Reputation: 21
How to ssh at computer inside home network
I am running a home network with a ddwrt installed router. I can ssh into the router from homenetwork, i can ssh in the pc from inside the homenetwork, i can ssh into the router from outside the home network ( static public ip). Now i want to ssh in my pc from outside the home network, as far as i have understood, to do that i need to create a ssh tunnel. I am using the following command :
ssh -L bbbb:hoomepcip:22 root:externalip
after doing this i open another terminal and i
ssh homepcusername@externalip -p bbbb
but it does not work, what am i doing wrong
Isn't the first command supposed to do a port forward in the router so everything i send to it's external ip on bbbb port goes to 22 of my home pc?
for now i have made a permanent port forward on the router gui, but i would like to not use that and open the port when i need to ssh.
both the router and the pc have SSH server installed, the router has dropbear the pc openssh
Upvotes: 1
Views: 1417
Answers (2)
Reputation: 21
I found the solution for me. So as i said i needed a way to ssh into my pc from outside my network through my router. first open a terminal window and type
ssh -L bbbb:homepcIP:cc myrouterusername@mywanip -p aa
this will connect you to the router and forward port bbbb(chose a number from 1024-60000) to cc in your pc(usually 22) type the password and leave it open
then open a new terminal window and type
ssh pcUSERNAME@localhost -p bbbb
bbbb in this case can be any port number you choose(best if above 1024, and max limit is 60000ish)
cc and bb are the port of the ssh servers (cc of my pc and bb of my router, they usually are 22 but it can change depending on conifguartion)
the key here is the "localhost" i always typed my pc ip in there but you have to type localhost and it connects to the pc correctly.
Also you have to have enabled SSH TCP Forwarding in the first server
Upvotes: 1
Reputation: 1326992
Instead of SSH tunneling, you might consider tailscale.
See for instance "How to secure an Ubuntu server using Tailscale and UFW", which will restrict ssh access to be only over Tailscale, and use UFW (Uncomplicated Firewall) to restrict non-Tailscale traffic to your server.
That will give you a Tailscale IP address (starting with 100.x.y.z) which can be used to SSH, while your public internet IP would not allow SSH.
You can then add MFA (multi-factor auth) if you want.
Other example: "How to Setup SSH using Tailscale or Ngrok" from Ibrahim Jarif.
Upvotes: 0
Related Questions
- Connect two local linux computers via ssh
- Dropbear ssh and askpass
- How do i connect to a private host using a public host?
- How to SSH to a linux machine out in the wild
- SSH to a computer on the same network
- basic how-to-use of SSH
- run dropbear ssh server from android as system user
- SSH across all machines in network, how?
- Remote ssh connection from within Emacs
- Ssh from one local network to another through inermediary with public IP