LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-09-2009, 10:05 AM   #1
JacekZ
Member
 
Registered: Sep 2005
Location: Notts, England
Distribution: Debian 6
Posts: 69

Rep: Reputation: 15
connecting with ssh to remote location


I'm sure this will be a simple syntax question for many of you, but the answer is evading my searches right now. I'd like to connect via ssh to a computer at a different location. I understand that I need to type:

ssh user@remoteIP

but what is baffling me, is how to specify that remote IP address, since when I've done this before within a LAN the IP addresses are just one part addresses, e.g. 162.168.xxx.xxx

But with trying to access a remote machine, there's the IP to their location YYYY.YYYY.YYYY.YYYY to deal with, and then the IP on their LAN.

The question is, how do I put the X's and Y's together into one command?

Thanks
 
Old 05-09-2009, 10:12 AM   #2
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,501

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
ssh needs to be forwarded to the local machine on the remote site
public ip yyy.yyy.yyy.yyy => forwarded to xxx.xxx.xxx.xxx (local ip)
So you just ssh to the public ip, and you will be forwarded to the local ip.
You can not ssh to a private ip, if it is not forwarded from the public ip by the firewall.
 
Old 05-09-2009, 10:26 AM   #3
JacekZ
Member
 
Registered: Sep 2005
Location: Notts, England
Distribution: Debian 6
Posts: 69

Original Poster
Rep: Reputation: 15
Thanks for the quick reply. I typed:

ssh username@YYYY.YYYY.YYYY.YYYY => XXXX.XXXX.XXXX.XXXX

and got no response (connection timed out)

Did I do the forwarding the way it was meant to, or was "=>" shorthand?
 
Old 05-09-2009, 10:27 AM   #4
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,501

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
You can not ssh to a private ip on a remote network, unless it is forwarded by the firewall on that remote server to the local IP

Last edited by repo; 05-09-2009 at 10:30 AM.
 
Old 05-09-2009, 10:33 AM   #5
JacekZ
Member
 
Registered: Sep 2005
Location: Notts, England
Distribution: Debian 6
Posts: 69

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by repo View Post
You can not ssh to a private ip on a remote network, unless it is forwarded by the firewall on that remote server to the local IP
Repo, you've probably guessed the next question (probably I should have asked this on the newbie forum): how do I get the firewall on the remote server to forward ssh to the local IP? Is this part of the SSH setup on the machine being connected to? Or do I do something on the remote side?
 
Old 05-09-2009, 10:39 AM   #6
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,501

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
Do you have access to the remote firewall?
Which firewall?
just forward port 22 to the required local ip
 
Old 05-09-2009, 11:04 AM   #7
JacekZ
Member
 
Registered: Sep 2005
Location: Notts, England
Distribution: Debian 6
Posts: 69

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by repo View Post
Do you have access to the remote firewall?
Which firewall?
just forward port 22 to the required local ip
Access - yes, via the phone with an elderly user who will only bear so much keying in..

Using Fedora 10 with default firewall. We have forwarded the local ethernet device on his machine, TCP port 22 to his local IP address, but still no connection. He has a cable modem that works like a router with what sounds like DHCP.
 
Old 05-09-2009, 11:12 AM   #8
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,501

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
How is the network setup?

Code:
router => firewall (fedora 10) => local machine with ssh enabled
or something else?

Make sure the port for ssh is open at the router also.
Is the ssh deamon running?
Does your ISP allow connections on port 22 ?

What is the output from
Code:
nmap <public ip>
 
Old 05-09-2009, 12:34 PM   #9
JacekZ
Member
 
Registered: Sep 2005
Location: Notts, England
Distribution: Debian 6
Posts: 69

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by repo View Post
How is the network setup?

Code:
router => firewall (fedora 10) => local machine with ssh enabled
Pretty much so, the adsl phone wire comes into the modem, then the network cable goes into the fedora computer which runs the standard firewall. The modem has some limited routing functions.

Quote:
Make sure the port for ssh is open at the router also.
The router has port settings but they seem reluctant to be enabled ..working on it

Quote:
Is the ssh deamon running?
should be, it is default in the distro.

Quote:
Does your ISP allow connections on port 22 ?
His ISP does, mine is silent on the matter, but no suggestion they do not.

Quote:
What is the output from
Code:
nmap <public ip>
nmap is not installed on his machine but he's had his fill for one day now. I tried to run it on mine (with my own public IP), it shows only
Code:
Not shown: 1713 closed ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https
For testing it would help to understand the correct syntax I should be typing at the terminal. Which of the following is correct?

$ ssh username@publicIP
$ ssh username@publicIP => LocalIP
$ ssh publicIP => username@localIP

Thanks again.

Last edited by JacekZ; 05-09-2009 at 12:37 PM.
 
Old 05-09-2009, 12:41 PM   #10
Bradfirj92
LQ Newbie
 
Registered: Sep 2008
Distribution: CentOS 5 / Fedora Core 10
Posts: 18

Rep: Reputation: 0
Simplest syntax of all is

Code:
ssh publicIP
Then you enter your username and password in interactive mode.
 
Old 05-09-2009, 12:54 PM   #11
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,501

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
Quote:
should be, it is default in the distro.
what is the output from this command on the remote server?
Code:
ps ax | grep sshd
Is the ssh server running on the f10 box ?


Quote:
For testing it would help to understand the correct syntax I should be typing at the terminal. Which of the following is correct?

$ ssh username@publicIP
$ ssh username@publicIP => LocalIP
$ ssh publicIP => username@localIP
Seems to me you are confused

the syntax is
Code:
ssh user@IP
or
Code:
ssh ip
Quote:
nmap is not installed on his machine but he's had his fill for one day now. I tried to run it on mine (with my own public IP), it shows only
you can run nmap from your machine
Code:
nmap <remote ip>
where remote ip is the public ip from the remote machine
 
Old 05-09-2009, 12:58 PM   #12
mrclisdue
Senior Member
 
Registered: Dec 2005
Distribution: Slackware -current, 14.1
Posts: 1,046

Rep: Reputation: 170Reputation: 170
Actually, since the person you're trying to help has limited keying ability, why don't you have him forward his ssh port to you so that you can connect to him locally?

From his machine, he would key:

Code:
$ ssh -p<your ssh port> -N -f -R <his ssh port>:localhost:<the port you wish to listen on> <your ip>
Then, on your machine:

Code:
$ ssh -p<the port you wish to listen on> localhost
and you're connected....


cheers,

Last edited by mrclisdue; 05-09-2009 at 12:59 PM.
 
Old 05-09-2009, 02:45 PM   #13
JacekZ
Member
 
Registered: Sep 2005
Location: Notts, England
Distribution: Debian 6
Posts: 69

Original Poster
Rep: Reputation: 15
Thanks to you all for your help so far.

Quote:
Is the ssh server running on the f10 box ?
We've had to call it a day at the other end for now, but confirmed that sshd is definitely running both ends (verified through system/administration/services list on both f10 boxes).

The modem/router is a Siemens speedstream 4101 if that helps.

Quote:
Seems to me you are confused
Absolutely - more so now: mrclisdue - you talk of a powerful and advanced use of ssh. But if I understand this right it means getting my 80+ yr old dad to forward his port to my port at my IP. All of this through the ports on his and my routers. 4 ports in all.. Unless you label them all A-D I don't know which is which. Both my dad and I have DCHP and probably NAT, so the last thing I want him to have to do is key in a new forwarding string every time his or my IP changes. It is enough for him to look up his IP address on a website and tell me over the phone. The theory is I then log into his machine and update it, sync photos, files etc. Your suggestion looks like a powerful solution, but I don't understand ssh well enough yet. Need to read more about it. What particularly throws me is whether 'forwarding' is something that happens on the sender or reciever of a communication, or if it refers to the setup.

Quote:
$ ssh -p<your ssh port> -N -f -R <his ssh port>:localhost:<the port you wish to listen on> <your ip>
mrclisdue - can you explain when you said "my IP" in the code example, did you mean my public or local IP? And when you said 'local host' is that the two local ip's or local machine-names, or just the plain expression 'local host' in both cases?

Quote:
you can run nmap from your machine ..where remote ip is the public ip from the remote machine
It said:
Code:
Starting Nmap 4.68 ( http://nmap.org ) at 2009-05-09 17:24 BST
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 2.026 seconds
I guess his IP had changed? Will try again another day.

Thanks again..
 
Old 05-09-2009, 03:00 PM   #14
dxqcanada
Member
 
Registered: Sep 2006
Location: Canada
Distribution: Gentoo
Posts: 702

Rep: Reputation: 43
Your Linux --- Router ---- Internet ---- Router --- His Linux

Your Linux will SSH to the public IP Address of his router.
You will need his Router's current IP Addr ... or see below about DynDNS.

His Router will have a Port Forwarding entry.
Port 22 ---> forward to His PC.
If his Router is smart enough it will have a table to point to his PC no matter what the IP Address is ... otherwise you may have to fix the IP Addr that his PC receives.


Use DynDNS to update a dynamic IP Addr to a specific Domain host name.
DynDNS.org has a free service and a Linux client that he can install.
His Router may already support DynDNS.

Then you can SSH using the Fully Qualified Domain Name that is setup.

Last edited by dxqcanada; 05-09-2009 at 03:02 PM.
 
Old 05-09-2009, 03:02 PM   #15
mrclisdue
Senior Member
 
Registered: Dec 2005
Distribution: Slackware -current, 14.1
Posts: 1,046

Rep: Reputation: 170Reputation: 170
Basically, my method requires that you do all the work on your end - ie., make your machine available over the internet, to your father, rather than asking your dad to open ports, firewalls, etc., on his end. He would have to issue an, ultimately, simple command, in a terminal, that you'll text, or email, or im him, so he just has to do a cut and paste.

So, let's assume that you have sshd listening on something other that the default, for security's sake, port 5555. And, your port 5555 is available from the internet, and your ip address is 65.555.555.555. Either your dad is setup on your machine as a user, or he knows your user/pass, etc, is up to you.

Dad's ssh port is default 22. You will listen on port 7777 of your machine.

Dad types:

Code:
ssh -p5555 -R 22:localhost:7777 <username>@65.555.555.555
This tunnels all traffic from his port 22, to your local port 7777.

Localhost resolves to your loopback device 127.0.0.1.

So, you issue the command:

Code:
ssh -p7777 localhost
and you're connected to him to carry out your tasks.

cheers,
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't SSH to remote machine: Connection closed by remote host Avatar Linux - Networking 34 05-24-2013 09:28 AM
auto-login script for connecting to remote m/n by using telnet/ftp/ssh Uday123 Programming 5 10-12-2011 11:31 AM
Reverse,Port Forwarding via SSH and connecting from two different location metallica1973 Linux - Networking 2 12-20-2008 04:42 PM
starting X securely on a remote location yawe_frek Linux - Networking 2 12-12-2007 09:57 AM
ssh not connecting to a remote machine. Eux Debian 5 09-22-2004 04:44 AM


All times are GMT -5. The time now is 07:02 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration