Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd please sign up again. Thanks!

SSH from outside network

Discussion in 'Linux Networking' started by CptCharis, Apr 5, 2018.

  1. CptCharis

    CptCharis Member

    Joined:
    Feb 27, 2018
    Messages:
    55
    Likes Received:
    45
    Hello to all Linux Maniacs!!!:p


    (log in to hide this advertisement)
    I'm back home, play with my two daughters & new born son.:D
    Yeah , as you understand no time for Linux experimentation.
    Good thing, back home internet is more than ok, instead of vessel.

    So playing with SSH & SFTP the easy part , within LAN was pretty easy.
    The difficult part was to achieved connection form outside world.

    Thousand of tutorials in web were not that enough illustrative.
    I have a Mac home (yes, I know but is also a Unix machine ;))
    & I decided to make it a server.
    I'm using my Mint as a client trying to succed a connection with my server.
    I follow the below instructions (adapted for a Mac)
    https://forums.linuxmint.com/viewtopic.php?f=42&t=13695

    Of course I made a static IP for my server and port forwarding in my router.
    what ever I tried was unsuccessful. :(

    Finally I tried this

    Code:
    ssh [email protected]_ip
    Using router IP instead of machine IP succeed a connection.
    Problem is that router IP is not static & ISP probably is charging for a static IP,
    moreover I don't know if this way is secured.

    That's it folks, I'm waiting your for further investigation.
     
    wizardfromoz likes this.
  2. marcs

    marcs New Member

    Joined:
    Apr 5, 2018
    Messages:
    3
    Likes Received:
    5
    Congratulations.

    When it comes to reaching SSH from WAN, via router with dynamic IP [fetched via DHCP], I use dynamic DNS service - changeip. It works like a charm, offers free basic service and never let me down. I simply forward specific SSH ports to given machines in a logical manner [and to avoid any autoscan bots trying to break into SSH 22, which could only be one on a WAN side of the router], thus I create forwarding to - for example:

    machine_1 - ssh 22 => WAN port 1111
    machine_2 - ssh 22 => WAN port 2222

    etc.

    Then I simply need to type:

    ssh [email protected] -p 1111

    to connect to machine_1, or use port 2222 to connect to machine_2.
    Simple, efficient, quite secure [although authenticating using keys would be more secure, of course].
     
    wizardfromoz, nuna and CptCharis like this.
  3. CptCharis

    CptCharis Member

    Joined:
    Feb 27, 2018
    Messages:
    55
    Likes Received:
    45
    Hello @marcs ,
    Would you like to share with us the way you did it?
     
  4. marcs

    marcs New Member

    Joined:
    Apr 5, 2018
    Messages:
    3
    Likes Received:
    5
    I have two routers [one is TP-Link and the other one is ASUS]. TP-Link is an internet-facing router [ASUS acts as an AP/repeater/extender, to cover the rest of the house with WiFi signal].
    Both TP-Link and ASUS have opensource firmware installed, which extends their functionality and adds - for example - dynamic DNS configuration option. This allowed me to first create changeip.com account on the websited, then provide login and password into the router's dynamic DNS configuration fields.
    Once I've had my router connected with changeip.com, I could be sure that my router's IP address is reachable via the same, unchangeable DNS name, which - in turn - allowed me to simply pass proper SSH ports from WAN to LAN [as in above example] and connect to my internal machines by connecting to router's DNS name with proper port.

    Of course, you can configure changeip.com [or any other DynDNS service] on one of the linux boxes, but in case this box is down, your IP won't be updated to dynamic DNS name, so you won't be able connect. Also, I'm not sure if local IP address [LAN address] is going to be sent to DynDNS service ... plus, router is always UP and running, so it's best to configure DynDNS there.
     
    CptCharis likes this.
  5. marcs

    marcs New Member

    Joined:
    Apr 5, 2018
    Messages:
    3
    Likes Received:
    5
    I might add that TP-Link has Gargoyle opensource firmware installed, and ASUS has Padavan opensource firmware installed. Other types of such alternative firmware are: Tomato router, DD-WRT. However, it is highly device-specific, as each device * may * be supported by different alternative firmware. Some devices are not supported by any of the alternative firmwares, unfortunately :/ but ... most modern official firmwares from router vendors do have DynDNS option.
     
    CptCharis likes this.
  6. CptCharis

    CptCharis Member

    Joined:
    Feb 27, 2018
    Messages:
    55
    Likes Received:
    45
    Hello again everybody!!!!
    @marcs thank you for your replay & your time you spent for us.

    I need a little help with port forwarding.
    I open a port in my router lets say 62615.
    I check it throw page canyouseeme.org and shows to be close but same time port 22 shows to be open.
    I change with another port lets say 8015 and again is closed but port 22 is open.
    In case I will close the above ports, also port 22 shows closed.
    Conclusion: Whatever port I open, only port 22 is appear to be open.
    I repeat all the process and change also in sshd_config file the port number with same results.
    Do anybody knows what I'm doing wrong?

    Thanks again.
     
  7. wizardfromoz

    wizardfromoz Well-Known Member

    Joined:
    Apr 30, 2017
    Messages:
    698
    Likes Received:
    729
    Not me :p but I am watching this Thread with interest and taking notes. I have a small SSH LAN setup at home for file and folder sharing, but the wider picture would be useful if I have to travel again.

    ...and a belated welcome @marcs , to linux.org (been away on a road trip for 11 days).

    Enjoy your shore leave and your family time, Capta :)

    Chris Turner
    wizardfromoz
     
    CptCharis likes this.
  8. DaMeD83

    DaMeD83 New Member

    Joined:
    Feb 13, 2018
    Messages:
    9
    Likes Received:
    14
    @CptCharis Could you drop a screen shot of the IF on your router on the portforward page? might give an insight into what to do
     
  9. CptCharis

    CptCharis Member

    Joined:
    Feb 27, 2018
    Messages:
    55
    Likes Received:
    45
    Sure my friend @DaMeD83

    Here it is Screenshot at 2018-04-16 15-09-36.jpg

    Thanks
     
    wizardfromoz likes this.

Share This Page