SSH Will Not Work

Discussion in 'macOS' started by strausd, Jan 24, 2011.

  1. strausd macrumors 68030

    Joined:
    Jul 11, 2008
    Location:
    Texas
    #1
    So I am trying to SSH into my MBP from my MP. Whenever they are on the same network, I have no problem with it, it works perfectly fine. But I am trying it when they are on different networks and I cannot seem to get it to work.

    Each time I try and do it, I get "ssh: connect to host (IP address) port 22: Operation Timed out." I have no idea what is going on here. I try going into my system preferences on my MBP and go to remote login and it tells me what IP to do, it doesn't work. Then I go to whatismyip.com and use that, it doesn't work either. Can anyone tell me why it is not working?

    And I have 2 other small questions, when/if I finally get this to work, how would I be able to retrieve the correct IP of my MBP if I was not able to be around it physically? Also, how can I copy files from my MBP to my MP through terminal over ssh?

    Thanks in advance for the help!
     
  2. RoadKill macrumors member

    Joined:
    Dec 4, 2003
    Location:
    LONDON UK
    #2
    Your router will need to be configured to allow incoming tcp-22 traffic and forward this on to your Mac and probably best if you statically assign your Mac ip address rather than use dhcp for this one computer.

    If your ISP does not give you a static public IP address you should check to see if your router will support ddns and sign up for a free account with which ever provider it supports (most likely dyndns.org) or else you will need to run some client software for this on your mac.

    Once you have a ddns name e.g strausd.dyndns.org and setup the router to port forward tcp 22 you will then be able to ssh or sftp as both use the same port tcp 22 to your mac
     
  3. strausd thread starter macrumors 68030

    Joined:
    Jul 11, 2008
    Location:
    Texas
    #3
    I tried configuring my Airport Extreme Base Station for port 22 but it didnt work. Then I just clicked allow all ports and services and still nothing. I have verizon, is it possible that they are blocking the port? And if so, would I need to call them in order to have it changed?

    And since I will want to SSH into my laptop, I think it would be best go with the dns service you were talking about.

    And what about copying files through SSH? Is that possible?
     
  4. RoadKill macrumors member

    Joined:
    Dec 4, 2003
    Location:
    LONDON UK
    #4
    I think the Airport Extreme should be capable of forwarding the port correctly. I will look at my time capsule when I get home to make sure.

    It is possible Verizon block ports. I am in the UK so do not have American ISP experiance.

    It is also possible your changes to the Ae will work but you will not be able to test successfully due to the way firewall in your AE works.

    You could try running shieldsup! from here (https://www.grc.com/)

    This will scan your IP address and let you know what ports are open for incoming connections. Hopefully if all goes well tcp-22 should show up.


    As regards file transfer goes, this is also possible over tcp-22 once all is working using sftp or scp. You can either use the terminal command-line or grab a free client such as Cyberduck, Fugu, Filezilla or many others that support sftp/scp
     
  5. baummer macrumors 6502a

    Joined:
    Jan 18, 2005
    Location:
    Southern California
    #5
  6. strausd thread starter macrumors 68030

    Joined:
    Jul 11, 2008
    Location:
    Texas
    #6
    They all say stealth. I don't have a single open one. What is the difference between stealth and open?

    Also, I talked to verizon, and they said they would have to send a "team" to physically come and fix it. That is ridiculous, all I want is to open the port, why would they need to send someone to do something that simple?
     
  7. wpotere Guest

    Joined:
    Oct 7, 2010
    #7
    Lots of things could be causing the problem here. The ISP is likely not blocking anything. The outbound router will not need to be configured for anything but the inbound router will need port forwarding setup as you are sharing a routable IP with several devices on a local network. So, you have to tell the router where all SSH requests will go. The stealth that you are being told about means that the port is not responding to being probed. Open would mean that is available for a service to use.

    Now, I don't know what IP you are using to connect to the other machine. You would need to use the IP address that the WAN side of the router that machine is connected is issued from the ISP and then the router will forward the request to the machine in question.

    You are getting ready to embark on learning a lot about networking.
     
  8. strausd thread starter macrumors 68030

    Joined:
    Jul 11, 2008
    Location:
    Texas
    #8
    Well awesome because my knowledge of networking is EXTREMELY limited.

    Would the inbound router be my Airport Extreme or would it be the router Verizon provided?

    Does the port need to be open or is stealth ok too?

    On the Airport Extreme, I tried opening port 22 but I am not sure if I did it right, I will post a screen shot.

    So to get the correct IP, can I just get that from whatismyip.com?
     

    Attached Files:

  9. RoadKill macrumors member

    Joined:
    Dec 4, 2003
    Location:
    LONDON UK
    #9
    You will need to configure your Verizon router to port forward incoming ssh connections to your Mac.

    When it's successful the shields up will report tcp 22 as open.

    Take a look at this page

    http://www22.verizon.com/residentia...ing/troubleshooting/portforwarding/123898.htm

    and see if your hardware is listed

    Maybe you can post a screenshot if still stuck. Make sure you don't post anything that can identify you in your screenshot. e.g. username, ip address, etc
     
  10. strausd thread starter macrumors 68030

    Joined:
    Jul 11, 2008
    Location:
    Texas
    #10
    OK, I was able to get in and change it. I got on my MBP using iPhone tethering and SSHed into my MP on my home network and it worked perfectly. For some reason I couldnt SSH into my MBP which was using tethering from my MP which was on the home network.

    Anyways, to get it working, I had to go to whatismyip.com on my MP and type that into my MBP to SSH into it. Now, how do I get dynDNS to tell me the IP? Cause if somewhere were to steal my computer, I obviously wouldnt be able to get on the stolen computer and go to the site to find the IP.
     
  11. RoadKill macrumors member

    Joined:
    Dec 4, 2003
    Location:
    LONDON UK
    #11
    Ok cool you got your home connection working with IP address.

    To get it working using a dns name you will need to sign up for a free account with a dynamic dns provider such as dynsnd.com and the either need your home router to support a dynamic dns service and then you can configure your router or you download a piece of client software https://www.dyndns.com/support/clients/#mac and configure it with your username & password and always leave it running on your mac.

    If your router suports dyndns I would use it in preference to installing software

    If you wanted your mbp to get a dns name you would probably need a separate account with dyndns and install the software and always have running. Nothing to stop a thief from stopping the software so wouldn't rely on it to get your mac back. In fact I seem to remember some commercial software aimed at this and would use your built in cam to take pics of whomever is using it.
     
  12. strausd thread starter macrumors 68030

    Joined:
    Jul 11, 2008
    Location:
    Texas
    #12
    Alright I got the client and have it on the MBP and see that it refreshes to my new account on dyndns.com. Now the problem is that it doesnt automatically refresh the IP, the client has to start up in order for it to do that.

    Is there anyway through the Mac OS that I can have the client start every hour, then quit after like a minute or 2? Then it would refresh every hour and I just think thatd be cool.
     

Share This Page