On Fri, Jul 29, 2022 at 07:05:46AM +0100, Bob Williams wrote:
Operating system Tumbleweed; desktop KDE Plasma.
I can ssh into my desktop machine from my phone (using JuiceSSH) using the local LAN address 192.168.178.48
When I try to ssh to my ISP static address, I get 'no route to host'. This also happens to a colleague trying to connect from another city (ie. from outside my LAN).
I have moved my ssh port to a higher number, no longer 22. This is set in /etc/ssh/sshd_config and /etc/services. The port is forwarded to this machine in my router (Fritz!Box 7530).
So are you connecting to port 22 and then having the Fritz!Box 7530 port-forward to the higher port number of the static IP of your machine inside your LAN? Or also using the higher number from outside the LAN. You can do either, but you need to do so consistently in your command line options or .ssh/config. eg, each of these is legit, but needs a different port forward rule at the Fritz!Box 7530: ssh -p 22 ---> Fritz!Box7530 ---> staticip_tw_sshd listening on 7890 ssh -p 7890 ---> Fritz!Box7530 ---> staticip_tw_sshd listening on 7890 ssh -p 7890 ---> Fritz!Box7530 ---> staticip_tw_sshd listening on 1234 Are you sure your TW machine has a static IP itself inside the LAN as the target for the port forward? Does it match in the 7530's port-forward table? Also assume you've restarted/SIGHUP sshd since moving the port? I have a 7530 on one network and this works fine for me, also with ssh traffic moved off a 22/common port to avoid umpteen probes cluttering my logs. To help with debugging, use "ssh -v ..." to connect from the client/Arch, just to check the chatter between machines. In the past I found various encryption algorithms weren't enabled/allowed on a particular versions of RHEL or Debian that stopped key based login, and similar on low-power single board targets. Daniel