Hi all.

I have a problem with ssh'ing to a linux (suse 8.1) machine behind a router.

I have two suse machines: one 8.2 and one 8.1. The one (8.1) machine is on a lan behind a router, using an ADSL internet connection. The other is on a university network. I can easilly access the one on the university network (the 8.2 machine) from the one behind the router (the 8.1 machine). "ssh ip.at.univ.edu".

But I do not know how to do the reverse. I do not know what ip to use, i do not understand the netmask and lan IP and all the other terms I see floating around on the forums.

Can someone please help.

Thx
The Sakkie

This might be wrong, but I *think* you've gotta set up port forwarding on your router to point to your LAN IP (eg. 192.168.0.1:22) and you'd use your external (ie. internet IP) to connect. For example, if you had xxx.xx.xx.xxx:23 forwarding to 192.168.0.1:22, you'd do ssh xxx.xx.xx.xxx:23. Sorry if that's not too clear and again, it might be wrong. Would need to look at your router's documentation to set up port forwarding.

What Nylex is saying is right but depending on your router you may need to open the port as well as forward it.

Oh yeah, true. Lol.

I have a "sitecom router 4s".
I think i know what you mean, there is an option in the routers configuration where you can write an aplication name, set it's type as "udp/tcp"; its incoming (start-finish) and outgoing (start-finish) ports.

examples of such applications are: paltalk, strcraft, etc. Is this where I have to set it up, and if so; what are the values i need to enter for the ports.

Thanx for your help
The Sakkie

Yes - that is it. You need to forward port 22 to port 22 of your linux box on the inside of your lan. Like I said earlier there may be an option to open the port as well.

I think i have done that. When I ssh from my university machine to the one behind a router, what ip address do I use? Just the router IP?

when i type in "who am i" while loged into my university machine from behind the router I get the following reply: Jul 11 18:30 (adslXXX.XXX.XXX.nl). but when i try to ssh to that adress, it does not work?

Any ideas?
Sorry if I ask a lot of stupid questions! :-)

The Sakkie

Yes you should use the ip of the router. make sure that that is your IP address though and not a proxy or something.

You may also want to make sure that your ISP lets you accept connections on that port. Some ISPs block access to those and so oyou may need to use a higher port number.

I still cant get it to work; I am sure about the IP adress, I got it from the router "software". But how is it possible that i can ssh "out" from the PC behind the router, but not "in"? Could it then still be the ISP?

The other problem that I have, i supose it has nothing to do with the current problem, is with the x-server. I cant get my graphic user interface to work; While ssh'ed into the university pc from behind the router, the graphics wont work. I have done this previously from other machines, not behind the router. The xhost +, etc is set. If this has no relevance, just ignore it. I just thought perhaps it also has something to do with blocked ports?

Yes - the isp may still be blocking connections on port 22 to your machine.

I take it you mean exporting programs over ssh? Have you used export to set the display to use? eg:
export DISPLAY=ip.of.other.machine:0

I dont usualy do that; but I tried it now, and it does not work;
xxx@xxx ~ % export DISPLAY=130.xx.xx.xx:0
xxx@xxx ~ % konqueror
konqueror: cannot connect to X server 130.xx.xx.xx:0

Any ideas? Does this also run through port 22?

PS. you said I could use a higher port number...
How do I do that?

All you need to do is change the settings on your router to forward higher port to your internal IP.You can still use port 22 on your server machine for SSH, that shouldn't matter. For example, you could forward from xxx.xxx.xxx.xxx:50 to 192.168.0.1:22 (well, as long as port 50 was unused). Which port you can use, obviously, depends on which ports your ISP is blocking..

There was a post from someone the other day who could only forward the same port to another machine eg 80 - 80. It depends on your router. If you can't forward port 5000 say to 22 theh you can add this to the top of sshd_config and restart it:
Port 22
Port 5000

When connecting you will need to remember to change the port on the client. See the man page or help file for your client on how to do it.

As for X forwarding - it uses port 6000. You will need to forward that port too or do it over an ssh encrypted tunnel on port 22:
1) From the machine you are on (Xserver with display)
ssh -R 6000:127.0.0.1:6000 -l USER_ON_CLIENT -N ip.of.client.machine
2) Allow connections from the client - on the server run
xhost + ip.of.client.machine
3) Open another ssh session (leave the other as it is - no bash prompt "Ctrl + C" to end) to the client and set your display (this is the default - you only need to change it if you have set it different before)
export DISPLAY=127.0.0.1:0
4) Run your program
konqueror

One reason it may not have worked before (only just thoguth of this) is that some apps prefer a call like "konqueror -display=ip.of.x.server:0" rather than reading it from the DISPLAY variable.

if you not want to open your whole X server, you also might try ssh -X remote_host
or ssh -Xf remote_host <program_name>