0

I have setup a SFTP server on my Personal PC. I have started the service with the following configuration:

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile  .ssh/authorized_keys

#AuthorizedPrincipalsFile none

# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# GSSAPI options
#GSSAPIAuthentication no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
ChrootDirectory "H:\FTP_Folder"
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem   sftp    sftp-server.exe

# Example of overriding settings on a per-user basis
#Match User anoncvs
#   AllowTcpForwarding no
#   PermitTTY no
#   ForceCommand cvs server

Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

I have just changed the default directory and started the service.

I have created a local "ftp-user" on my Personal PC and given the directory access to the FTP server as follows:

FTP Folder permissions

Now, I have also checked firewall advanced settings and found that openssh is already enabled:

Windows Firewall settings

Port 22 is opened in TCP for Public, private and Domain.

Also, I have configured the router to set Port Forwarding as follows:

Router settings

At this juncture, my private IP defined by LAN is 192.168.1.4. I am able to connect through localhost and private IP address without any problem. But, if I use my cellular connection (public) and use the public IP of my PC to connect, I am unable to do so. It just timeouts.

I am unable to find any logs in ssh connection. I tried changing sshd_config Logging to Verbose but no files got generated in C:/programdata/ssh/logs.

I am trying to connect from my Phone sftp client (running on its own cellular data) to connect to my PC running on my Wifi.

Peeps. Help me a bit here!!

Arjun Starz
  • 1
  • 4
  • 2
    If you are trying to connect from your network, through the internet, back to your local network, then this can only work if your router supports such loopback connections. Many commercial routers do not have this feature. Try using your phone, or any other device that is not inside your local network. – harrymc Jun 21 '23 at 16:04
  • I am using my phone (different network) to connect to my PC (running on Wifi with a different network)... – Arjun Starz Jun 21 '23 at 16:15
  • Yes. I have setup my port forwarding based on my PC's local IP for port 22 (TCP). I have attached screenshot as well. – Arjun Starz Jun 21 '23 at 16:19
  • So basically your port forwarding isn't working. The screenshot of your port forwarding settings isn't the full settings. Can you edit the rule and add a screenshot where the whole rule can be seen? – Yisroel Tech Jun 21 '23 at 16:21
  • Note that if your ISP is using [Carrier-grade NAT (CGNAT)](https://en.wikipedia.org/wiki/Carrier-grade_NAT) then your public IP is shared and is not truly yours and so port-forwarding cannot work. To test, see perhaps [this site](https://www.purevpn.com/blog/how-to-check-whether-or-not-your-isp-performs-cgnat/). – harrymc Jun 21 '23 at 16:30
  • @harrymc: What is the way forward in that case? – Arjun Starz Jun 21 '23 at 17:20
  • @ArjunStarz, do you have GC-NAT that you ask? What is the public/WAN IP on the router? – Yisroel Tech Jun 21 '23 at 17:22
  • @YisroelTech There are only 2 other fields -- options to delete and edit.. that's it.... this is the whole setting... – Arjun Starz Jun 21 '23 at 17:23
  • If you have CGNAT, the only solution is to get a static IP address from your ISP. This can be an extra option for your subscription (with a cost). – harrymc Jun 21 '23 at 17:24
  • @YisroelTech: My router shows 100.xx.xx.140 as public IP. whatismyip.com shows 223.xx.xx.121 – Arjun Starz Jun 21 '23 at 17:24
  • 1
    Good news!! I tried using public IPv6 to connect and boom it works !!! :) – Arjun Starz Jun 21 '23 at 17:38
  • Nice. Post it as an answer (and accept the answer.) – Yisroel Tech Jun 21 '23 at 17:41

0 Answers0