Cannot SSH from Gateway to Workstation

My Workstation is an already existing Devuan installation that has been set-up to use the Whonix-Gateway from the instructions here: Anonymize Other Operating Systems

It works! All traffic is being routed through Tor on the Workstation.

For management purposes though, trying to SSH into the Workstation from the gateway, as described here: File Transfer - Whonix
does not work.

iptables -S on workstation:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
(yes I know this is bad, this is for debugging purposes and temporary)

sshd is running and is on port 22, just password authentication (usually I use keys but again, temporary for debugging)

When I attempt to SSH from the gateway into the workstation with /usr/bin/ssh.anondist-orig user@10.152.152.12 I get a flat out Connection refused.

nmap -p22 10.152.152.12 shows 22/tcp closed ssh

Whats going on here? Why is the port closed? I know its very much open. If I try to SSH to a non-existant IP, say 10.152.152.224, I get a timeout error so the workstation is definitely reachable, but for some reason not SSH-able

VIew the firewall rules of the custom workstation.

sudo nft --stateless list ruleset

If there is no firewall, then you don’t need any firewall rules.

The following command unloads / removes each and every iptables / ip6tables / nftables rule.

sudo nft flush ruleset

Try to connect to the ssh server using the ssh client from within the custom workstation. Some Linux distributions install server services but do not automatically start these. Please confirm the ssh server is even running and reachable from within the custom workstation.

Try prepend sudo -u tunnel.
Wiki updated just now.

On my workstation I had to change my listen IP from 127.0.0.1 to 10.152.152.12 on sshd

I am now able to connect with ssh.anondist-orig