Server Refused Connection with FTP and SFTP
 

I've set up my G4 behind an airport base station, using a manually configured IP address and port forwarding, but whenever I try and connect I get the "server refused connection" message.


Could it be a permissions issue?

I'm at a loss. Any help would be greatly appreciated.

SFTP is used via ssh, so port 22 much be allowed/forwarded to the machine behind the ABS, and "Remote Login" must be turned on the Mac behind the ABS.

yup,
 

did both of those

And you're checking from another machine to see if you can get in?
In the Terminal if you do:
Do you get a listing?

Yes, from another remote machine...
 

I don't understand what you mean about from the terminal.

What should I do? Open up terminal and check something? What kind of a listing?

Sorry for my ignorance.

In the Terminal (/Applications/Utilities/Terminal), type:
Hit return, and see what it says. If ssh is running, then it should show something like this:

I typed "code:"
 

and it gave me some wierd thing: [hsa169:~]

I don't understand what the long skinny box that follows the word "code" in your message

"Code" is a piece of the forum software (vBulletin) that denotes what one should type, or what the output of something is because it honors whitespace.
All you should be typing is:
netstat -an | grep .22

You should Google for some UNIX tutorials if you're going to start using services like SSH and FTP. Especially FTP, as it is inherantly an insecure protocol. Getting comfortable in the command line is key to having a healthy, secure Mac.

Does this meananything?
 

I see. So I tried that, and indeed it returned something similiar to what you indicated:

tcp4 0 228 10.0.1.101.xxx 10.0.1.2.xxxx ESTABLISHED
tcp46 0 0 *.22 *.* LISTEN
udp4 0 0 127.0.0.1.xxxxx 127.0.0.1.xxxx
udp4 0 0 127.0.0.1.xxxxx 127.0.0.1.xxxx
udp4 0 0 127.0.0.1.xxxx *.*
34cdf88 stream 0 0 0 34cdfc0 0 0 /var/tmp/SCDynamicStoreNotifyFileDescriptor-22275
27433b8 stream 0 0 0 0 0 0 /tmp/ics422
27434d0 stream 0 0 2cd52f8 0 0 0 /tmp/ics422

OK, SSH is definitely running. So you've tried sshing to this Mac from another computer, and what error message do you get?

Using Transmit, I get...
 

..."Could not connect to server. Connection refused."

No, no.. not SFTP. SSH.
I guess we need to know more about your setup. Since you're using an ABS, I'm assuming that you have multiple Macs behind it. You've got your ABS pointing all port 22 traffic to one Mac and you're trying to connect to that Mac from another Mac. Close so far?

If you're behind the ABS, you need to be trying to connect to the IP addresses assigned to the other Mac by the ABS (so that would be one of the 10.x.x.x private IPs), not your outside IP address, I don't believe that will work.

To check SSH, open Terminal and type in:
Where ipaddress is the IP address of the Mac you're trying to SFTP to.
What do you get then?

Just a though that just dawned on me, you're not using a firewall on the Mac you're trying to connect to are you? If so, did you remember to allow SSH/FTP traffic?

All true.
Isn't that what port forwarding is for? I thought I needed to address my ABS and have it forward to my G4's manually assigned IP.[/QUOTE]
The authenticity of host '10.0.1.101 (10.0.1.101)' can't be established.
RSA key fingerprint is: blah blah blah

Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.1.101' (RSA) to the list of known hosts.
xxxxxxxx@10.0.1.101's password:


yes, did that...

Not behind the ABS. Port forwarding is for machines "outside" the ABS trying to connect to "inside" the ABS' domain. "Inside" the ABS, acts as a hub and just passes any traffic to & from anything it hands out IPs to without impunity.

Looks like you were able to connect just fine to SSH. If you can connect with SSH, you should be able to SFTP. What version of OS X are you using on the Mac you're trying to get to? What version of Transmit from the Mac you're coming from?

Hmm... how would I change my settings?

Using OSX 10.3.3 and Transmit 2.6.2

Sorry, which "settings" would these be?

Have you installed the security patch from Apple (Security Update 2004-04-05) that has an OpenSSH fix in it? Frankly, I'm stumped. If you can SSH, you can SFTP.

Yes, I installed it, and me too--stumped.

??????

It's apparently connecting, but then being refused, that's what's odd.

How about the Mac you're connecting from? All up to date and patched and whatnot?
The next step might be to try a different user on the Mac you're connecting from.

yes, it's all up to date...
 

...and I've tried connecting as the other two users on the machine, but I get the same "connection refused," as if it's a bad password or something.

Wow.. I'm stumped.

Just to make sure:
So in Transmit, in the Server heading you're putting in the IP address of the other Mac (you said you gave it a static IP, right?)? Username, your username. Password, your password. Protocol: "Secure (SFTP)".

And you get connection refused?

I put in the public WAN from the ABS, which then forwards to the port on the G4. (I obviously can't use the manually assigned IP, as it's only an address for my LAN (10.0.1.101)

Yup, yup, yup, and yup.

Frustrating, huh. It seems like "DIGITAL GUY" had a very similiar problem. I followed his posts and tried doing everything the same, but, no go.

Oooooh.. That's the "outside" versus "inside" I was talking about earlier. The Mac you're trying to connect from is "inside" the LAN. Are you just trying to verify that you can connect to it from the outside? First try SFTPing to it using the IP that you assigned it to make sure that it works.

True that, and I can easily connect on the network. I need to be able to connect when I'm out of town, though.

Yeah, tried it, and that totally works. Could that mean it's a problem with the ABS?

So your static Mac looks to be setup just fine. So, I guess a problem with the ABS or the forwarding setup. I don't have an ABS, I have a Netgear WiFi router, so I'm not much help on the actual setup. I'm not entirely convinced you can ACCURATELY try and access your static Mac "from the outside" when the machine you're trying to access it from is on the "inside". You might wanna take a jaunt to your nearest (shudder) Starbucks and steal some WiFi for a second to try and connect to your static Mac from a better "outside" source.

I did--SOL.

Can't figure it... doesn't seem to make sense...

OK:
Works from the "inside", sounds like the Mac is properly configured.
Doesn't work from the "outside", could be 2 things I can think of.
1) misconfigured router (your ABS).
2) your ISP doesn't allow ssh traffic in from the outside.

Seems logical--how would I find out? Call Earthlink?

Probably be easier to turn off the NAT/Firewall on the ABS/Router and test from the outside.

How do I do that?

Like I said, I don't have an ABS. I've no clue how to disable it.
You'll have to read the manual or do some googlin' to find out.

Problem Solved!!
 

After spending close to an hour and a half on IM with the generous and brilliant Robophilosopher, we got sftp (via SSH) to work. The two problems that seemed to be causing my difficulties were: 1) a wierd possibly bad installation of Pure FTPd Manager; and 2) the fact that I was trying to test it by connecting from within my LAN.

A thousand thanks again to Robo, a real resource on this site.

Cappados

Glad you got it working, no thanks to me, obviously. ;)

I'm curious what PureFTP has to do with SSH?

PureFTP didn't have anything to do with SSH. I thought it would be a simple thing to try to get FTP to work first, but cappados had installed PureFTP, in a way that seemed (I have no experience with ftpd on a mac myself) to completely change/disable the default Mac FTPd, so I was working on a lot of faulty assumptions configuring that.

As soon as we switched to getting SSH/SFTP to work, it was all fine and worked as expected.