I followed the SSH_into_Whonix-Gateway guide but still getting connection refused trying to SSH from gateway to workstation.
nmap localhost on WS shows 22 is open. Do I need to do something with the firewall?
Trioxin via Whonix Forum:
I followed the SSH_into_Whonix-Gateway guide but still getting connection refused trying to SSH from gateway to workstation.
There is a different guide for that:
Also this may or may not help:
I followed that as well. /usr/bin/ssh.anondist-orig root@10.152.152.11
produces the same result/error.
I got it working by adding EXTERNAL_OPEN_PORTS+= " 22 " on the workstation. I don’t want any ports open to the Internet though. Only to the host and gateway <–> workstation communications.
Workstation has its own firewall so you need to open that port inside it as well. And whatever you do in the workstation it will be torified through the GW by the force of hypervisor/isolation connection which something outside of the WorkStation-OperatingSystem control meaning nothing will go from WS to the clearnet without passing through GW-Tor.
- Host cannot connect to that open port.
- Open internet cannot connect to that open port.
- Whonix-Gateway can connect to that open port.
- When using multiple workstations behind same Whonix-Gateway this is an
issue too.