when I want to SFTP.

I've tried opening up additional ports on my router, one for my Mac's LAN IP and one for the Pi, and SSH using those ports to differentiate between my Mac and Pi but no luck.

Worth mentioning that even with the Pi turned off, I can't SSH to my Mac from the outside.
__________________
15" MacBook Pro 2GHz i7 8GB 750GB Hybrid | Mac mini 2.3GHz i7 16GB 1TB Fusion | OS X 10.9.2
iPhone 5 64GB | Apple TV 3 1080p | iOS 7.1
Home Theatre Hackintosh i3 3.5GHz 4GB 3TB | OS X 10.9.2
Kilamite is online now   0 Reply With Quote
Old Nov 17, 2012, 10:19 AM   #2
switon
macrumors 6502a
 
Join Date: Sep 2012
RE: SSH and non-standard ports....

Hi Kilamite,

Depending upon your router, some routers allow you to specify which internal LAN IP address a connection on a particular external port (WAN-Internet) will be directed to. You have to setup the differentiated port forwarding at the router level.

It looks like you have already attempted this non-standard SSH port scheme. Did you edit both the ssh_config and sshd_config files to specify the non-standard ports for the Mac? Can you SSH to your Mac from the outside when using the standard port 22 (obviously with the Pi unplugged)? If not, then you may have a router issue. If so, then you may have a firewall issue on your Mac when using the non-standard port.

I don't have and am not familiar with the Raspberry Pi, but I've done precisely the above non-standard SSH port strategy for SSH-ing to multiple computers on a LAN from the external Internet. Has the Pi reset the configuration on your router to forward everything to itself?

Good luck,
Switon

Last edited by switon; Nov 17, 2012 at 10:25 AM.
switon is offline   0 Reply With Quote
Old Nov 17, 2012, 10:38 AM   #3
Kilamite
Thread Starter
macrumors G3
 
Kilamite's Avatar
 
Join Date: Mar 2007
Location: Edinburgh, Scotland
Thanks for the reply switon.

To make things simpler, I'll use Cyberduck SFTP to test, since it is easier to quickly configure ports (screenshot 2).

I've attached my router settings with port forwarding. I've blocked out the other ports I have open, however, port 22 is open by default.

When I use port 9092 to connect to the Pi, it doesn't work. If I use port 22, it works fine.

EDIT - I noticed I actually had port 22 forwarding to the Pi's IP address (set this up ages ago). I changed that to my Mac's IP and I can now remotely SFTP to my Mac. But using non SSH ports to differentiate between LAN computers still isn't working for me.
Attached Thumbnails
Click image for larger version

Name:	Screen Shot 2012-11-17 at 16.27.jpg
Views:	23
Size:	18.0 KB
ID:	377876   Click image for larger version

Name:	Screen Shot 2012-11-17 at 16.36.43.png
Views:	12
Size:	49.7 KB
ID:	377877  
__________________
15" MacBook Pro 2GHz i7 8GB 750GB Hybrid | Mac mini 2.3GHz i7 16GB 1TB Fusion | OS X 10.9.2
iPhone 5 64GB | Apple TV 3 1080p | iOS 7.1
Home Theatre Hackintosh i3 3.5GHz 4GB 3TB | OS X 10.9.2
Kilamite is online now   0 Reply With Quote
Old Nov 17, 2012, 01:01 PM   #4
switon
macrumors 6502a
 
Join Date: Sep 2012
RE: non-standard ports...

Quote:
Originally Posted by Kilamite View Post
EDIT - I noticed I actually had port 22 forwarding to the Pi's IP address (set this up ages ago). I changed that to my Mac's IP and I can now remotely SFTP to my Mac. But using non SSH ports to differentiate between LAN computers still isn't working for me.
Hi Kilamite,

Glad to hear that you can sftp to your Mac when on the standard port 22. So sftp is working. But you can't sftp when on a non-standard port. Unfortunately, I don't use CyberDuck, so I can't answer any questions about that. Rather I use the SSH that comes with Mac OS/Xcode. Does CyberDuck use the same /etc/sshd_config file, or does it have its own? When you look at /etc/sshd_config, is the "#" in front of the "Port xxxx" line missing? The "#" makes the line a comment and thus it is not read. If you edit this file manually, change the "#Port 22" to "Port xxxx". Then restart the SSH daemon. (I don't know how you do this with CyberDuck, so I'm giving you the way I do it using the system's built-in ssh.) Once restarted, the daemon should now be looking for connections on port xxxx. You would then have port xxxx forwarded by your router to your Mac's IP address, and you would "ssh -p xxxx", or however CyberDuck connects on a different port, from your external Mac.

One possible way of tracking this down is to use a packet sniffer (I use wireshark -- free from the MacPorts or Fink projects) on your LAN Mac to see if your ssh packets are properly being forwarded through your router to your LAN Mac. If they are properly forwarded, then you must have a firewall problem with the non-standard port for ssh. You might check if this is the case by switching off your firewall for a minute and performing the test to see if it works without the firewall. If it does, then you know that its your firewall that is causing the connection problem. Or, if you don't want to switch off your firewall, then turn on firewall logging and look at the log files to see if the ssh packets are being deep sixed by your firewall. If it is your firewall, then you can write a specific rule to allow the non-standard port.

...just some more thoughts...

Good luck,
Switon
switon is offline   0 Reply With Quote
Old Nov 17, 2012, 01:26 PM   #5
switon
macrumors 6502a
 
Join Date: Sep 2012
RE: router...

Quote:
Originally Posted by Kilamite View Post
When I use port 9092 to connect to the Pi, it doesn't work. If I use port 22, it works fine.
Assuming that CyberDuck is working correctly, then it sounds like your router may not be forwarding the non-standard ports properly, since the Pi also does not work on non-standard ports...

Personally, I track these problems down with wireshark, but any packet sniffer would work. The WiFi Diagnostics.app from Mac OS has a rudimentary packet sniffer built-in, but I have no experience with it.

Switon
switon is offline   0 Reply With Quote
Old Nov 17, 2012, 01:41 PM   #6
switon
macrumors 6502a
 
Join Date: Sep 2012
RE: same protocol? ...

Hi,

I assume that this is not the problem, but it is worth checking. Is CyberDuck using the same protocol when it is on a non-standard port? It should be using Protocol 2.

Switon
switon is offline   0 Reply With Quote
Old Nov 17, 2012, 05:53 PM   #7
torid110
macrumors regular
 
Join Date: Jan 2006
Location: Jersey City, NJ
I don't think this will work the way that you have it configured, because SSH is still listening on port 22 on both your devices, which are default ports. You will need to change the configuration on each machine to have SSH start up using the ports that you are listing as the INT port on the router.

See this post:

http://zanshin.net/2012/07/03/change...mac-os-x-lion/
torid110 is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 08:43 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC