Announcement

Collapse
No announcement yet.

SSH Setup

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    SSH Setup

    I'm trying to configure my home computer to allow SSH from an outside location (work, friend's house, etc). I've done a bit of searching for how I might accomplish this but was hoping to get a more definitive answer.

    Step 1:
    Configure my home router to forward port 22 to my Linux box.
    How? I enter the admin functions on my router and enable port forwarding to an internal IP address.
    Which IP address is my Linux box?
    Code:
    user@host:~/$ ifconfig
    Search for "inet addr:" under the "eth0" section.

    Step 2:
    Determine your outside IP address.
    whatismyipaddress.com

    Step 3:
    Install an ssh server.
    Code:
    user@host:~/$ sudo apt-get install openssh-server
    Step 4:
    From an outside location try to SSH to your home box.
    Code:
    user@host:~/$ ssh home_username@outside_ip_address
    Are these steps correct? Am I missing something? Do I need to ensure that my home computer will accept ssh requests from outside ("untrusted") locations? Is there a decent way to test this while at my home computer?

    Are there any other issues I can expect when trying to do this?

    Any help would be greatly appreciated. Thank you!
    Tags: None
    • Top
    • Bottom
    #2
    Re: SSH Setup

    See SSH (Kubuntuguide - Maverick)
    Windows no longer obstructs my view.
    Using Kubuntu Linux since March 23, 2007.
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes
    • Top
    • Bottom

    Comment

      #3
      Re: SSH Setup

      Oh, very nice. Thank you very much. I'm surprised this didn't come up with the searching I did before my post. I've searched a lot of places. haha
      • Top
      • Bottom

      Comment

        #4
        Re: SSH Setup

        One thing that you may want to consider, you will need to either reserve an IP address on your router if it is your dhcp server, or set a static ip address on your computer.
        This will ensure that your pc always has the same ip address, the one that port 22 is being forwarded to.
        If not it may change sometime and then you will mysteriously lose access.
        You don't need a license to drive a sandwich.
        • Top
        • Bottom

        Comment

          #5
          Re: SSH Setup

          fwiw - don't use the default port of 22 either as it invites a lot of brute force attacks. Instead use one in the upper echelons somewhere as most of them are free.
          Once your problem is solved please mark the topic of the first post as SOLVED so others know and can benefit from your experience! / FAQ
          • Top
          • Bottom

          Comment

            #6
            Re: SSH Setup

            I'd add another step.

            But first, I'd should follow "toad's" advice and change ssh's default port from 22 to a non-standard port such as 47. This will make it more difficult for intruders to gain access to your computer.

            After changing the ssh's port number, check your /etc/hosts.deny, /etc/hosts.allow files. Make sure that you can gain access from outside of your local network.

            If /etc/hosts.deny blocks all hosts/ip addresses, then /etc/hosts.allow will need to contain an entry such as SSHD: 64.1.1. :allow (provided 64.1.1. is the your IP address at the remote location.) Sadly, this means that you need to know your remote location's IP address before you get there, which you don't. So you either need to have somone back home edit this file /etc/hosts.allow or you need to grant all IP addresses access until you can edit this file remotely.

            Of course if you could deny all IP addresses for all services in /etc/hosts.deny and then allow all IP addresses for only one service, such as ssh, by adding this entry in /etc/hosts.allow (SSHD: 0.0.0.0 :allow)

            Then once you've successfully logged in to your home computer from a remote location, you could edit the /etc/hosts.allow file and change the SSHD: 0.0.0.0 : allow entry to your specific IP address, which you obtain using http://www.whatismyip.com. Then replace SSHD: 0.0.0.0 : allow with SSHD: 64.1.1. : allow Note that you should only specify the first 3 groups of numbers in the IP address so that if your remote ISP changes your IP address, you can still gain access to your home computer.

            HOW TO EDIT FILES REMOTELY
            ======================
            after successfully logging into home computer from remote location, use the following commands....

            sudo su <E>
            pico /etc/hosts.allow <E>
            ... make changes ...

            #SSHD: 0.0.0.0 :allow
            SSHD: 64.1.1. :allow (note replace first 3 numbers with your remote IP address)

            control key + X (quit)
            Y (yes to save)
            exit ( to exit root space and return to user space)
            • Top
            • Bottom

            Comment

            Previous template Next
            Working...
            X