Score:2

Ubuntu

How to connect to my linux environment using ssh? (Leaptel, CGNAT)

learningdudz

4/11/24, 4:01 AM

I've been trying to use ssh to connect to my machine back home.

But everytime I tried to connect it when I'm not locally it always resulted in a "connection timeout"

I can't ping it and I tried to use netcat as well with specific port. No responses. Maybe I've missed something.

This is the condition of my linux machine at home:

I am using private/public key for the authentication, and I have copied the public key to my linux machine already
My linux environment at home is Ubuntu 22.0.4.1 LTS
I have disabled password authentication
If I am on a local network it always work, just not remotely
My ISP does not assign a static IP but everytime I try to connect it, I always check the current IP that the ISP gave to my network.
I have set a different port [x] to my linux machine

What I have done to try to fix it:

Set my sshd_config to keep alive on my linux machine
Create a port forwarding rule on my router from specific port [y] to port [x] that is set on my linux machine, and also for the ip address I have set it to the ip address that my linux machine corresponds to locally. I set UDP & TCP to allow
Since I am using ubuntu, I used ufw to set the rule to allow port [x] for my firewall
Check if my ssh is running, and everytime I have checked it states that its "active"
This is the ssh command I use ssh -i [.../mykey] [username]@[wan ip] -p [y]

I tried using a VPN to tunnel to my home and act like I'm locally. It works but its not compatible with all of my devices. So, I'm looking for a way to connect using ssh without VPN.

Note:

It just doesn't work when using my Public IP & currently the way I'm testing using Public IP is by connecting my laptop to my mobile phone's network.
My laptop's public key is already registered in the host's authorized_keys
I retrieved my public ip using curl ifconfig.me
I've asked this question initially from stackoverflow but after some time I think ubuntu's stack exchange is more appropriate so I moved it here.

180

1 + 7

server

ssh

networking

petep

4/11/24, 4:07 AM

Check /var/log/ufw.log to see if you were blocked . See the ip address.

matigo

4/11/24, 4:28 AM

Is the router at your home properly configured to forward SSH connections to the machine you want to connect to? Does your ISP permit SSH connections from outside? If the answer to either of these is "No", then you will need to resolve this preliminary problem before looking at issues with the Ubuntu-powered machine

learningdudz

4/11/24, 11:56 PM

@petep I've checked. Last thing something was blocked was 2 days ago. So, it isn't that.

learningdudz

4/12/24, 12:03 AM

@matigo I got it working I think. I called my ISP asking if they permit SSH connections and they told me that it might be because of CGNAT. After I turned it off, I was able to make the SSH connection. I'm not too familiar of why that would've hide my network.

learningdudz

4/12/24, 12:06 AM

@user535733 Oh yeah it turns out its because of CGNAT. After I turned it off I was able to make the connection.

learningdudz

4/15/24, 9:21 AM

@user68186 Would that be relevant though? Cause initially I didn't know the cause of it was CGNAT.

learningdudz

4/16/24, 11:45 AM

@user68186 Yup okay. I've changed it already.

Score:3

Ubuntu

learningdudz

4/12/24, 4:16 PM

I got it fixed. Turns out my ISP uses CGNAT for its network which makes it sort of "hidden" from me because the ISP uses a unique port to map to my ip address. So, I can't really connect to my network without knowing the unique port that the ISP assign.

To fix this I turned off the CGNAT option in which thankfully my ISP provide me with the option to turned it off.

Hopefully this answer can help anyone that come across this problem in the future.

+ 3

user68186

4/12/24, 7:04 PM

How did you find out the unique port the ISP's CGNAT uses? What exact steps did you take to connect by `ssh` with this knowledge?

learningdudz

4/13/24, 2:34 PM

@user68186 ohh I didn't find out the unique port that the ISP's CGNAT uses. I just turned off CGNAT option from my ISP cause my ISP gave me the option to do that. The answer above is just an explanation of why I wasn't able to connect with SSH so that someone in the future who come across this problem might get an idea of what might caused it. Sorry for the confusion. I'll change up my answer.

learningdudz

4/13/24, 3:12 PM

@user68186 But to answer your question. One way that I could think of, is to setup a cloud vm using AWS or Azure or others, and ssh to that machine. After you have logged in into the vm, you could use a packet analyser like tcpdump or something to listen for the incoming packets. Or another way is just to see the logs for the ssh-server by using `systemctl ssh status`, it'll show the incoming ip address with the port next to it.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to connect to my linux environment using ssh? (Leaptel, CGNAT)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.