Doing ssh OUT of a pi5 TO a remote host

Hi Guys,

I have a “dumb” question about using ssh from a pi5. I have been programming software for so many years that I have forgotten a lot about how to do networking, so I hope I’ll be forgiven for being ignorant. I have a pi5 running as the second computer on my LAN, on network cable AND wifi. Everything works on the pi5, internet, firefox, media, downloads, and so on.

I would like to ssh to a remote host over the internet, from the pi5. This host has been accessible from my main computer on the LAN for a long time. From that main computer I use “ssh user @ hostip” which is standard stuff (detailed values not shown). I can also use “ssh user@ hostname” perfectly OK. Once connected, I do work on my client’s remote host like any other command line.

Now the pi5 is connected by cable AND wireless to the router. When I try to do “ssh user@host” as per the above, from the pi5, I simply get a “connection refused”. (“user” and “host” are NOT shown, for obvious reasons!)

Note that port 22 on the main computer is shown as “closed” from the command “nmap -p 22 localhost”. This does not seem to stop the main computer from accessing the remote host, AND I have never done any config on “ssh”, I simply installed it ages ago with “apt install openssh-client”.

What should I be doing that I haven’t done ? I have complete access to my NetComm NL20MESH Router settings, NAT or firewall or port forwards, if this is the problem, so I just need enlightenment !!

Thanks in advance.

Just some high level comments and thoughts.

1. SSH TCP Port 22 only needs to be open on the host you are connecting too, the host you are coming from does not need anything special outside of outbound connect to a remote host on port tcp/22. (most of the time outbound is allowed).

2. Assuming both the Pi and the Desktop are on the same LAN (talk of wifi AND Wired) and leave your local network, get natted to the same public IP address. Then the firewall really only needs to support outbound to port 22 (which tends to be defaults).

3. That leaves the remote side.
   If there is a special “from” rule that will only accept from a set IP and Port, then your local nat will need to take care of that.
   If there. There is more then just username/password that can be used to auth. e.g. they could be ssh keys in the mix.

Is there some sort of VPN in place, this could be on the PC or at the firewall with some policy based routing to push the traffic over a tunnel (As I would normally be trying to stop any direct ssh from the internet to any of my devices)

Its all a little hard to work out how it is currently working without detailed data flow planes, so the above is a guess (or thoughts)

Good news.
Ssh refused tends to mean that that the target machine was found, and had a successful handshake, but some rule, firewall, or protocol on that target machine rejected the request.
You say you’ve been able to ssh into that machine in the past, just not from the pi, so I’m going to predict it’s IPtables related.

What OS is the target machine?

Thanks Michael9945, that was very enlightening and helpful, especially points #1 and #2 !

You are NOT going to believe this, but it’s solved. Here’s what happened:

1. After installing the pi5, I decided that I’d like to try out ssh and connect to the main computer from the pi5. The main machine is simply on 192.168.1.100
2. Before doing this, I realised that I had setup an sshd for connection to the main computer from outside using a port forward - I often connect from an ssh client to my main computer to check files at my office, etc.
3. I did this on a non-standard inward port, call it “port x”, just to stay away from port 22.
4. When I was ready to ssh into the main computer from the pi5, I set the Port Number in the ssh config file to , so that the pi5 would ONLY connect to that port number.
5. Then today, when I ran “ssh user@host” I got a Connection Refused, BECAUSE I had forgotten to change the config Port Number from to say, “*”.
6. So now I will create 2 shell scripts (1) To connect to the remote host from pi5, and (2) To connect to the main computer on 192.168.1.100 (if this is necessary). Not the only way of doing things, but I can then setup things more conveniently.
7. I know that 99% of the people want to ssh INTO the pi5 as a “server”, but I wanted to shell OUT, so as to make the pi5 a client, like a laptop, etc.

Anyway, thanks for your input, most appreciated.

Thanks Pixmusix, you were absolutely right. Here, I was specifying a port for which nothing was listening at the remote host end ! The target OS is Debian. Anyway, all working OK.

Cheers

Nice one @Anthony273495
I’ll take the little win for picking it but you get the trophy for solving it.