Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd, 2017 please sign up again. Thanks!

SSH from outside network

Discussion in 'Linux Networking' started by CptCharis, Apr 5, 2018.

  1. CptCharis

    CptCharis Active Member

    Joined:
    Feb 27, 2018
    Messages:
    203
    Likes Received:
    221
    Hello to all Linux Maniacs!!!:p

    I'm back home, play with my two daughters & new born son.:D
    Yeah , as you understand no time for Linux experimentation.
    Good thing, back home internet is more than ok, instead of vessel.

    So playing with SSH & SFTP the easy part , within LAN was pretty easy.
    The difficult part was to achieved connection form outside world.

    Thousand of tutorials in web were not that enough illustrative.
    I have a Mac home (yes, I know but is also a Unix machine ;))
    & I decided to make it a server.
    I'm using my Mint as a client trying to succed a connection with my server.
    I follow the below instructions (adapted for a Mac)
    https://forums.linuxmint.com/viewtopic.php?f=42&t=13695



    Of course I made a static IP for my server and port forwarding in my router.
    what ever I tried was unsuccessful. :(

    Finally I tried this

    Code:
    ssh [email protected]_ip
    Using router IP instead of machine IP succeed a connection.
    Problem is that router IP is not static & ISP probably is charging for a static IP,
    moreover I don't know if this way is secured.

    That's it folks, I'm waiting your for further investigation.
     
    Syed Kazmi and wizardfromoz like this.
  2. marcs

    marcs New Member

    Joined:
    Apr 5, 2018
    Messages:
    3
    Likes Received:
    5
    Congratulations.

    When it comes to reaching SSH from WAN, via router with dynamic IP [fetched via DHCP], I use dynamic DNS service - changeip. It works like a charm, offers free basic service and never let me down. I simply forward specific SSH ports to given machines in a logical manner [and to avoid any autoscan bots trying to break into SSH 22, which could only be one on a WAN side of the router], thus I create forwarding to - for example:

    machine_1 - ssh 22 => WAN port 1111
    machine_2 - ssh 22 => WAN port 2222

    etc.

    Then I simply need to type:

    ssh [email protected] -p 1111

    to connect to machine_1, or use port 2222 to connect to machine_2.
    Simple, efficient, quite secure [although authenticating using keys would be more secure, of course].
     
    wizardfromoz, nuna and CptCharis like this.
  3. CptCharis

    CptCharis Active Member

    Joined:
    Feb 27, 2018
    Messages:
    203
    Likes Received:
    221
    Hello @marcs ,
    Would you like to share with us the way you did it?
     
  4. marcs

    marcs New Member

    Joined:
    Apr 5, 2018
    Messages:
    3
    Likes Received:
    5
    I have two routers [one is TP-Link and the other one is ASUS]. TP-Link is an internet-facing router [ASUS acts as an AP/repeater/extender, to cover the rest of the house with WiFi signal].
    Both TP-Link and ASUS have opensource firmware installed, which extends their functionality and adds - for example - dynamic DNS configuration option. This allowed me to first create changeip.com account on the websited, then provide login and password into the router's dynamic DNS configuration fields.
    Once I've had my router connected with changeip.com, I could be sure that my router's IP address is reachable via the same, unchangeable DNS name, which - in turn - allowed me to simply pass proper SSH ports from WAN to LAN [as in above example] and connect to my internal machines by connecting to router's DNS name with proper port.

    Of course, you can configure changeip.com [or any other DynDNS service] on one of the linux boxes, but in case this box is down, your IP won't be updated to dynamic DNS name, so you won't be able connect. Also, I'm not sure if local IP address [LAN address] is going to be sent to DynDNS service ... plus, router is always UP and running, so it's best to configure DynDNS there.
     
    CptCharis likes this.
  5. marcs

    marcs New Member

    Joined:
    Apr 5, 2018
    Messages:
    3
    Likes Received:
    5
    I might add that TP-Link has Gargoyle opensource firmware installed, and ASUS has Padavan opensource firmware installed. Other types of such alternative firmware are: Tomato router, DD-WRT. However, it is highly device-specific, as each device * may * be supported by different alternative firmware. Some devices are not supported by any of the alternative firmwares, unfortunately :/ but ... most modern official firmwares from router vendors do have DynDNS option.
     
    CptCharis likes this.
  6. CptCharis

    CptCharis Active Member

    Joined:
    Feb 27, 2018
    Messages:
    203
    Likes Received:
    221
    Hello again everybody!!!!
    @marcs thank you for your replay & your time you spent for us.

    I need a little help with port forwarding.
    I open a port in my router lets say 62615.
    I check it throw page canyouseeme.org and shows to be close but same time port 22 shows to be open.
    I change with another port lets say 8015 and again is closed but port 22 is open.
    In case I will close the above ports, also port 22 shows closed.
    Conclusion: Whatever port I open, only port 22 is appear to be open.
    I repeat all the process and change also in sshd_config file the port number with same results.
    Do anybody knows what I'm doing wrong?

    Thanks again.
     
  7. wizardfromoz

    wizardfromoz Super Moderator
    Staff Member Gold Supporter

    Joined:
    Apr 30, 2017
    Messages:
    1,340
    Likes Received:
    1,529
    Not me :p but I am watching this Thread with interest and taking notes. I have a small SSH LAN setup at home for file and folder sharing, but the wider picture would be useful if I have to travel again.

    ...and a belated welcome @marcs , to linux.org (been away on a road trip for 11 days).

    Enjoy your shore leave and your family time, Capta :)

    Chris Turner
    wizardfromoz
     
    CptCharis likes this.
  8. DaMeD83

    DaMeD83 New Member

    Joined:
    Feb 13, 2018
    Messages:
    14
    Likes Received:
    18
    @CptCharis Could you drop a screen shot of the IF on your router on the portforward page? might give an insight into what to do
     
  9. CptCharis

    CptCharis Active Member

    Joined:
    Feb 27, 2018
    Messages:
    203
    Likes Received:
    221
    Sure my friend @DaMeD83

    Here it is Screenshot at 2018-04-16 15-09-36.jpg

    Thanks
     
    wizardfromoz likes this.
  10. DaMeD83

    DaMeD83 New Member

    Joined:
    Feb 13, 2018
    Messages:
    14
    Likes Received:
    18
    Sorry for late reply, been on and off sick and at home.

    As far as I can see, it looks okay, depending that you are using port 8016 on both host and from the outside.

    But, what i can read out of it, aswell is the Wan Host IP range seems abit odd, try setting it to 255.255.255.255 on the end maybe?

    Tried reading up on the router,
    https://www.cosmote.gr/fixed/docume..._2_1.pdf/e5aa9ed9-8e66-4d3b-8283-b79d67e0ded9

    But I can't find anything else there might be.
     
    Rob, CptCharis and atanere like this.
  11. CptCharis

    CptCharis Active Member

    Joined:
    Feb 27, 2018
    Messages:
    203
    Likes Received:
    221
    Don’t worry @DaMeD83 & thank you for your interest.
    Unfortunately I haven’t find a solution yet.
    I asked the IT department of my company also and they couldn’t help me too.
    Most probably is ISP problem. They should leave specific ports for specific jobs, thus for ssh and/or sftp only door 22 could be open.
     
  12. DaMeD83

    DaMeD83 New Member

    Joined:
    Feb 13, 2018
    Messages:
    14
    Likes Received:
    18
    Here's another good question are you using a bridged modem an modem/router in one or?

    My question being that it might be dubble NAT and that will cause trouble
     
  13. CptCharis

    CptCharis Active Member

    Joined:
    Feb 27, 2018
    Messages:
    203
    Likes Received:
    221
    Is modem / router supplied by IPS & unfortunately is run it'sown software only.
     
  14. DaMeD83

    DaMeD83 New Member

    Joined:
    Feb 13, 2018
    Messages:
    14
    Likes Received:
    18
    This might be abit overkill but, thought of putting the Modem in bridged mode? kill the wlan on it and set up a funktional router behind it? might take some work but in the end it might be worth it.
     
  15. CptCharis

    CptCharis Active Member

    Joined:
    Feb 27, 2018
    Messages:
    203
    Likes Received:
    221
    I had not think about it, I will try and let you know.

    Thanks.
     
  16. DaMeD83

    DaMeD83 New Member

    Joined:
    Feb 13, 2018
    Messages:
    14
    Likes Received:
    18
    Let me know how it goes
     
  17. CptCharis

    CptCharis Active Member

    Joined:
    Feb 27, 2018
    Messages:
    203
    Likes Received:
    221
    Question guys.

    When I open a new port , should I add it also in /etc/service file?
     

Share This Page