SSH & Dynamic DNS services?

ponder

ponder

Honorary Master
Joined
Jan 22, 2005
Messages
98,654
Reaction score
31,317
Location
Niflheimr
I have two computers behind a adsl natted router that I would like to ssh into from a outside network that might be public or behind a natted router.. What is the simplest way of doing this?

Edit: The openssh part is up and working already on the local LAN.
 
Last edited:
Do you have a webserver? If you can just create a cronjob to update a php page with you home dsl routers IP address then forward port (for example) 60001 to 22 to your one pc and 60002 to 22 you the other pc. That way you dont need to rely on DyDNS, which always give me cr@p. but im sure you can find a script that will automatically update that for you
 
On the SSH server, forward the port you want to use to the network IP on the router.
Example:
Forward port 22 to 192.168.0.2 (PC IP) on the router of ssh server.

Now if you know the "internet" IP you can simply:
Code: 
ssh user@wan_ip

A more secure way would be to use some arb port on the ssh server, like port 6321 for example. In /etc/ssh/sshd_config you can change the default port number from 22 to whatever you want and then just forward that port on your router. Now on the client:
Code: 
ssh user@ip:6321

The biggest challenge will be to get your IP each time. You can setup dynDNS or similar service and use ddclient in a cron job to update your IP to your dynamic DNS hostname.

On the client you will then use:
Code: 
ssh user@dyn_dns_hostname:port_number

The most secure way would be to just use host keys, but I never use this since there is no need for this on my LAN so I only have a basic grasp of this and cannot give more intel than a simple Google search.

EDIT:
Stupid smiley, had to CODE tag the commands...
 
Last edited:
I use no-ip.com - you get 5 free redirects and I've never had a days hassle with them. Currently running pretty much the same thing you want to do - I have two pc's on the home lan. I am using separate ports for each machine's ssh server and forwarded them accordingly in my router.

If you use the no-ip software, you can just plonk the command line in a root cron or rc.local - think its /usr/local/bin/noip2. Once this is done it will start up automatically, you can also set the interval at which it sets your ip.

MyWorld also had some good advice on using a random unused port for ssh to make it a bit more secure.
 
I already have host keys setup.

Can this be done with OpenDNS seeing I already have a account with them (no idea why & when I signed up though :D)?
 
AFAIK OpenDNS is only for content filtering, so no, you will either have to get an dynDNS account or noIP like Tim suggested.
 
DynDNS free service if you are not going to connect to 6 oher networks
 
Ok, I have a no-ip account and setup 2 host.
I've done port forwarding on my router (well I think I did anyway as it's under the virtual server setting Public Port:22 Private Port:22 Port Type: TCP Host IP Address:192.168.0.11) but whn I try and ssh to it I get Connection refused...

Traceroute to the host points to my routers IP which is correct.

Tcpdump shows no incoming ssl traffic whatsoever so maybe there is a problem on my routa config?
 
Last post of the night, I hope.
:D

Most new routers have built in firewalls that auto reject connections from outside the LAN, and if you use Mweb internet you should turn account protection off in the Mweb member panel.

Just make sure your router firewall will allow the connection, if you struggle post the model of your router so that someone can walk you through the critical steps, or Google your router model and port forwarding, if it is a known brand there is bound to be a tutorial on it somewhere on the net.

Cheers!
 
My router is old, it does not have a built in firewall :p

Microcom ADSL DeskPorte Router 100
 
Last edited:
To cover all bases: "routers IP"=external IP (Wan IP)?

Edit - RE: traceroute
 
Last edited:
To make sure the port is being forwarded do a simple nmap to your router from outside:
Code: 
nmap -p [port_number] [wan_ip]

If it returns an "open", then it is simply a matter of fiddling with ssh a bit, like maybe the hosts.allow and hosts.deny configs?
Code: 
nano -w /etc/hosts.allow

sshd:ALL

Make sure in the hosts.deny that you are not blocking sshd somehow.

Make your security very lax, non-existent, at first to see if you can just get a connection up and going, then you can pile on the security and barb wire.
 
Ah, the host files ring a bell, will look into it just now, forgot about those :D

I checked the port with one of those online utilities and it tells me port 22 is open on my router IP, so I'll assume that part is working for now.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X