Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    How to make SSH server listen to connections?

    Hello, an server in the internal network LAN which dont have any public IP. How to achieve any computer from internet can conenct its SSH without doing port forwarding on the LAN router and without touching router? Currently it cant connect.. Thank you

  2. #2
    Linux Guru
    Join Date
    Dec 2013
    Victoria, B.C. Canada
    The point of internal IP ranges is that they aren't visible to the internet. That means you need to map the ports on your router if you want to connect to them.

  3. #3
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    gregm is correct.
    However, one *could* start a ssh client session on that internal server to a ssh server with a public IP.
    You would configure that session for remote port forwarding.

    But this approach is not exactly stable:
    - If the connection breaks for any reason, the client needs to be restarted. Which you cant, because the session is your way in.
    - The setup is complicated and more fragile because of that extra server
    - It involves non standard ports, therefore potential additional firewall and other configurations

    I would recommend to look at that router if it has any vpn capabilities and if yes: Use that.
    You must always face the curtain with a bow.

  4. $spacer_open
  5. #4
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    You need to tell your router to forward port 22 requests to your server, and DO make sure your server /etc/ssh/sshd_config is properly configured, otherwise you are likely to get pwnd! IE, DO NOT allow root logins, set it up so that userid/passwords are not allowed - only properly signed keys can be used, etc. To do this securely is a real PITA - we have an entire network security department to be sure that it is done properly - and then we mostly only allow VPN connections and then SSH to internal servers. Now that we have a major presence in the "cloud", this is even more important.

    So, I agree with Irithori that a VPN is a better bet for you. Assuming you have a static IP address assigned to your router, you can set up a VPN server behind the firewall, and use self-signed certificates for access to the VPN host node. Once you connect to the VPN, you are then a part of the local network behind the firewall.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts