[RndTbl] trying to set up ssh at home

John Lange john at johnlange.ca
Tue Jan 26 12:34:48 CST 2010

On Fri, 2010-01-22 at 19:20 -0600, Kat wrote:
> The problem is I am trying
> ssh (my ip)
> and I get "Connection refused".  

You haven't said what distribution of Linux you are running?

The problem you report above is either:

a) Your ssh daemon is not set to listen on the LAN ip address.

b) ssh is listening, but the firewall on that machine (not the router)
is set to block connections on the LAN interface.

> This happens both from my parents' machine (in another town - Go Mom
> for downloading and running putty), and from my own (that ssh is
> running on).
> I suspect the problem has to do with my router, either regarding my
> rather prudent settings (LAN connection must be authenticated, and
> have a whitelisted MAC address), or more likely, I am missing
> something in setup to allow incoming connections that get forwarded to
> my specific machine.  This is where my understanding falls apart at
> the moment... help?

Before you go any further trying to get your router setup, you
positively MUST get it working on the LAN first.

You have accomplished step 1 already which is to confirm that ssh is
working by sshing to localhost (

Step 2 is to confirm that ssh is listening and reachable on the LAN IP.
That is where you are now. Do this:

# netstat -an | grep -E "tcp.*?22.*?LISTEN"

You should see something like:

tcp   0  0*      LISTEN

That means ssh is listening on all interfaces (IPs).

If you still can't ssh to it from itself, then the firewall on the local
machine is most likely blocking port 22. Turn the firewall off and try

Once you've got the machine so it can ssh to itself on the LAN IP then,
if you can, you should test ssh from another machine on the same LAN.

Step 3 is to configure the firewall/router to port forward the SSH port
on the external IP (the 24.x.x.x address) to the internal LAN IP That should be fairly straight forward on the Linksys

Then, ssh to it from the remote computer using firewall's Internet
(external) IP address (not the LAN IP).

One word of caution; before you do any of this, please make sure your
passwords (especially your root password) is something very secure. Once
you open up port 22, you will see literally hundreds of attempts per day
to hack your root password.

I personally recommend changing the port to something else but that
throws a bunch more complications into the process and at this point
just focus on getting it working, then you can move on to more advanced
things like changing the default ssh ports (hint, look
in /etc/ssh/sshd_conf).


John Lange

More information about the Roundtable mailing list