[3G Part 5] Secure your communication channel

If you followed all previous chapters you will have a rock solid remote streaming solution ready by now. Congratulations!

Now lets start to talk a bit about security and then you will need to decide, if you want to go on.
The following steps and considerations are optional (but probably worth it).

Our current solution has two possible flaws:

  • your username and password is sent over the internet unencrypted. If someone can catch your wireless traffic (maybe your are using a public hotspot sometimes?), analyses the traffic and extracts the username/password (can be done with automated scripts very easily) he is able to log in into your Squeezebox Server as well and change your settings or remote control your other Squeezeboxes.
    Even worse: if you were lazy and used the same credentials as your Facebook or email account, well … I guess I don’t need to write on 😉
  • Your Squeezebox Server is accessible from the internet to anyone. There is some tiny possibility someone can hack into this Squeezebox software and might take over your server.

Why might anyone want to hack your server you might ask?
Definitely not for controlling your Squeezeboxes I’d say – but there are many people out there that want to setup some new servers to send spam or do other illegal stuff.

How can we protect against this?

There are two common techniques to create a much more secure channel. One is called ‘OpenVPN’ – some routers support that and your mobile might be able to create a secure ‘tunnel’ through the internet to your router. Due to it’s complexity I won’t go into further details here, Google will be your friend.

Another possibility is to create a ‘SSH-tunnel’. SSH is a technique to connect via an encrypted channel to your server. If you are using a Linux based NAS or server you might already have used it to log in into your server (if you ever used the tool ‘Putty’ on Windows, you are on the right track … )

The good thing about SSH – it can also forward specified ports, which is perfect for our needs.
So from now on I expect you to have a server where you can already login with SSH.

  • Update your port forwarding in your router. SSH uses TCP port 22. Any connection from the internet to this port should be forwarded to your Squeezebox-Server.
    You can delete the port forwards  9000 and 3483 on your router, we won’t need them anymore.
    These were insecure so let’s get rid of of them. 

    Is  SSH on port 22 more secure than Squeezebox-Server on port 9000+3483 you might ask?
    And the answer is: definitely – thousands of administrators around the world use SSH around the clock to remotely connect to their respective servers 🙂

  • Download an App that can create a SSH tunnel with port forwarding.
    Um, well.The only viable option on the market ‘connectbot’ has a bug so it sort of works with Squeezebox-Server but has it’s issues. This issue with ConnectBot seems to be resolved on Honeycomb by the way, but on Android devices below tracks in a playlist are not advancing, when a song is finished.
  • Even better might be SSH AutoTunnel and one user reported succes with it in the comments section. It might suffer from the same problems as ConnectBot on pre Honeycomb Android devices (though this has not been verified yet). I’d go with this App first!

    Both ConnectBot and SSH AutoTunnel allow you to connect to your SSH server first. Try if you get a connection. After it has been established within Connectbot or SSH AutoTunnel do configure port forwardings for port 9000 and 3483 before trying with SqueezePlayer (read below what to do in SqueezePlayer).

  • Another option ‘SSHTunnel (Beta)’ only allows a single port to be forwarded (and we need two).That’s why I wrote my own App ‘SqueezeTunnel’ to care for all the common Squeezebox-SSH-Stuff. You can download it here.  Attention: your Android device needs to be rooted, for this tool to work (it comes with it’s own SSH client and wants to install it). Also this App is a quick hack/port of SSHTunnel and most of the SSH related code from the original I don’t understand 🙂
    As SqueezeTunnel is a fork of the ‘SSHTunnel’ project protected by the GPLv3 license, you can have a look at the source-code of SqueezeTunnel here.

Here is what you need to configure in SqueezeTunnel once you installed it.

  • Host: your dyndns URL (see Part 1 for details) i.e. wow-my-server.dyndns.org
    Via this URL SqueezeTunnel is able to find your router and create the tunnel.
  • Port: 22 is the default port for SSH
  • User/Password: your username/password to login with SSH. This is NOT the username/password you entered in the Squeezebox-Server web-interface. It’s rather the username/password you need to enter, when you connect to your server via SSH.
  • Squeezebox-Server Port: typically 9000. But you can change it in case it’s different in your setup.

Now try to create the tunnel with the topmost item ‘Enable/Disable SSH Tunnel’, you should get a new icon in the status bar, hopefully saying ‘connected’.

Now we need to configure SqueezePlayer to use the tunnel.
As the server-address in the SqueezePlayer settings just use ‘localhost’ instead of the DynDNS-URL we used before.

Yes this might sound strange – but the tunnel starts directly on your the AndroidPhone so we don’t need to look elsewhere this time. SqueezeTunnel which should still be running in the background will then take care of the correct encrypted routing through the internet to your Squeezebox-Server.

By the way: you can remove the username/password in the Squeezebox-Server settings now. They won’t give us any more security, the username/password used to establish the SSH connection are much much better and secure.

I really hope this last chapter was not too complicated to understand and you could get great inspiration about making your remote streaming very secure.

59 Responses to “[3G Part 5] Secure your communication channel”

  1. Calum Says:

    Hi, I’ve taken the route of setting up a VPN (L2TP PSK) to my server at home (Win2K3).

    The problem I have is not so much with Squeeze Player, as it is Squeeze Commander, but am hoping you, or someone out there, has experience that can help.

    SC doesn’t seem to find the server when I am connected over 3G VPN.

    I can get music playing through Squeeze Player by pointing a browser at the server&port address, and using SqueezeBox Server web interface to instruct Squeeze Player to playback, but I’d love to be able to manage it through Squeeze Commander, as usual.

    I’ve tried setting the server IP as an Additional Server in SC.

    Cheers
    Cal

  2. stefan Says:

    Hi Cal,

    For me when I add an additional server in SqueezeCommander this works fine. Are you sure you using the same server address and port you are using with your browser and SqueezePlayer?
    Really strange, wouldn’t know why this shouldn’t work, as the VPN is transparent to SqueezeCommander and only server autodetection typically does not work.

  3. Thomas Says:

    Thanks for writing this. I have been trying to get this working for a few days now. For some reason, Squeeze Commander works fine, and I can control my players from outside the home network over my ssh tunnel. However, my Squeeze Player app on android always says “Wifi Connecting..” and never connects to the squeezebox through the tunnel.

    The WiFi is obviously on since I’m able to use SC. Forcing a close and restart didn’t help. The player is pointed to localhost:9000 (and also tried 127.0.0.1). Any idea what could be going wrong? I’ve tried your SqueezeTunnel, SSHTunnel and ConnectBot, all with the same results.

    Cheers, and thanks for any advice!

    –thomas

  4. stefan Says:

    Hi Thomas,

    I’ll try to figure this out with you via mail, blog comments are a bit cumbersome …

  5. stefan Says:

    For anyone interested: make sure you tunnel both ports 9000+3483.

  6. Mr. Floppy Says:

    Hi,
    I search for a good solution to stream music outside my home. At th emoment I use Softsqueeze and the build-in SSH function. This works fine for me. Why you doesn’t include this funktion into your app. I dont’t want use 2 Apps.

  7. stefan Says:

    Hi Mr. Floppy,

    I didn’t get much feedback yet, whether the SqueezeTunnel App works good enough. So I’m a bit reluctant to integrate it into the main SqueezePlayer.
    Furthermore SqueezeTunnel is based on SSHTunnel – the sourcecode is licensed under GPL. So I’m not allowed to integrate it at all if I don’t want to open source my program as well (which I don’t want for obvious reasons).

    So I’m afraid right now I don’t have a chance to integrate any SSH tunneling solution into my App, even if that was much cooler.

  8. Mr. Floppy Says:

    Oh,

    I understand the reason, but for a user not really a good answer.

    Thanks

  9. Joachim Says:

    Hi!

    Tried your SqueezeSSH and have the same problems as Thomas (July 8th) above.

    You wrote: “For anyone interested: make sure you tunnel both ports 9000+3483.”
    But how and where?

    I just deleted the port forwards 9000 and 3483 on my router.

    The SqueezeSSH has had no problem to connect to my Server.

    Thanks for helping

    Joachim

  10. stefan Says:

    Hi Joachim,

    you can either use SqueezeTunnel (if your phone is routed), it will setup the correct port forwardings for the SSH protocol itself.
    (Thomas used the ConnectBot program, where these ports need to be setup manually).
    When using SSH on your router port 22 needs to be forwarded (in the web-admin console of your router), so that the SSH protocol arrives on your Squeezebox-Server.

    Cheers
    Stefan

  11. Joachim Says:

    Hi Stefan!

    Thanks for the fast reply and even more for the great app (together with squeezecommander makes it the handling of SC much easier).

    Unfortunately I still have the problems using ssh.

    When I used your informations till chapter 3 I have had no problems connecting to SC from outside and listen to my music.

    But I need a more secure way.

    I am connect with your SqueezeTunnel (my phone is routed) to my Windows XP.

    The router port 22 is forwarded to my server IP (the same way you explained and I did it succesfully with Port 9000 and 3483 in chapter 3)

    After that I deleted the port forwarding for port 9000 and 3483 at the router, like you told.

    The ssh connection to Windows XP (FreeSSHD) established without a problem.

    At SqueezeTunnel screen I see Squeezebox-Server Port 9000, no visible hint to 3483, but perhaps it´s in the system.

    At squeezeplayer I have:

    SB Server: manually enter address

    Manual Server Address: localhost

    Manual Server Port: 9000

    No Authentification or password (same in SC)

    Starting Squeezeplayer I see only Server: localhost:9000 GPRS connecting…

    I also have no idea how I have to configure squeezecommander

    So far I did:

    Additional Server:

    Name: Free name

    Server IP: Ip of my server (where port 22 is forwarded to), but I also tried it with localhost

    Port: 9000

    Everything without success

    Thanks for trying to help

    Joachim

  12. stefan Says:

    Hi Joachim,
    I think for some reason the tunnel is not working for you yet.
    localhost:9000 should be working in SqueezePlayer and SqueezeCommander. Also in a browser from your phone you should be seeing the web-interface.

    Maybe you try the ConnectBot App. It might show better error message when you try to connect to your server from your Android phone. You can setup port forwarding in this App as well via the menu button.

    Maybe this gives a better clue about what is wrong in your setup?

    Kind Regards
    Stefan

  13. Daniel Says:

    Hi Stefan!

    Just wanted to thank you for this great app!

    Btw: Im creating the ssh tunnel a little different. I use SSHTunnel to create dynamic port forwarding and than use ProxyDroid (with Proxy type SOCKS5) to connect to my home network.

    Cheers Daniel

  14. stefan Says:

    Hi Daniel,
    thanks for this suggestion. How does it work exactly? SSHTunnel only forwarding a single port and with ProxyDroid the two ports of SqueezePlayer are tunneled?

    Cheers
    Stefan

  15. Daniel Says:

    Hi Stefan.

    You have to set SHHTunnel for dynamic port forwarding (Checkbox: Use socks proxy). SSH Dynamic Port Forwarding is a way to opening a SOCKS5 proxy server on your mobile phone and forwarding all of the data to a SSH server on the Internet.

    ProxyDroid is used to create the SOCKS5 proxy on your mobile phone.

    The nice thing is that all ports will be forwarded automaticly this way. You dont have to specify each port. And you can keep your application settings exactly the same as if you would connect directly to your local network. (example: use 192.168.0.10:9000 for your squeezbox server and not localhost:9000).
    Another nice thing with ProxyDroid is, that you can select the applications wich are using the Proxy. So i can set Squeezeplayer and other apps (like WebDAV) to use the Proxy and keep my Browser normal by not using the proxy.

  16. stefan Says:

    Hi Daniel,
    this sounds very interesting indeed – will give it a go this or next weekend.
    What I like most with this solution is, that it might make my custom SqueezeTunnel App not needed anymore and is still an alternative to the not (always) working connectbot solution.

    Thanks for sharing your ideas!

  17. Steve Says:

    Stefan,

    Your technique sounds pretty simple, but I would have thought the SBS would need to be running some SSH type software. According to your directions, there is nothing really to set up on the host machine, well except for the router port forwarding. Is this correct? Also as an aside, how much bandwidth is necessary to stream flac? I have a 4G connection so should be able to swing it.

    Thanks!

  18. stefan Says:

    Hi Steve,

    for a secure connection SSH is needed on the Squeezebox Server indeed. All Linux boxes typically come with SSH enabled by default (because that’s the usual way to connect to them). For Windows one needs to install tools like freesshd.

    If you don’t use SSH: yes then port forwarding on the router will be enough. But it’s not as secure – any error in the SBS might enable bad people to enter your server.

    About FLAC streaming: I’d suggest just to try it out. There are so many variables (upstream bandwidth, your ISP, your mobile carrier) that I think there is no reliable answer to that. If it doesn’t work good enough just enable bandwidth limiting and you should always be on the safe side.

    Cheers
    Stefan

  19. Pete Says:

    Hi,

    Just wanted to let you know that Squeezetunnel works great for me! As it uses SSH, I can stream from home to my work PC through the firewall (which blocks incoming ports 9000 and 3483)!

    Cheers

    Pete

  20. Ashley Slade Says:

    excellent alternative to connectbot

    could you please build this into squeezeplayer and it would be a perfect one-stop solution

  21. stefan Says:

    Hi Ashley,

    unfortunately this is not allowed due to the Open Source license of SSHTunnel.

    Kind Regards
    Stefan

  22. Thomas Says:

    Hi Stefan,

    The SSH tunnel is for sure a good solution. What I’m missing though is to be able to use authentication via private key. This is implemented on my server, but Squeezetunnel seems not to be able to handle is. Or did I miss something?

    Thomas

  23. stefan Says:

    Hi Thomas,

    the description of SSHTunnel (the basis of SqueezeTunnel) says:
    “2. To work with your private/public key, please store your key (only OpenSSH format, not putty) as the file /sdcard/sshtunnel/key”

    I don’t know if that works with the current version of SqueezeTunnel (try to change the path to ‘squeezetunnel’ at least), is it originates from an older version of SSHTunnel.

    If that does not work, give this explanation a try:
    http://www.squeezeplayer.com/2011/05/3g-part-5-secure-your-communication-channel/#comment-183

    Here a user used the original SSHTunnel App.
    Finally: if you are running Android >=3.0 then you can also give the ConnectBot App a try (it allows port forwarding as well, but you’d have to set it up manually). The issues I faced with this App don’t seem to exists on Android >=3.0 anymore.

    Hope this helps to get you up and running with a secure connection!

  24. Daniel Says:

    Squeezetunnel doesn’t work for me. I’m on ICS 4.0.4

    @stefan: Could you please help?

  25. stefan Says:

    Daniel,

    is your phone rooted?
    Can you get access to your system via SSH with some ‘normal’ tools like ConnectBot?

    Cheers
    Stefan

  26. Daniel Says:

    Stefan,

    phone is rooted – I’m using Custom ROM “ICS333”.
    I tried SSH Tunnel and connectbot and get a ssh connection without problems to my server. I would use one of these apps as an alternative, if I could forward the necessary two ports.

    Any ideas?

    Kind regards

  27. stefan Says:

    Hi Daniel,

    if SSH tunnel and ConnectBot work, I have no clue, what could be wrong about SqueezeTunnel.
    Anyway: connectbot allows to setup multiple port forwardings as well and on ICS it’s also not buggy anymore. So give this a try first.

  28. Jacqueline Says:

    Hi Stefan,

    I got Squeezeplay fully working, great, with Squeezetunnel connection.
    But, all my settings for the connection in squeezetunnel are gone after a shutdown of my samsung GT-I9000
    Is this Normal behaviour or is there a way to keep my settings saved?

    Kind regards

  29. stefan Says:

    Hi Jacqueline,
    are you using a custom ROM?

    I don’t know why the settings are not saved on your device, this is not a normal operation.

    Kind Regards
    Stefan

  30. Jacqueline Says:

    Hi Stefan,

    What I did:
    Installed squeezetunnel but then noticed I first had to Root my phone.
    Uninstalled squeezetunnel
    Rooted my phone with superoneclick
    Installed squeezetunnel

    As far as I know I don’t have a custom Rom or superoneclick must have done that.

    Is there a workaround, e.g. where I manualy can edit a sort of ini file for my settings?

    Kind regards,
    Jacqueline

  31. stefan Says:

    Hi Jacqueline,

    I’m afraid right now I’m not aware of a workaround (nor would I know why it doesn’t keep the settings for you 🙁 )

    On you Samsung Ice Cream sandwich should be available though.
    Here the alternative App “ConnectBot” shouldn’t have any problems, so maybe you should try this program?
    After a connection in ConnectBot there is a setting for port forwardings, use 3483 and 9000 there.

    ConnectBot should also keep the settings.

  32. Tim Says:

    Hi Stefan,

    Hope you can help. SSH tunnel connects fine with my home nas, but Squeeze Tunnel doesn’t want to play – ‘Fail to Connect’.

    I’ve also tried connectbot and also managed to connect to the home nas. I then forwarded the ports 3483 and 9020 (twonky uses 9000 on my server). I managed to get squeeze player to connect -‘HSPA Connected’ ( I confirmed this by checking the logitech media web interface on the home lan). Unfortunately Squeezecommander wouldn’t connect nor could I get any music to play but this may be becuase of a very poor HSPA connection.

    I would really like to get Squeeze Tunnel working any suggesitons welcome.

    Thanks…Tim

  33. stefan Says:

    Hi Tim,

    in the SqueezeTunnel settings, did you change the Port to 2222?
    You might want to install the App ‘aLogCat’ and see if there is anything interesting in the log-files?

    Kind Regards
    Stefan

  34. Tim Says:

    Hi Stefan,

    I should also added sshd I have running is on port 2222.

    Thanks….Tim

  35. Tim Says:

    Hi Stefan,

    Thanks for the quick response. I have managed to get squeezeplayer and squeezecommnader working with connectbot but no luck with squeeze tunnel.

    With squeeze tunnel I can see the following in logcat

    E/SSHTunnel(14054): Connect Error!
    E/SSHTunnel(14054): java.io.SyncFailedException: fsync failed: EINVAL (Invalid argument)
    E/SSHTunnel(14054): at java.io.FileDescriptor.sync(FileDescriptor.java:73)
    E/SSHTunnel(14054): at org.squeezetunnel.beta.SSHTunnelService.connect(SSHTunnelService.java:302)
    E/SSHTunnel(14054): at org.squeezetunnel.beta.SSHTunnelService.handleCommand(SSHTunnelService.java:344)
    E/SSHTunnel(14054): at org.squeezetunnel.beta.SSHTunnelService$2.run(SSHTunnelService.java:565)
    E/SSHTunnel(14054): at java.lang.Thread.run(Thread.java:864)
    E/SSHTunnel(14054): Caused by: libcore.io.ErrnoException: fsync failed: EINVAL (Invalid argument)
    E/SSHTunnel(14054): at libcore.io.Posix.fsync(Native Method)
    E/SSHTunnel(14054): at libcore.io.BlockGuardOs.fsync(BlockGuardOs.java:97)
    E/SSHTunnel(14054): at java.io.FileDescriptor.sync(FileDescriptor.java:71)
    E/SSHTunnel(14054): … 4 more
    D/SSHTunnel(14054): Connecting finish

    Any ideas?

  36. stefan Says:

    Is your phone rooted?

  37. Tim Says:

    yes the phone is rooted. I get the on-screen notifications indicating that the applicaiton is requesting su access.

    It may help or distract, when I first connect with ssh tunnel it does mention key files. Could this be anything?

  38. stefan Says:

    Are you using certificates or username / password for your ssh access? SqueezeTunnel only supports username + password.

    I’m afraid I cannot really help here 🙁
    Im not very experienced with SSH and when I wrote SqueezeTunnel it worked right out of the box for my server.

  39. Tim Says:

    Hi Stefan,

    I just tried another application called SSH Autotunnel which appears to work. It’s similar to SSH Tunnel in that it just forwards without a terminal window that ConnectBot provides.

    Good to know other options are available if others have difficulty.

    Thanks

  40. stefan Says:

    Hi Tim,
    thanks a lot for providing me with this App. I’ll include it in the main text, maybe this App makes my own try obsolete finally.

  41. Jacqueline Says:

    Hi Stefan,

    Got it all up and running after changing my Galaxy S (1) to android Gingerbread.
    Now i’m trying to use SSH Autotunnel.

    What are the local ports on my mobile phone wich I need to forward to my server?

    Do I need to check the option “remote port forwarding” in SSH Autotunnel?

    Do I need to enter the serverport in the settings of “squeeze player”? Since I filled in localhost, the routing is controlled by SSH Autotunnel I thought….

    Kind Regards, Jacqueline

  42. stefan Says:

    Hi Jacqueline,

    9000 and 3483 are the ports to use. Yes I think that “remote port forwarding” is a needed option. Using localhost in SqueezePlayer should also be the correct setting.

    Kind Regards
    Stefan

  43. Jacqueline Says:

    OK thank you, it works fine now.

    Jacqueline

  44. Thomas HK Says:

    Dear Stefan. I have created a ssh autotunnel with the ports forwarding. The Squeezeplayer App is connected OK, through 3G. I can control the Squeezeplayer from the Logitech Media Server webpage.

    However the logitech Squeezebox Controller App on the phone (Galaxy S3 4G) “can’t find the player”. So it makes it impossible the use the player on the road.

    Have you any suggestions regarding this issue…?

    BTW – Do plan to recompile your excellent Squeezeplayer for Windows Phone?

    Thank you – Cheers
    Thomas HK

  45. stefan Says:

    Hi Thomas,

    the Logitech App relies on autodetection of servers, which doesn’t work through an SSH tunnel. You’d need to switch to one of the other Controller Apps (i.e. OrangeSqueeze or SqueezeCommander) and manually add 127.0.0.1 as a server there.
    No chance with Logitechs App.

    Currently I don’t plan Windows phone support.

  46. Bergowitz Says:

    Hi everyone

    I am trying to get my music available when I�m on the go on my Samsung GS3. I have bought the squeezeplayer app from the Google store along with orange squeeze. I would like to use the SSH instead of normal portforwarding for the extra safety of it.

    I have follwed the guide above
    But I get an connection error on my phone. I have tried different app for the SSH tunnel. The mentioned squeezetunnel, and autotunnel also SSH tunnel.
    I have no problem with accessing my squeezeplug via Putty from pc at work. So I assume that it is a problem with the portforwarding in the SSH app.
    So maybe it´s me who doesn´t understand how to portforward with SSH tunneling.

    My router is using DD-WRT sp24v2 build 22000. with port 22 forwarded to my squeezeplug.
    If I forward the ports 3483 and 9000 to the squeezeplug (192.168.1.19) I have no problem accessing it from the “outside” But I would like to use SSH tunneling.
    Has anyone had succes using this above mentioned method and could you make a nice and easy understandable how-to? With the different settings on the router and in the apps.

  47. stefan Says:

    Hi

    if you can access your server with putty, then the first important step is done.
    I suggest trying with the “ConnectBot” App. It does have the best debugging output and also supports port forwarding.
    Try first to connect to your server via SSH with ConnectBot. Should be working fine like with Putty?

    Then (SSH-) port forwarding can be easily setup within ConnectBot (both port 3483 and 9000).

    Cheers
    Stefan

  48. Bergowitz Says:

    Hi Stefan

    Could you make an example on the settings with portforward in Connectbot. I have tried almost every combination in with the portforwarding. I can easily connect via connectbot to port 22 and access the squeezeplug

  49. stefan Says:

    As a first test:
    – connect to your server via ssh
    – hit the menu key, hit the port-forwarding button
    – on the port forwarding screen: hit the menu key, add a rule to forward port 9000 to localhost:9000
    – with your mobiles browser try to open http://localhost:9000.

    If everything works well, you should be seeing the webinterface your squeezebox-server.
    Does this work?

  50. Bergowitz Says:

    Hi Stefan

    No unfortunately not. I am still getting my mobile providers ip when I try at myip.dk.
    I am using a Raspberry Pi with squeezplug, and LMS installed.
    In connectbot I connect to xxxxx.no-ip.biz:22 and I get to the loginscreen on the squeezeplug. I then fill in my password. The portforwarding in connectbot is as follows: remote, port 9000, destination 127.0.0.1:9000 and the same with port 3483.
    Depending on what I have tried either the connecbot logo on top of the phone just dissapers, or I get an error that says that the port might be busy or I am using one lower than 1024. Should I change my port 22 to somthing higher than 1024 then?
    So I am a bit lost on this. Because with SSH tunnel I can connect so I get my ISP´s IP adress at home with the same settings as I am trying with connectbot.

  51. stefan Says:

    Hi,

    changing the SSH port 22 is not necessary. If you only setup two forwarding rules it also shouldn’t say that the port is busy (unless you have other Apps like SSHTunnel etc still running).

    Is port fowarding activated on SqueezePlug. Just found this page about how to check: https://help.ubuntu.com/community/SSH/OpenSSH/Configuring#Forwarding

    Cheers
    Stefan

  52. Bergowitz Says:

    Hi Stefan

    Here´s the log from putty:

    OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: Applying options for *
    debug1: Connecting to localhost [127.0.0.1] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/.ssh/id_rsa type -1
    debug1: identity file /root/.ssh/id_rsa-cert type -1
    debug1: identity file /root/.ssh/id_dsa type -1
    debug1: identity file /root/.ssh/id_dsa-cert type -1
    debug1: identity file /root/.ssh/id_ecdsa type -1
    debug1: identity file /root/.ssh/id_ecdsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4
    debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: sending SSH2_MSG_KEX_ECDH_INIT
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ECDSA 7d:96:dc:c4:10:fa:6f:cb:a4:1f:d9:24:2e:db:da:1c
    debug1: Host ‘localhost’ is known and matches the ECDSA host key.
    debug1: Found key in /root/.ssh/known_hosts:1
    debug1: ssh_ecdsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /root/.ssh/id_rsa
    debug1: Trying private key: /root/.ssh/id_dsa
    debug1: Trying private key: /root/.ssh/id_ecdsa
    debug1: Next authentication method: password
    root@localhost’s password:

    I am not very good at all with Linux. But as I understand it there is no problem with the server? Or do I need to open some ports an point internally inside the the squeezeplug? I have forced it to listen to port 9000 and 3483 along with the 22 in the sshd_config.

  53. stefan Says:

    Hi,

    looks good (with my limited Linux skills as well). Should be looking the same when connected with ConnectBot? Any extra lines in the log, when you try to setup port-forwarding in ConnectBot?
    You don’t need any additional external ports, 22 is good. The port forwarding from SSH is started by the client (i.e. ConnectBot) and runs through the tunnel (i.e. everything on port 22), so the router and stuff don’t even realize that port forwarding takes place.

  54. Bergowitz Says:

    Hi Stefan

    I have also tried the other two commands which gives me this:

    root@squeezeplug:~# ps -A | grep sshd
    2291 ? 00:00:00 sshd
    2389 ? 00:00:00 sshd
    root@squeezeplug:~# sudo ss -lnp | grep sshd
    LISTEN 0 128 *:22 *:* users:((“sshd”,2291,3))
    root@squeezeplug:~#

    Again for me it looks llike everything is fine. This is from my local laptop at home, I will try the same commands from my phone when I get to work.

  55. Bergowitz Says:

    Hi Stefan

    What I get from connectbot on my phone is as follows:

    When I write the command: ps -A | grep sshd
    2291? 00:00:00 sshd
    3106? 00:00:00 sshd

    sudo ss -lnp | grep sshd
    LISTEN 0 128 *:22 *:*
    users:((“sshd”,2291,3))

    ssh -v localhost gives me this. (the first two letters are missing in each line)

    bug1: /etc/ssh/ssh_config line 19: Applying options for *bug1: Connecting to localhost [127.0.0.1] port 22.
    bug1: Connection established.
    bug1: permanently_set_uid: 0/0
    bug1: identity file /root/.ssh/id_rsa type -1
    bug1: identity file /root/.ssh/id_rsa-cert type -1
    bug1: identity file /root/.ssh/id_dsa type -1
    bug1: identity file /root/.ssh/id_dsa-cert type -1
    bug1: identity file /root/.ssh/id_ecdsa type -1
    bug1: identity file /root/.ssh/id_ecdsa-cert type -1
    bug1: Remote protocol version 2.0, remote software version
    4
    bug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH*
    bug1: Enabling compatibility mode for protocol 2.0
    bug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4
    bug1: SSH2_MSG_KEXINIT sent
    bug1: SSH2_MSG_KEXINIT received
    bug1: kex: server->client aes128-ctr hmac-md5 none
    bug1: kex: client->server aes128-ctr hmac-md5 none
    bug1: sending SSH2_MSG_KEX_ECDH_INIT
    bug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    bug1: Server host key: ECDSA 7d:96:dc:c4:10:fa:6f:cb:a4:1f:
    bug1: Host ‘localhost’ is known and matches the ECDSA host
    bug1: Found key in /root/.ssh/known_hosts:1
    bug1: ssh_ecdsa_verify: signature correct
    bug1: SSH2_MSG_NEWKEYS sent
    bug1: expecting SSH2_MSG_NEWKEYS
    bug1: SSH2_MSG_NEWKEYS received
    bug1: Roaming not allowed by server
    bug1: SSH2_MSG_SERVICE_REQUEST sent
    bug1: SSH2_MSG_SERVICE_ACCEPT received
    bug1: Authentications that can continue: publickey,password
    bug1: Next authentication method: publickey
    bug1: Trying private key: /root/.ssh/id_rsa
    bug1: Trying private key: /root/.ssh/id_dsa
    bug1: Trying private key: /root/.ssh/id_ecdsa
    bug1: Next authentication method: password
    ot@localhost’s password:

    Again for me it looks like there are no problems. But should I not somewhere in the log or with the first two commands see that port 9000 and 3483 are forwarded?
    When I hit the homescreen button on my phone to so I can open squeezeplayer then the connectbot is dissapering from the top bar on the phone så I assume that it is disconnecting and shutting down the app.

    And the setting in connectbot needs to be this?

    Username : root
    Host : xxxxx.no-ip.biz
    port: 22
    Should other settings be set or just leave them default

    and portforward :
    remote
    port: 9000
    destination: localhost:9000

    and similar with the 3483 port forward

  56. Bergowitz Says:

    This is with the command: netstat -tln
    I have changed the port from 9000 to 9020 just to see if that had an effect.

    root@squeezeplug:~# netstat -tln
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:45208 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:3483 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:9020 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:9090 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
    root@squeezeplug:~#

  57. stefan Says:

    Hi

    everything what you write looks correct. ConnectBot connects on port 22, Port forwardings are configured 9000->localhost:9000.
    What is not correct though, is that the ConnectBot icon is vanishing when you switch Apps.

    This should not be happening. When you connected ConnectBot you must be able to start the browser on the phone and surf to localhost:9000 to see the web-interface of your Squeezebox-Server.
    As long as this doesn’t work, we don’t need to try to connect via SqueezePlayer.

  58. Bergowitz Says:

    Hi Stefan

    I searched the great wide interweb for “connectbot disconnects” and found that there was some people who have had the same error that it stopped when hitting the home button. I then deleted all other ssh clients I have tried, and wiped cache and data in the connectbot app. And voila now it works like a charm. Thank you very much for your patience and help Stefan. 🙂 Now I can enjoy my music collection everywhere
    Have a nice weekend

    Cheers
    Lars

  59. stefan Says:

    Great to hear you found a solution!
    It’s sometimes really hard to find out about the effects that different Apps can have on each other.