Find the answer to your Linux question:
Results 1 to 9 of 9
i have been searching on the web on remote ssh for a year. every time i got a howto, it confused me even more. so i created a diagram, here ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2006
    Posts
    36

    Unhappy ssh behind router


    i have been searching on the web on remote ssh for a year. every time i got a howto, it confused me even more.
    so i created a diagram, here is the link:
    http://kami.freehostia.com/ssh-what.jpg

    the computer A wants to ssh to computer B. both computers have fedora 9. router B is a dlink adsl router having its own ssh server running on it on default port 22. so tell me in simple words (considering me a newbie ), which command on which computer i will have to give. tell me any possible mean without considering security, i badly need this

    also tell if any configuration required on router B (port forward, proxy or whatsoever)

  2. #2
    Linux Newbie danielsmw's Avatar
    Join Date
    Nov 2006
    Location
    Clemson, SC / Charleston, SC
    Posts
    110
    Yeah, I have to do this with my server at home which is behind a router. If you want to get to computer B, then you need to go into router B's settings and forward port 22 to 192.168.1.5. Then, from computer A, you should only have to type:
    Code:
    ssh username@203.124.97.58
    When your router starts receiving the ssh connection, it will "patch it through" to port 22 (the default ssh port) on computer B.

    Make sure that computer B is running an ssh server, btw.
    Registered Linux User: #479567
    Asking a question? Read this page first.
    Now... sudo make me a sandwich.
    ratiocinativeroot.blogspot.com

  3. #3
    Linux Engineer Freston's Avatar
    Join Date
    Mar 2007
    Location
    The Netherlands
    Posts
    1,049
    Yeah, as danielsmw points out, all you need is to forward port 22 in your router towards computer B.

    In the configuration screen of the router
    - port forwarding [enabled]
    forward 22 to 192.168.x.xx (or whatever your computer has assigned as internal IP)


    Now from outside:
    ssh -l username 77.38.1.231 (yeah that IP is just an example, it's your external IP address)

    That's all there is to it. One of the confusing things about ssh is that it accepts multiple types of syntax, as you can see danielsmw and I use different syntax.




    Now the first thing you will want to do is disable root logins on the ssh server.
    Code:
    vim /etc/ssh/sshd_config
    # Add or uncomment this line:
    PermitRootLogin no
    You can always su or sudo to root on the server, just not login as such. Do this, because it's the first line of defense. The root account will be frequently attacked, as I know from experience. The attackers are 'just' bots and scriptkiddies, so you are far from defenseless.

    Once you are more comfertable that it works, I reallt do recommend moving the ssh port to some non-default and high number. That is not a security measure, but it keeps the logs a lot cleaner, as bots and scriptkiddies tend not to scan outside the normal range of ports.

    And have fun with it! ssh is very useful
    Can't tell an OS by it's GUI

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Dec 2006
    Posts
    36
    i tried port forwarding but no success... this is my router iptables output:

    Chain FORWARD (policy ACCEPT)
    ACCEPT udp -- anywhere 192.168.1.5 udp dpt:ssh
    ACCEPT tcp -- anywhere 192.168.1.5 tcp dpt:ssh

    Btw, i am testing ssh connection on the same computer by giving my external IP. does it matter?

  6. #5
    Just Joined!
    Join Date
    Sep 2008
    Posts
    73
    You might consider using a dedicated DMZ server behind your router to allow access to services that you want available externally without having to specifically define them via port forwarding/triggering.

  7. #6
    Just Joined!
    Join Date
    Dec 2006
    Posts
    36
    i checked DMZ but its not working. i forwarded both tcp and udp on port 22222 of my router to my computer and configured my sshd to listen on port 22222 but no luck! i disabled UPnP but no success.
    when i nmap to my router for port 22222 it says port is closed. is there any other way to check whether the problem is in router or my computer's sshd. any suggestion for sshd_config?
    my router is DLink ADSL 2640-T, is there anyone who successfully forwarded ssh connections using this router?

  8. #7
    Just Joined!
    Join Date
    Dec 2006
    Posts
    36
    can i use -R option with ssh to create a tunnel and forget about router's configuration? if yes, how?

  9. #8
    Linux Engineer rcgreen's Avatar
    Join Date
    May 2006
    Location
    the hills
    Posts
    1,134
    Btw, i am testing ssh connection on the same computer by giving my external IP. does it matter?
    Depends on the router. The only reliable way to test is
    from outside your network. Also, if the router is running
    an ssh server exposed to the outside, you will get this server
    when you ssh to your external IP address, instead of the one
    on the computer.

  10. #9
    Just Joined!
    Join Date
    Dec 2006
    Posts
    36
    finally got it done! port forwarding was working correctly. the only problem was that i was testing it from the same computer. now i've tested outside the network and it works...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •