LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-04-2015, 08:53 PM   #1
Fred Caro
Member
 
Registered: May 2007
Posts: 999

Rep: Reputation: 166Reputation: 166
ssh login without static ip or ddns


I am trying to log in to my home computer that is behind nat addressing and has no fully qualified domain.
Using my external address I get a 'not found' error with something like this:
Code:
ssh -l me :external-address:
Perhaps leave out the ":" ?

Ports and keys are set in config and user files.

If I run dig against the 'external-address' it reports the correct pc as forwarded by the router.

Must be doing something stupid!

Fred.
 
Old 08-04-2015, 09:23 PM   #2
Emerson
LQ Guru
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~arch
Posts: 6,147

Rep: Reputation: Disabled
ssh x.x.x.x -l me

or

ssh me@x.x.x.x
 
Old 08-05-2015, 05:22 PM   #3
Fred Caro
Member
 
Registered: May 2007
Posts: 999

Original Poster
Rep: Reputation: 166Reputation: 166
Emerson,
thanks for reply but niether:

ssh -l me :x.x.x.x:

if I leave out the colons, it does connect (I think) and asks for key password and then hangs.
The public rsa key for the local machine is on the remote server in autherized_keys. Nothing in the ufw logs to indicate any blocking.

Anyone any thoughts?

Fred.
 
Old 08-05-2015, 05:52 PM   #4
michaelk
Moderator
 
Registered: Aug 2002
Posts: 16,322

Rep: Reputation: 1905Reputation: 1905Reputation: 1905Reputation: 1905Reputation: 1905Reputation: 1905Reputation: 1905Reputation: 1905Reputation: 1905Reputation: 1905Reputation: 1905
Can you login to the home computer on the LAN side?

You can add -v option to add debug information. Multiple -v add additional messages with 3 -v being the max.

Make sure the permissions for the .ssh directory and keys are correct.
 
Old 08-06-2015, 05:42 PM   #5
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,711

Rep: Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279
The problem is that you are attempting to login to the router, not the PC.

To have that work, you have to configure the router to forward the ssh port to your PC. That takes the router out of the connection path - anything that connects to that port is automatically forwarded to the PC to handle.

Now a connection to your public address will be forwarded to the PC and you can login as you expect.

NOTE: This means that you PC has to treat that port as if it were directly connected to the internet...
 
Old 08-06-2015, 08:18 PM   #6
Fred Caro
Member
 
Registered: May 2007
Posts: 999

Original Poster
Rep: Reputation: 166Reputation: 166
Thanks for the replies.
not sure what this means:
Quote:
NOTE: This means that you PC has to treat that port as if it were directly connected to the internet...
I assume that port 80, or its equivalent is also directly connected to the internet?

This pc is experimental and the router only forwards outside connections to that pc besides web browsers and email.

Is that set up a security risk?

I changed the file permissions as per html.faq in /usr/share/doc/openssh-server and now I can login remotely.

Any thoughts?

Fred.
 
Old 08-09-2015, 08:43 PM   #7
Fred Caro
Member
 
Registered: May 2007
Posts: 999

Original Poster
Rep: Reputation: 166Reputation: 166
jpollard,
ok, but the router only forwards to one LAN address but then it (a sniffer) could access other LAN pc's if they were connected?

Fred.
 
Old 08-10-2015, 05:42 AM   #8
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,711

Rep: Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279
Quote:
Originally Posted by Fred Caro View Post
jpollard,
ok, but the router only forwards to one LAN address but then it (a sniffer) could access other LAN pc's if they were connected?

Fred.
Only after logging in.

All an outside sniffer can see is the port. The only address seen is the public one.
 
Old 08-11-2015, 05:45 PM   #9
Fred Caro
Member
 
Registered: May 2007
Posts: 999

Original Poster
Rep: Reputation: 166Reputation: 166
Quote:
Only after logging in.

All an outside sniffer can see is the port. The only address seen is the public one.
Good, this is what I wanted to hear!

For general information, the 2 things that confused me the most were:

1) you literally substitute the domain name with the external ip address, no @ or :

2) file permisions on the .ssh files.

The -v option was also helpful and it appeared to be preforming some sort of debugging exercise but that may have been just hidden information.

Thanks for the help.

Fred.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Login - Bypass public Key check (temp disable passwordless login) Lunar Linux - Networking 1 02-23-2014 05:25 AM
Remote ssh login (passwords useless), and local login (using password) linuxStudent11 Linux - Security 1 01-09-2013 02:30 PM
[SOLVED] SSH login problem for additional users after password-less login setup uncle-c Linux - Newbie 3 02-10-2010 01:51 PM
SSH and DDNS michael.guerrero Linux - Server 2 10-24-2009 11:44 AM
DDNS record and a static PTR record mou5e Linux - Networking 2 01-22-2008 02:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration