What is the easiest way to allow remote SSH access to a private IP behind my dsl rter

abefroman · 03-26-2009, 10:05 AM

What is the easiest way to allow remote SSH access to a box on a private IP behind my dsl router?

TIA

jim_fields · 03-26-2009, 10:13 AM

What you are looking for is dynamic dns. I've used this service in the past and it has worked quite well. The page is informative and gives step by step instructions for set up.

http://www.dyndns.com/services/dns/dyndns/

tizzef · 03-26-2009, 10:14 AM

Hi

- You have to do NAT in your router, (ig: redirect port 22 to your @IP in your private network)
- You have to open the port for SSH on your box.

that's all folks

abefroman · 03-26-2009, 10:14 AM

Quote:

Originally Posted by jim_fields

What you are looking for is dynamic dns. I've used this service in the past and it has worked quite well. The page is informative and gives step by step instructions for set up.

http://www.dyndns.com/services/dns/dyndns/

Thanks an that will point to a private IP? Like 192.168.0.100?

jim_fields · 03-26-2009, 10:16 AM

Yes, but you need to configure your dsl router for port forwarding

camorri · 03-26-2009, 10:21 AM

The easy way is to set up a DMZ to the target machine. The bad part is the entire machine is open to external attacks. You should run a firewall on the target box, if you set up a DMZ in the router.

The safer way would be to use port forwarding in the router to forward port 22 to the IP address of the target machine. This only opens one port to one IP address.

Either way you have to do it with the router configuration.

abefroman · 03-26-2009, 10:34 AM

Quote:

Originally Posted by camorri

The easy way is to set up a DMZ to the target machine. The bad part is the entire machine is open to external attacks. You should run a firewall on the target box, if you set up a DMZ in the router.

The safer way would be to use port forwarding in the router to forward port 22 to the IP address of the target machine. This only opens one port to one IP address.

Either way you have to do it with the router configuration.

Thanks, that worked and I will do the firewall now.

farslayer · 03-26-2009, 10:36 AM

Quote:

Originally Posted by abefroman

Thanks an that will point to a private IP? Like 192.168.0.100?

Not directly..
That will provide a friendly name that will point to the Public IP of your Router.

You must configure your router to forward port 22 to the private IP of the machine you wish to SSH to..

Do NOT use the DMZ option in your router, as stated above that is insecure and exposes your PC to the Internet.. Only forward a single port from your router to the PC in question.

if you said what router you have I would bet someone could point you to directions for forwarding a port.

abefroman · 03-26-2009, 10:41 AM

Quote:

Originally Posted by farslayer

Not directly..
That will provide a friendly name that will point to the Public IP of your Router.

You must configure your router to forward port 22 to the private IP of the machine you wish to SSH to..

Do NOT use the DMZ option in your router, as stated above that is insecure and exposes your PC to the Internet.. Only forward a single port from your router to the PC in question.

if you said what router you have I would bet someone could point you to directions for forwarding a port.

Linksys, I figured it out thanks for the help!

farslayer · 03-26-2009, 10:13 PM

if you are opening a port for ssh, and wanted to further secure it, you could look into fail2ban which can be used to automatically block connections from people that make multiple failed login attempts to your machine. prevent them from trying to brute force the password. Depends on how secure you want to be, or how paranoid you feel

Other than that, glad to hear you have it working