Pages:
Author

Topic: SSH to Computer Behind Home Router (Read 24139 times)

newbie
Activity: 12
Merit: 0
June 28, 2011, 04:37:05 AM
#21
Hamachi works wonders too. The latest Linux client even supports their LogMeIn accounts, so you can manage all your networks from their web interface.
member
Activity: 112
Merit: 10
June 28, 2011, 03:40:07 AM
#20
With dyndns, you will be able to access only one of your computer. If you want to access the others you can do this :

Let's say you have 2 computers behind your router. Computer A and B.
You forward port 22 to computer A and you can SSH to computer A from outside.
When you are on computer A, you can access any computer on your LAN with another SSH.

Couldn't you also put SSH onto a different port on Computer B, and forward that port as well in the router? Then you could access both directly from outside?
legendary
Activity: 1284
Merit: 1001
June 28, 2011, 03:26:27 AM
#19
The best thing you can do to secure your SSH server is probably to not run it on port 22. If there is a security hole or somebody wants to try to guess your password there's more than 99.9% chance they're only going to check port 22.
hero member
Activity: 574
Merit: 500
Medical Translations for Bitcoins
June 27, 2011, 04:37:28 PM
#18
and you need dyndns or a similar service in case your ip is not static (it will be dynamic in most cases)

dyndns.org

Good point. I'll look into resolving that if the IP is dynamic.

Thanks. Smiley


no problem.

I'm now actually using my iphone/ipad to SSH into my miner from everywhere where I have 3G or WiFi Wink
sr. member
Activity: 406
Merit: 250
June 27, 2011, 11:18:26 AM
#17
FYI: port forwarding 22 from the internet to port 22 on your machine directly exposes that port.  This is not a very safe way to do it as some people will continually try to get in once they find that port is open.  (and it's very easy to find if you stick to the default port) try port forwarding a different port number that they are not likely to guess ssh'ing to.

ie:  port forward 4022 to 22.

then when you are outside your network use port 4022 when using putty or whatever ssh program.  (your router will translate it to 22 so your computer knows to receive it)

another way is to use a VPN.  that is what I use.  in which case you can act as if your are locally connected to your network from anywhere with internet access.  It has it's own security flaws, but whatever, the worst a hacker can to do my miner network is reconfigure them to mine for them, in which case I just reinstall the os and more security.  No coins on my network.

if your router is flashable with DD-WRT you can essentially turn it into a way more functional device.  Mind you the navigation and settings are a little more advanced, but nothing a miner can't figure out! (lots of documentation on their website)

in which case you can setup open-vpn on your router. 
hero member
Activity: 826
Merit: 1000
°^°
June 27, 2011, 10:07:01 AM
#16
Arent there any bots yet, that connect to an IRC channel, and wait for shell commands?
jr. member
Activity: 42
Merit: 2
June 27, 2011, 09:18:17 AM
#15
Thanks for the great info. Smiley It does seem involvled, but worthwhile to consider. So, the advantage with the option you are suggesting is security? Is that to say the barebones SSH makes things more or particularily unsecure? e.g. Opens up the network to behind the router?

Openssh by itself is fairly secure even with passwords.  I was hacked a little over a decade ago under Openssh with using passwords only but I have not see any easy exploits of Openssh in sometime.  Passwords can be brute forced though and this makes them a security breach unless you have a long random password with a mix of uppercase, lowercase, numbers and symbols.  I like the certificate keys because if you do not have the key you can not login to the box from the outside world.  I run connectbot with a generated certificate key on my android phone to log into my systems.   Locking down port forwarding with Knockd adds another level of security because if a port is open it gives a hacker a reason to try to break into your system.  If they do not know the port is open in the first place they have no reason to try.   Also they will not have an easy way of knowing which type of system is behind the port forward.  Even with a port forwarding a hacker maybe able to fingerprint your Operating System by the way the port and application on the port like sshd responds.  From their they can look for known exploits in the Operating System and try to break in.  It is better if they do not know what OS or how many computer systems are behind the router.

-Dukejer
full member
Activity: 133
Merit: 100
June 27, 2011, 09:15:28 AM
#14
Teamview is free for home "personal" use.
hero member
Activity: 924
Merit: 506
June 27, 2011, 09:01:18 AM
#13
I would disable passwords in ssh and generate a private/public key pair to login from the outside world.  I run 2 copies of sshd on my box.  One on port 22 that uses passwords but is only available on the internal LAN and 1 that is mapped to a different port that I only know that only allows access through keys.  My router disables port forwarding until I run knockd to enable port forwarding to my hidden sshd port.  Knockd is a program that listens on the Internet interface on your router and will allow you to enable port forwarding on demand when a combination of certain tcp/udp ports are accessed in the correct order that only you will know.  Basically a secret knock that will then allow you to ssh into your systems behind your router.  Also for this level of security you would have to load different firmware onto your router.  Something like DD-WRT, Tomato or OpenWRT.  This is not for the novice but secures your system much tighter.

-Dukejer

Thanks for the great info. Smiley It does seem involvled, but worthwhile to consider. So, the advantage with the option you are suggesting is security? Is that to say the barebones SSH makes things more or particularily unsecure? e.g. Opens up the network to behind the router?

hero member
Activity: 924
Merit: 506
June 27, 2011, 08:55:55 AM
#12
It's simple

Let's say you have 2 computers behind your router. Computer A and B.
You forward port 22 to computer A and you can SSH to computer A from outside.
When you are on computer A, you can access any computer on your LAN with another SSH.

I will not ask donation for this one, too simple Smiley

LOL. Thanks for not pressuring me. Though, I have donated before a little already (I'm a kinda newbie with mining). The donation was because the person helped me in depth in troubleshooting my new linux system.
The person didn't ask, but it took his/her time and expertise. Otherwise, I kinda feel we would all help each other up as a community with simple things anyway. What are forums for? Cheesy

That said. It's been actually pretty enjoyable learning about linux, mining and this little bit of networking this past couple weeks.

Thanks for your feedback! It's helpful. Smiley
jr. member
Activity: 42
Merit: 2
June 27, 2011, 08:54:45 AM
#11
I would disable passwords in ssh and generate a private/public key pair to login from the outside world.  I run 2 copies of sshd on my box.  One on port 22 that uses passwords but is only available on the internal LAN and 1 that is mapped to a different port that I only know that only allows access through keys.  My router disables port forwarding until I run knockd to enable port forwarding to my hidden sshd port.  Knockd is a program that listens on the Internet interface on your router and will allow you to enable port forwarding on demand when a combination of certain tcp/udp ports are accessed in the correct order that only you will know.  Basically a secret knock that will then allow you to ssh into your systems behind your router.  Also for this level of security you would have to load different firmware onto your router.  Something like DD-WRT, Tomato or OpenWRT.  This is not for the novice but secures your system much tighter.

-Dukejer
hero member
Activity: 637
Merit: 502
June 27, 2011, 08:37:34 AM
#10
With dyndns, you will be able to access only one of your computer. If you want to access the others you can do this :

Let's say you have 2 computers behind your router. Computer A and B.
You forward port 22 to computer A and you can SSH to computer A from outside.
When you are on computer A, you can access any computer on your LAN with another SSH.
hero member
Activity: 924
Merit: 506
June 27, 2011, 08:36:23 AM
#9
Open up whatever port your SSH is bound to from the router (usually port forward to 23) to external traffic. Depending on the SSH server you may need to set it to allow remote access as well.

ssh is port 22

Sounds right. That's what putty.exe defaults to...i.e. port 22.
hero member
Activity: 924
Merit: 506
June 27, 2011, 08:34:58 AM
#8
and you need dyndns or a similar service in case your ip is not static (it will be dynamic in most cases)

dyndns.org

Good point. I'll look into resolving that if the IP is dynamic.

Thanks. Smiley
hero member
Activity: 924
Merit: 506
June 27, 2011, 08:33:17 AM
#7
Open up whatever port your SSH is bound to from the router (usually port forward to 23) to external traffic. Depending on the SSH server you may need to set it to allow remote access as well.

Thanks. I am not sure how to modify the SSH server on the machine  I intend to access, but I think it is probably setup correctly. However, I've used the first bit of instructions from this thread to install SSH on the machine I want to access:

http://forum.bitcoin.org/index.php?topic=7514.0

Inaba, that thread author, wrote instructions as follows:

Code:
Optional First Step (Skip this if you don't care about SSH):
Optional 1: Press the upper left 'start' button on the desktop and in the search field enter 'terminal'.  Click it and open a terminal window.

In the terminal window, type:

sudo apt-get install openssh-server

This will install the SSH server.  Once the server is installed, you can connect to your machine via SSH and perform the rest of the steps listed below.

END Optional First Step

Also, I found this online, but I wasn't siure it was exactly what I need to do. It sounds like what you said.

http://www.wikihow.com/Set-up-Port-Forwarding-on-a-Router

Thanks again.
hero member
Activity: 924
Merit: 506
June 27, 2011, 08:25:02 AM
#6

Thanks for the different angle. Smiley

However, that's pretty pricey for what I need it... which is just to monitor activity and maybe launch miners or adjust fan speeds.
sr. member
Activity: 308
Merit: 251
hero member
Activity: 574
Merit: 500
Medical Translations for Bitcoins
June 27, 2011, 06:03:30 AM
#4
and you need dyndns or a similar service in case your ip is not static (it will be dynamic in most cases)

dyndns.org
sr. member
Activity: 392
Merit: 250
June 27, 2011, 02:30:14 AM
#3
Open up whatever port your SSH is bound to from the router (usually port forward to 23) to external traffic. Depending on the SSH server you may need to set it to allow remote access as well.

ssh is port 22
hero member
Activity: 602
Merit: 500
June 27, 2011, 02:19:12 AM
#2
Open up whatever port your SSH is bound to from the router (usually port forward to 23) to external traffic. Depending on the SSH server you may need to set it to allow remote access as well.
Pages:
Jump to: