Remote login into a computer on a different network. Please help..

[ajaypi]

Hello Folks,


I am a newbie to ubuntu. So kindly forgive me if my question sounds ludicrous to you.

I need to be able to login to my brother's comp, which is in another place quite far away from mine, and help him install some softwares and get some settings done for him, as he's more a newbie than me, but has been only able to install ubuntu successfully. He has a broadband connection and I have one too. I have used ssh over Lan and have been successful in this regard. From my understanding of the manual page, i don't think I can use ssh over two different networks. Which similar command/package will work for me if i want to login to his comp and execute commands as easily as i can do using ssh for two computers on the same network. Please suggest me some command line tools.

Thanking you in advance...

[Irithori]

ssh is perfectly fine for login.
The problem is to reach his computer, as it is NATed.

Can you instruct him to
1) open a port in his router firewall: e.g. tcp 2222
2) portforward tcp 2222 to <IP_of_his_computer> on port 22 tcp?

Then you should be able to connect via
ssh -p 2222 <IP_of_his_router>

[ajaypi]

Thank you very much for your instantaneous reply. But can you please further elaborate or guide me to manuals or webpages indicating me how to do it.

[Irithori]

Depends on your brother´s router.
Look into that manual,
there should be a section about port forwarding.

If not, get a decent router

[ajaypi]

okay fine....i will try it...but is there any other solution without my bro having to do much from his side??are there any softwares for this purpose???

[Draciron]

VNC can do the trick but unless it's tunneled through SSH it's a very insecure way of logging into another machine.

You do not have to forward port 22. I see no reason to do so to be honest. However with Ubuntu your brother will have to install SSHD as it's not installed by default.

sudo apt-get install openssh-server openssh-client
or use Synaptics and search for open ssh server.

sudo gedit /etc/ssh/sshd_config
Then change the line that says permit root login to say no. Save file, close.

sudo /etc/init.d/ssh start
that will start the server.

Your brother will need to open port 22 on the router. The other thing he'll need to do is hard code his IP address. So instead of doing that, have your brother connect the computer directly to the modem if possible. This bypasses the router and you will not have to do much of anything else as port 22 is open by default on Ubuntu. Otherwise what happens is your brother will have an IP address of 192.168.xxx.xxx which doesn't help you any. Routers will not forward ports unless you tell them and you have to tell them which IP specifically to forward too. So you have to set up a static IP if you want to access his machine from behind the router. Then you configure the router to forward port 22 to that specific IP address.

Use ifconfig to find out what IP addy you brother has or if your using Gnome use the little icon at the top, put your mouse over it and click on properties and that will allow you to get the IP addres and also if necessary change his IP to a static IP. In KDE the applet looks like a really fuzzy TV. If you hover your mouse over it you'll get a display similar to what the Gnome network applet gives you.

There are some commercial packages which will allow you to do VNC like connections as well. I've never tried any.

Another option however is you can write bash scripts to do what you want to do. Then email them too your brother and have him run those scripts.

[Irithori]

Thanks for the HeadsUp about the ssh daemon.

Other than that:
Yes, one can omit portforwarding by directly connecting the machine to the internet.

But this has consequences:
- The desktop PC is then exposed to the internet. So it requires a higher security. Think: samba shares, etc
- The desktop will then be the only thing with internet access.
What if there is a network attached to that router? Laptops, a PS3, WLAN devices , etc?
- Physically disconnecting and attaching devices every time he wants ssh access is undesireable.

Thinking of these points, portforwarding seems the better option to me.
And there is a chance, that the router supports that via its WebGUI. So it shouldnt be too hard.

[ptkobe]

You can use ssh over different networks. Irithori s on the money, you just need a "route" between both computers

This site may help you. Do it manually and skip the advertisement..
http://portforward.com/english/routers/port_forwarding/

Regards
Luis

[Draciron]

How does port forwarding help getting through the router? Yes you need the router to port forward to that specific machine. Routers don't understand machine names however so you have to go with a static IP and port 22 or 2222 it's still the same port and nmap type scans by default check everything below 5000. So he would be just as vulnerable either way with 22 or 2222. The days of manually scanning a network are long gone. So obfusticating 22 with 2222 loses it's value. Doesn't hurt the process, just seems unnecessary.

The key difficulty I see is for a novice user to talk his brother into creating a static IP, punching a hole in the firewall of the router, forwarding the port in the router too the specific machine, setting up and configuring SSHD and then port forwarding it. Attaching it directly to the modem if possible skips many of those steps and the only time 22 will be open is while his brother is actively logged into the machine instead of 24/7 if the router is forwarding the port to that specific machine. Yes it means the brother will manually have to reconnect to the modem each time he wants to remotely log in. If it happens often enough he'll seek a perm solution such as port forwarding through the router or more optimally just writing scripts and having his brother run the scripts. That way there's no risk of accidentally opening up unintended ports or other security problems.

Maybe newer routers are more friendly to SSH. I haven't tried to SSH in through a router in a few years. Haven't really needed too. In the past 22 has always been closed and you had to create a static IP to the router to forward too a port on a specific machine. Merely opening 22 on the router or 2222 didn't help as the router didn't broadcast and broadcasting itself on a wireless network poses it's own security woes.

[coopstah13]

port forwarding on routers is not a complicated subject, in fact, I think you are overcomplicating it by having them reconnect the modem every time directly just for remote administration

setting up a reserved IP in my router is 2 clicks, I go in the UI, it shows the list of machines given IP's by DHCP, then you click reserve and its done

then its just a simple port forwarding rule, which is only a few clicks and minimal typing

as far as changing the outside port, its more helpful than hurtful and if for some reason he at some point had another machine and wanted to do the same thing, you would need a different port anyway