This is probably a stupid question, but I don't seem to find the answer:

I have a router with a static IP-address (say 123.123.123.123), which is connected to my two computers (192.168.1.60 and 192.168.1.61).

I know how to use SSH from 192.168.1.60 to 192.168.1.61, but not how to use it from a computer outside my LAN.
Also (probably more stupid): I have to open port 22 on my router, right? Are there any more settings that I need to make it work safely?

You need to set your router to forward port 22 traffic to the IP address of your ssh server. You also need to make sure that the firewall on your ssh server won't get in the way.

That should get you basic ssh connections from the outside world, however, you REALLY need to harden ssh with a few steps:

- Turn off root access via ssh. No arguing, just do it.
- Make sure you are using only Protocol 2
- Learn how to use the AllowUsers directive in your sshd_config file. This helps control what users are allowed ssh access.
- Make extremely sure that passwords are strong.
- Seriously consider turning off password access and moving to key authentication.

People ARE going to take a rip at cracking this, make sure your prepared.

Besides Hangdog42's very nice suggestions, there are a few more,

1. limit max authentication tries in the ssh server
2. run ssh server on a different port (not 22) if sftp is not used

These steps can protect your server from most dictionary attacks.

Thank you both.

What would the IP address to the SSH server be? 192.168.1.60@123.123.123.123?

I think just 192.168.1.60 should do fine. I'm not sure what you're trying to do with the @123.123.123.123 bit but I've never seen a home router need something like that. Is there something else you're trying to do?

I know almost nothing about networking, but isn't there an outer IP (the address for people outside my local area network; my internet provider tells me it is 81.216.131.26) and an inner (that would be 192.168.1.66 for my router). Since all of my computers are connected to the Internet through the router, I reckoned other computers could not see them directly. Sorry if I was unclear.

Nope, I was just too lazy to look up my real IP

Your right about the outer (WAN) and inner (LAN) addresses. To the rest of the world, all of your computers are just your WAN address and it is up to your router to keep straight which packet goes to which LAN computer. Which is where port forwarding comes in. When an SSH packet arrives at your router, it has absolutely no idea what to do with it. Adding the @123... bit is almost certainly meaningless to your router. However, if you have port 22 forwarded to one of your machines, then the router will pass that packet on. If you need to have access to more than one machine, you'll need to set the other SSH servers up on ports other than 22, and forward those ports to the proper linux box.