SSH to home computers

If you have IPv6, you don't even need port forwarding! Simply get your permanent IPv6 address (based on your MAC address, so it's guaranteed to stay the same unless your ISP doesn't know how IPv6 works) and use this to tunnel in. As your IPv6 address is public-facing and allows the world to access you without having to go through your local NAT, you don't need to bother enabling port-forwarding anywhere. It will "just work."

Note, however, that IPv6 is still not really supported globally, and both your home internet connection and remote internet connection need to have fully-working IPv6 in order to do this.

However, if you're like most people and only have IPv4, there's still a way! Some routers allow you to forward specific source ports to specific destination ports, like so:

enter image description here

In this example, port 22 is passed directly to my machine sheepdog, while port 292 is being forwarded to port 22 on coyote.

Lastly, if your router does not have this feature, you can just change the port, as SSH is not limited to just running on port 22. You can set it to anything you want (that's not being used).

In /etc/ssh/sshd_config (you need root to edit, so sudo nano /etc/ssh/sshd_config), there is a line at the top of the file:

# What ports, IPs and protocols we listen for
Port 22

Change this to whatever you want:

# What ports, IPs and protocols we listen for
Port 2992

Restart the SSH server with sudo service ssh restart, and forward the port on the router.

However, for this use case, I would consider if SSH tunnels are the right thing to do. Perhaps you should set up a dedicated VPN server on your home network? This will allow you to access your entire home network from anywhere, provided you have the proper security credentials needed by the VPN. Additionally, there is slightly less overhead with a VPN; you'd typically only need to forward one port for one machine.


An easy way to solve this problem is to map different ports from your router to the port 22 of your machines. For example, you can have the following settings in your router (assuming your router has IP 1.2.3.4)

1. 1.2.3.4:22   --> ubuntu:22
2. 1.2.3.4:8888 --> raspberrypi:22
3. 1.2.3.4:9999 --> windows:22 (or some other port)

Then when you use ssh, specify the port you want to use by typing

$ ssh <username>@<router ip> -p <your port>

Now you should be able to connect to all your machines.


If you know one of your computer is always up, you also have the possibility to use it as an ssh proxy.

let's say your have a domain name setup for your external IP address (i.e myhome.dyndns.com or whatever), what you will do is connect on one computer (let's say raspberry is always up, and you forward the port from your router to it), the your ssh connections will be:

school --> (router, transparent here) --> raspberry --> ubuntu or windows

now, in your ~/.ssh/config at school, add the lines:

Host ubuntu 192.168.1.51
    Hostname ubuntu (change to match your setup)
    User myraspberryuser  (change it ;-) )
    IdentityFile ~/.ssh/id_rsa   (The path to your private key, on the school computer, better on an usb key if public computer)
    ForwardAgent yes
    RequestTTY yes
    ProxyCommand ssh -W %h:%p %[email protected]

To connect then:

ssh-add ~/.ssh/id_rsa # to do only once per session
ssh myuser@ubuntu (login without password)

From now, if you type ssh ubuntu, the computer will first connect to the raspberry, and then start an ssh session to the ubuntu computer.

I recommend you, whatever the port you choose to forward, to disable password in /etc/sshd.conf to permit only login through ssh key. This way, if you setup the key on the raspberry and on ubuntu, with the parameter 'ForwardAgent', you will have to only unlock the key and then no password is required to connect. This way, even if bots are trying to login on your ssh, they will never be able to login since you disallow password logon.

Bonus, this works also with scp, scp foo ubuntu:/tmp/foo will use the same setup without further parameters. Bonus 2, this setup does not require any change at home, if tomorrow you and another computer, just copy/paste the code in your ssh config, change the host and ip, that's it, no need to open a new port on the router

Tags:

Ssh

Networking

Port Forwarding

Related

Which is the process using apt-get lock? What to do about update-initramfs errors during kernel upgrade? How to remove Wireshark from my Ubuntu 16.04 LTS? apt build-dep fails, unable to locate source package, despite deb-src lines present in the /etc/apt/sources.list.d folder How can I display text from a file automatically after powering up my computer, in text editor or terminal? Switch keyboard layouts with i3 Cannot copy to USB - every USB stick is read only (16.04) How to revert USB wifi interface name (from wlxXXXXXXXXXXXX to wlanX)? Using Chromium v52, Chromecast no longer works and can't find device Why doesn't the 'su' command work in Ubuntu but does in other Linux distros? Upgrading to MySQL 5.7.15 crashes on Ubuntu 16.04 Why does division in bash arithmetic compute most percentages as 0?

Recent Posts