Related
I need to be able to SSH into a device on my network. Normally I am able to simply ssh into its local IP address.
I recently ran an nmap scan on it, and now when I try to ssh into its local IP address, I recieve the following:
kex_exchange_identification: read: Connection reset by peer
Connection reset by <IP> port 22
This network is setup in a somewhat unique way. It has one router that manages the Wi-Fi network (what my machine is connected to) which is connected to another box that also acts as the modem. IP addresses that are connected to the Wi-Fi box start with 192.168, whereas those connected to the modem box start with 10.0. The device I am trying to access is connected to the modem box.
Historically, just typing in its 10.0. local address has allowed me to ssh into it with no issue, even though my device is on the 192.168 network, and arp -a does not show it.
Checking the ssh logs of the device via journalctl -fu ssh, I can see that every failed ssh attempt is accompanied by the following message:
Connection reset by 10.0.0.96 port 49949 [preauth]
I do not recognize the IP above, and the port changes every time.
Is this some sort of anti-spam protection that was triggered by my use of nmap? I know it's not just my computer because I am unable to ssh into the device from anything else on my network.
Note that connecting to a VPN then using SSH to connect to the external IP address (which is port-forwarded properly) works, as does connecting via ssh to the machine from the machine itself (127.0.0.1)l
How can I fix this issue?
I have searched and I know people have asked this before, but I have been through all settings and double, triple checked everything but I can't get it to work for the life of me. I have not this before with other machines, but I don't know why this isn't working.
*note: numbers have been changed for security reasons
Here is what I have:
Client
Raspberry Pi 3 with IP: 192.168.0.133
manual port in raspberry pi 3 sshd_config file: 1502
Router:
NAT Virtual Server:
External port: 1502
Internal port: 22
IP address: 192.168.0.133
DNS(duckdns.org)
- checked to make sure public IP address points to the domain: testing2#duckdns.org
ssh command that works on client:
ssh -p 1502 client#192.168.0.133
ssh command that doesn't work
ssh -p 1502 client#testing2.duckdns.org
So I'm not sure where it's going on. here is output from ssh -v -p 1502 client#testing2.duckdns.org
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /Users/testing/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to testing2.duckdns.org [188.45.22.61] port 1502.
debug1: connect to address 188.45.22.61 port 1502: Connection refused
ssh: connect to host testing2.duckdns.org port 1502: Connection refused
Any ideas? I really would appreciate any insights.
EDIT: To add some more clarifying information:
When I run the second command listed above, that is failing:
ssh -p 1502 client#testing2.duckdns.org
This goes out to the DNS I have setup (testing2.duckdns.org) and that DNS points to my network's public facing IP address. At that point, it hits the NAT routing rule I have setup on my router that forwards any requests from port 1502 to the internal port of 22 to the IP address of 192.168.0.133.
This is why I don't understand where it is failing, all the rules are there and the route should be open. Is there a setting on the raspberry pi (within the config file) that I'm missing?
So I figured out what was going on, and although I am still not able to connect remotely, I have solved what the original question posed.
The problem was I had changed the port on the raspberry pi (the internal port) to 1502. This meant that the route was forwarding correctly (from external of 1502 to internal of 22) but then the internal port was set to 1502, so it failed to connect.
This also explains why it would connect locally with the above command because the local port was 1502.
I still can't connect remotely because the raspberry pi is running a VPN and this is causing the SSH request to timeout, but that is a separate question.
Thanks for the help everyone!
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I'm working on a balloon project with a Raspberry Pi. When we potentially recover the Raspberry Pi, it will most likely be in a rural location and I'd like to turn off the Pi at that point safely.
Without a router or network nearby, I was wondering if there is a way to hook up a Raspberry Pi with an Ethernet cable directly to a laptop?
It's a solution for Ubuntu (the idea also works for Windows or Mac) I just tried today and it works like a charm.
Material
a cross-over Ethernet cable (the name is fancy but it's just a normal Ethernet cable)
a laptop (ubuntu)
a Raspberry Pi (I have the Pi2)
Prerequisites on your ubuntu
Install network-manager
$sudo apt-get install network-manager
Install nmap
$sudo apt-get install nmap
Edit Wired connection on your laptop (Ubuntu)
Change IpV4 settings to "Share to other computers"
Save the setting
Reboot your laptop
Share WiFi connection of your laptop via Ethernet crossover cable
Hook up your RPi with your laptop using the Ethernet cable
Look up the broadcast address of the Ethernet connection (Laptop),
$/sbin/ifconfig eth1 | grep "Bcast" | awk -F: '{print $3}' | awk '{print $1}' 10.42.0.255
Use this address to find out the IP address of your RPi, it's 10.42.0.96 in my case because 10.42.0.1 is my laptop
$nmap -n -sP 10.42.0.255/24
Starting Nmap 6.40 ( http://nmap.org ) at 2016-02-20 23:07 CET
Nmap scan report for 10.42.0.1
Host is up (0.00031s latency).
Nmap scan report for 10.42.0.96
Host is up (0.0023s latency).
Nmap done: 256 IP addresses (2 hosts up) scanned in 2.71 seconds
Login to your RPi from your laptop (-Y with X-forwarding)
$ssh -Y pi#10.42.0.96
Lo and behold! Now your RPi is connected to your laptop and RPi can share the WiFi connection.
pi#raspberrypi ~ $
Share display & keyboard of your laptop with RPi
Install vncserver on Raspberry Pi
$ sudo apt-get update
$ sudo apt-get install tightvncserver
Install vncviewer on your laptop by downloading RealVNC (it supports multiple platforms)
http://www.realvnc.com/download/vnc/
To be able to copy & paste from VNC server <--> VNC viewer, you need to install autocutsel on your RPi.
$sudo apt-get install autocutsel
If this site doesn't work, try to download the .deb directly from a mirror site, e.g.
mirror.hmc.edu/debian/pool/main/a/autocutsel/autocutsel_0.10.0-1_armhf.deb
and install it
$sudo dpkg -i autocutsel_0.10.0-1_armhf.deb
Start vncserver on your RPi (You have to restart vncserver after installing autocutsel, you can issue $vncserver -kill :1)
$vncserver :1
Add autocutsel -fork to /home/pi/.vnc/xstartup
#!/bin/sh
xrdb $HOME/.Xresources xsetroot -solid grey
autocutsel -fork
#x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#x-window-manager &
# Fix to make GNOME work
export XKL_XMODMAP_DISABLE=1
/etc/X11/Xsession
Start vncviewer on your laptop
$vncviewer
A vncviewer window will pop up and type in the IP address of your RPi (given by your laptop) followed by port 1, which is your VNC server. for example: 10.42.0.96:1 in my case.
Connect it to the vncserver hosted on your RPi by typing in a password (set up a password yourself)
12.Now you can see the desktop of RPi on your laptop, and I opened my browser to show the shared WiFi connection is working as well.
See Raspberry Pi desktop on your ubuntu
No router + no screen + regular Ethernet cable + RPI 2 + Raspbian Lite 2018-11-13 + Ubuntu 18.10
First we must enable the SSH server on the Pi, which is disabled by default for security.
If you already have a shell on the Pi through a non-SSH method such as screen + keyboard or UART (see below), just run:
sudo systemctl enable ssh
sudo service sshd start
as explained at: https://raspberrypi.stackexchange.com/questions/58478/ssh-not-working-with-fresh-install This persists across boots.
Otherwise, insert he SD card on your host, and create a magic empty file named ssh file in the boot/ partition.
On Ubuntu hosts, it gets mounted automatically and you can do just:
sudo touch /media/$USER/boot/ssh
which you can confirm with:
lsblk
which contains:
mmcblk0 179:0 0 14.4G 0 disk
├─mmcblk0p1 179:1 0 43.9M 0 part /media/ciro/boot
└─mmcblk0p2 179:2 0 14.4G 0 part /media/ciro/rootfs
If you don't enable the SSHD daemon on the Pi then SSH connection will fail with:
ssh: connect to host 10.42.0.160 port 22: Connection refused
when we try it later on.
After enabling the SSH server
Next, boot the Pi, and link an Ethernet cable from your laptop directly to the Pi:
On Ubuntu 17.04 to work around this bug as mentioned on this answer you first need:
sudo apt-get install dnsmasq-base
On the host, open the network manager:
nm-connection-editor
And go:
+ sign (Add a new connection)
Ethernet
Create
IPv4 Settings
Method: Shared to other computers
Set a good name for it
Save
Find the IP of the Pi on host:
cat /var/lib/misc/dnsmasq.leases
outputs something like:
1532204957 b8:27:eb:0c:1f:69 10.42.0.160 raspberrypi 01:b8:27:eb:0c:1f:69
10.42.0.160 is the IP, then as usual:
ssh pi#10.42.0.160
I also have the following in my .bashrc:
piip() ( cat /var/lib/misc/dnsmasq.leases | cut -d ' ' -f 3; )
pissh() ( sshpass -p raspberry ssh "pi#$(piip)"; )
From inside the Pi, notice that it can access the internet normally through your host's other interfaces:
ping google.com
For example on my laptop, the Pi takes up the Ethernet, but the host is also connected to the internet through WiFi.
The crossover cable is not required if the host network card supports Auto MDI-X. This is the case for most recent hardware, including for example the 2012 Lenovo T430 I tested with, which has an "Intel® 82579LM Gigabit Network Connection" which documents support for Auto MDI-X.
Now you can also:
access the Internet from the PI through your Ubuntu's Wifi connection
open a VNC to get rid of the display as well: https://raspberrypi.stackexchange.com/questions/14611/how-to-set-up-raspberry-pi-without-a-monitor/54393#54393
UART serial USB converter
This is an alternative to SSH if you just want to get a shell on the Pi: https://en.wikipedia.org/wiki/Serial_port
This does not use SSH or networking itself, but rather the older, simpler, more direct, more reliable, lower bandwidth, lower distance serial interface. The Pi won't have access to the Internet with this method.
Desktop computers still have a serial port which you can connect directly wire to wire with the Pi, but these are hidden in most laptops, and so we need to buy a cheap USB adapter. Here I've used a "DSD TECH USB to TTL Serial Converter" https://www.amazon.co.uk/gp/product/B072K3Z3TL See also: https://unix.stackexchange.com/questions/307390/what-is-the-difference-between-ttys0-ttyusb0-and-ttyama0-in-linux/367882#367882
First plug the SD card on the host, and edit the config.txt file present in the first partition to add:
enable_uart=1
as explained at: https://www.raspberrypi.org/forums/viewtopic.php?f=28&t=141195
This first partition contains the bootloader, its configuration files and the (Linux / your) kernel, config.txt being one of them. The second partition contains the actual Linux root filesystem.
Now connect your computer to the Pi as:
You only need to attach 3 cables:
Ground to Ground
Tx on Pi to Rx on the USB to serial port
Rx on Pi to Tx on tye USB to serial port
This is also documented at: https://www.raspberrypi.org/documentation/usage/gpio/README.md
Be careful not to link the Ground to the 5V, I've already burned 2 UART to USB chips and a RPI UART by doing that!
You don't need to connect the 5V to the 5V at all. I think you can power your Pi like that, but I've read that this is a bad idea, just use the usual USB power source.
Finally, plug the USB side of the connector to your host computer, and get a shell with:
sudo apt install screen
sudo usermod -a -G dialout $USER
screen /dev/ttyUSB0 115200
Exit with Ctrl-A \.
Here is a video by Adafruit showing it: https://www.youtube.com/watch?v=zUBPeoLW16Q
See also
Similar question on RPI SE: https://raspberrypi.stackexchange.com/questions/3867/ssh-to-rpi-without-a-network-connection
You don't need a cross-over cable. You can use a normal network cable since the Raspberry Pi LAN chip is smart enough to reconfigure itself for direct network connections.
Cheers
I've just implemented and test this successfully. Same situation with my project, want to connect to a Raspberry Pi with no router or wifi. Just a simple ethernet cable.
Using ssh putty program put the address as
raspberrypi.local
Log and in and you can access the terminal.
Alternatively if VNC server is setup, use VNC server and put
raspberrypi.local:1
In the server address. input your VNC server password and you've now got GUI access to do what you want.
In may case it was run scripts in a remote location. In the posters situation, safely shutdown the Pi. Simples Pimples.
Configure static ip for your laptop and raspberry pi.
On the rapberryPI configure it as following.
pi#rpi>sudo nano /etc/network/interfaces
Then configure following as required to connect to your laptop.
iface eth0 inet static
address 192.168.1.81
netmask 255.255.255.0
broadcast 192.168.1.255
configure static ip on the raspberry pi:
sudo nano /etc/network/interfaces
and then add:
iface eth0 inet static
address 169.254.0.2
netmask 255.255.255.0
broadcast 169.254.0.255
then you can acces your raspberry via ssh
ssh pi#169.254.0.2
Here are the instructions for Windows users on connecting to a RPi by using just an Ethernet cable and a DHCP server. There is no need for a cross over cable, as the RPi can handle it. I have a blog post that documents this with pictures here which may be easier to follow.
Downloads
Download the DHCP Server for Windows (download link is here). Unzip the zip file and open the dhcpwiz application, which will configure the DHCP server.
DHCP Server Configuration
Hit next on the first screen.
On the second screen, look for a "Local Area Connection" row and verify its IP address is 0.0.0.0 and its status is enabled. Connect the Ethernet cable from the RPi to your laptop, and turn on the Pi. Hit refresh on this screen until the IP address changes to 169.254.*.*. If it is anything else then you should alter your network settings for the Local Area Connection (make sure it is not a static IP/DNS). Click on this Local Area Connection row and hit next.
Check HTTP (Web Server). This makes it much more easy to locate the RPi's IP address. Hit Next.
Take the defaults and hit Next until you get to the Writing the INI file screen. Check Overwrite existing file and hit the Write INI file button. Then hit Next.
On the final screen, check Run DHCP server immediately and hit `Finish.
DHCP Server and Obtaining the IP Address of your Raspberry PI
This launches the actual DHCP server, using the configuration you just created in the previous wizard. Click the Continue as tray app button, and the DHCP server will be minimized to your system tray.
Anywhere from 1 second to 5 minutes from now you will see an alert on the system tray with your laptop and your RPi's new IP address. This alert is really quick and you will probably miss it. Normally your RPi's IP is 169.254.0.2, but it could be *.01 or even something else. It is easier to access the DHCP server's web UI at http://localhost/dhcpstatus.xml. This will list the hostname as "raspberrypi" with its IP address.
Now you can putty or remote desktop into your RPi, and configure its wireless settings or whatever you want to do.
Trouble shooting
This can be somewhat finicky. I've had my connection appear to drop and have been unable to SSH back in using the IP address. Normally, I can restart the Pi and get the IP address again. Sometimes I have to restart both the RPi and the DHCP server. Sometimes I have to do this multiple times. At one point when I wasn't getting a connection for 15 minutes, I copied all of the files in the dhcpsrv2.5.1 folder to a new folder and tried again; it immediately worked.
You could use a cross-over ethernet cable - http://en.wikipedia.org/wiki/Ethernet_crossover_cable
Assuming your RPi is a DCHP Client, then best to run a simple DHCP server on your notebook to assign the RPi an IP address.
Yes, you can connect the raspberry direct to your PC without router.
For this is necessary that the raspberry and your computer are on the same subnet, and they both have a static ip configured (And an Ethernet cable connected between the two devices).
An ideal configuration would be the following:
Raspberry on eth0: IP: 192.168.1.10 SubNet: 255.255.255.0
Your PC: IP: 192.168.1.11 SubNet 255.255.255.0
To set a manual IP on raspberry you can follow this guide
In your PC you can set a manual IP in the network adapter settings,and the procedure depends on your operating system.
When you have configured the two static IP, you can connect to the raspberry via SSH using the IP set (192.168.1.10).
Another simpler method is to attach on GPIO a button to turn off the raspberry! Take a look here!
What worked for me was a combination of the answers from Nicole Finnie and Ciro Santilli along with some answers from elsewhere.
Setting up the pi
We will need to do two things: activate ssh on the pi, and configure the pi to use a static ip.
Activating ssh
Add a file called ssh in the boot partition of the sd card (not the /boot folder in the root partition). This is well documented other places.
Static ip
Open /etc/dhcpcd.conf on the pi's SD-card, and uncomment the example for a static ip (starts around line 40). Set the addresses to
# Example static IP configuration:
interface eth0
static ip_address=10.42.0.182/24
static routers=10.42.0.1
static domain_name_servers=10.42.0.1 8.8.8.8 fd51:42f8:caae:d92e::1
Setting up your laptop
First, make sure you have networkmanager (with GUI) installed on your laptop. Then, make sure dnsmasq is not running as a service:
systemctl status dnsmasq
If this command prints that the service is stopped, then you're good.
Next we have to config networkmanager. Open /etc/NetworkManager/NetworkManager.conf and add the following two lines at the top:
[main]
DNS=dnsmasq
Then reboot. This step might not be necessary. It might be sufficient to restart the NetworkManager service. Now go to the NetworkManager GUI (usually accessed by an icon in the corner of the screen) and choose Edit Connections... In the window that pops up, click the + icon to create a new connection. Choose Ethernet as the type and press Create.... Go to the IPv4 Settings tab and select the method Shared to other computers. Give the connection a good name and save.
Connect the Raspberry Pi and make sure your laptop is using your new connection as its ethernet connection. If it is, your pi should now have an ip given to it by your pc. You can find this by first running ifconfig. This should give you several blocks of text, one for each network interface. You're interested in the one that is something like enp0s25 or eth0. It should have a line that reads something similar to
inet 10.42.0.1 netmask 255.255.255.0 broadcast 10.42.0.255
look at the broadcast address (in this case 10.42.0.255). If it is different than mine, power off the pi and put the SD card back in your laptop to change the static ip_address to something where the first three numbers are the same as in your broadcast address. Also change the static routers and the first of the domain_name_servers to your laptop's inet address. Power the pi back on and connect it. Run ifconfig again to see that the addresses have not changed.
ssh into the pi
ssh pi#10.42.0.182
If you get connection refused, the pi isn't running an ssh server. If you get host unreachable, I'm sorry.
Hope this helps someone!
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I have a Ubuntu VM running on my Windows 7 machine. How do I set it up so that I can access the webserver externally through SSH?
I found steps (Setup SSH access between VirtualBox Host and Guest VMs) to be able to ssh to my guest from my host, but that still leaves me with the problem of accessing it through my router.
I suppose that I could install an SSH server on my Windows machine and then tunnel a few times (though I'm not 100% sure what to use in terms of local, dynamic, etc. or how to set up multiple tunnels?), but is there a way to make the VM directly accessible to my router so I could directly port forward to it?
The best way to login to a guest Linux VirtualBox VM is port forwarding. By default, you should have one interface already which is using NAT. Then go to the Network settings and click the Port Forwarding button. Add a new Rule. As the rule name, insert "ssh". As "Host port", insert 3022. As "Guest port", insert 22. Everything else of the rule can be left blank.
or from the command line
VBoxManage modifyvm myserver --natpf1 "ssh,tcp,,3022,,22"
where 'myserver' is the name of the created VM. Check the added rules:
VBoxManage showvminfo myserver | grep 'Rule'
That's all! Please be sure you don't forget to install an SSH server in the VM:
sudo apt-get install openssh-server
To SSH into the guest VM, write:
ssh -p 3022 user#127.0.0.1
Where user is your username within the VM.
Change the adapter type in VirtualBox to bridged, and set the guest to use DHCP or set a static IP address outside of the bounds of DHCP. This will cause the Virtual Machine to act like a normal guest on your home network. You can then port forward.
Keeping the NAT adapter and adding a second host-only adapter works amazing, and is crucial for laptops (where the external network always changes).
http://muffinresearch.co.uk/archives/2010/02/08/howto-ssh-into-virtualbox-3-linux-guests/
Remember to create a host-only network in virtualbox itself (GUI -> settings -> network), otherwise you can't create the host-only interface on the guest.
You can also use a Bridged Network (or "Bridge Adapter", in newer versions) in network settings. This will put your VM in a VLAN with your machine. So you can just ssh into the VM like this.
ssh user#IP_OF_VM
How to do host-only network (better than bridged) for Solaris 10 and Ubuntu 16.04
Add Host-only interface
Virtualbox > File > Preferences > Network > Host-only Networks > Add
Shutdown vm.
VM's Settings > Network. First adapter should be Nat, second Host-only.
Start cmd.exe and run ipconfig /all. You should see lines:
Ethernet adapter VirtualBox Host-Only Network:
...
IPv4 Address. . . . . . . . . . . : 192.168.59.1
Second adapter in guest should also be in 192.168.59.*.
Start VM.
Solaris 10
Check settings ifconfig -a. You should see e1000g0 and e1000g1. We are interested in e1000g1.
ifconfig e1000g down
ifconfig e1000g 192.168.56.10 netmask 255.255.255.0 up
Check from host if this interface is reachable: ping 192.168.56.10
Preserve those settings upon reboot
# vi /etc/hostname.e1000g1
192.168.56.10 netmask 255.255.255.0
# reboot
Configure ssh service (administering) to login as root (not adviced)
Check if ssh is enabled
# svcs -a | grep ssh
online 15:29:57 svc:/network/ssh:default
Modify /etc/ssh/sshd_config so there is
PermitRootLogin yes
Restart ssh service
svcadm restart ssh
From host check it
ssh root#192.168.56.10
Ubuntu 16.04
List interfaces:
ip addr
You should see three interfaces like lo, enp0s3, enp0s8. We will use the third.
Edit /etc/network/interfaces
auto enp0s8
iface enp0s8 inet static
address 192.168.56.10
netmask 255.255.255.0
Then sudo ifup enp0s8. Check if enp0s8 got correct address. You should see your ip:
$ ip addr show enp0s8
...
inet 192.168.56.10/24 brd 192.168.56.255 scope global secondary enp0s8
If not, you may run sudo ifdown enp0s8 && sudo ifup enp0s8
https://superuser.com/questions/424083/virtualbox-host-ssh-to-guest/424115#424115
In order to ssh to a Ubuntu VM running in VirtualBox from your host machine, you need to set up two network adapters for the VM.
First of all, stop the VM if not yet.
Then select the VM and click the Settings menu in the VirtualBox toolbar:
Set up Adapter 1
Set up Adapter 2
(Note: you don't need to set up any port forwarding.)
That's it. Once set up, you can start your VM. In your VM, the network configuration will look like below and you'll have Internet access too:
Also in your host machine, you can ssh to your VM:
Be sure that the SSH server has been installed and up running in the VM.
$ ps aux | grep sshd
root 864 0.1 0.5 65512 5392 ? Ss 22:10 0:00 /usr/sbin/sshd -D
If not, install it:
$ sudo apt-get install openssh-server
Also for your information:
My VirtualBox version: 5.2.6 r120293 (Qt5.6.2), 2018
My Ubuntu version: Ubuntu 16.04.3 LTS
My host machine: Windows 10
SSH Back to Your Home / Office VirtualBox Guest Machine From The INTERNET
The answers provided by other users here : How to SSH to a VirtualBox guest externally through a host?
... helped me to accomplish the task of connecting from out on the internet to my home computer's guest machine. You should be able to connect using computers, tablets, and smart phones (android, IPhone,etc). I add a few more step in case it might be helpful to someone else:
Here is a quick diagram of my setup:
Remote device ---> INTERNET --> MODEM --> ROUTER --> HOST MACHINE --> GUEST VM
Remote device (ssh client) ---> PASS THRU DEVICES ---> GUEST VM (ssh server)
Remote device (leave ssh port 3022) ---> INTERNET --> MODEM --> ROUTER (FWD frm:p3022 to:p3022)--> HOST MACHINE (FWD frm:p3022 to:p22) --> GUEST VM (arrive ssh port 22)
The key for me was to realize that ALL connections was PASSING-THROUGH intermediary devices to get from my remote PC to my guest virtual-machine at home --Hence port forwarding!
Notes:
* Need ssh client to request a secure connection and a running ssh server to process the secure connection.
I will forward the port 3022 as used in the chosen answer from above.
Enter your IPs where needed (home modem/router, host IP, guest IP,etc.), Names chosen are just examples-use or change.
1.Create ssh tunnel to port 3022 on your modem's IP / router's external IP address.
ssh client/device possible commands: ssh -p 3022 user-name#home_external_IP
2.Port forward = we are passing thru the connection from router to host machine
Also make sure firewall /IPtable rules on router is allowing ports to be forward (open if needed)
Router's Pfwd SCREEN required entries: AppName:SSH_Fwd, Port_from: 3022, Protocol:both (UDP/TCP), IP_address:hostIP_address, Port_to:3022, everything else can be blank
DD-WRT router software resources / Info:
DD-WRT Port_Forwarding
DD-WRT Static_DHCP
3.Host Machine Firewall: open port 3022 #so forwarded port can pass thru to guest machine
Host Machine: Install VirtualBox, guest additions, and guest machine if not done already
Configure guest machine and then follow the Network section below
I used VirtualBox GUI to setup guest's network- easier than CLI
If you want to use other methods refer to : VirtualBox/manual/ch06.html#natforward
4.Some suggest using Network Bridge adapter for guest = access to LAN and other machines on your LAN. This also pose an increase security risk, because now your guest machine is now exposed to LAN machines and possibly the INTERNET hackers if firewall not setup properly. So I selected Network adapter attached to NAT for less exposure to bridged security risks.
On the guest machine do the following:
Guest Machine VirtualBox Network settings: Adapter 1: Attached to NAT
Guest Machine VirtualBox Port Forwarding Rule: Name:External_SSH, Protocol:TCP, Host Port: 3022, Guest Port 22, Host&guest IPs:leave blank
click on advance in Network section then click on Port forwarding to enter rules
Guest Machine Firewall: open port 22 #so ssh connection can enter
Guest Machine: Make sure that ssh server is installed, configured properly, and running
LINUX test to see if ssh server running w/command: sudo service ssh status
Can check netstat to see if connection made to port 22 on the guest machine
Also there are different ssh servers and clients depending on platform using.
wikipedia/Secure_Shell
wikipedia/Comparison_of_SSH_servers
wikipedia/Comparison_of_SSH_clients
For Ubuntu Users:
ubuntu community: SSHOpenSSH/Configuring
ubuntu/community: OpenSSH/Keys
That should be it. If I made a mistake or want to add anything -feel free to do so-- I am still a noob.
Hope this helps someone. Good luck!
For Windows host, you can :
In virtualbox manager:
select ctrl+G in your virtualbox manager,
then go to network pannel
add a private network
make sure that activate DHCP is NOT selected
In network management (windows)
Select the newly created virtualbox host only adapter and the physical network card
Right-Click and select "Make bridge"
Enjoy
You can also initiate a port forward TO your HOST, OR ANY OTHER SERVER, from your Guest. This is especially useful if your Guest is 'locked' or can't otherwise complete the ModifyVM option (e.g. no permission to VBoxManage).
Three minor requirements are 1) you are/can log into the VirtualBox Guest (via 'console' GUI, another Guest, etc), 2) you have an account on the VirtualBox HOST (or other Server), and 3) SSH and TCP forwarding is not blocked.
Presuming you can meet the 3 requirements, these are the steps:
On the Guest, run netstat -rn and find the Gateway address to the default route destination 0.0.0.0. Let's say it's "10.0.2.2". This 'Gateway' address is (one of) the VirtualBox Host virtual IP(s).
On the Guest, run ssh -R 2222:localhost:22 10.0.2.2 where "10.0.2.2" is the VirtualBox server's IP address -OR- any other server IP you wish to port forward to.
On the Host, run ssh 10.0.2.2 -p2222 where 10.0.2.2 is the default gateway/VBHost virtual IP found in step 1. If it is NOT the VirtualBox host you are port forwarding to, then the command is ssh localhost -p2222
Follow below steps to login to your ubuntu VM running in virtual box from the host machine using putty (Without port forwarding):
On Virtualbox manager select the vm, click on settings icon. Then go Networks and enable two adaptors as below:
Adaptor 1 (For internet access): Attached to -> NAT, Advanced -> Check the cable connected.
Adaptor 2: Attached to -> Host only adaptor, Advanced -> Check the cable connected and Promiscuous mode -> Allow all.
Start the ubuntu vm.
Login to the VM as root.
Edit the file '/etc/network/interfaces' as below and save it:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet dhcp
Restart the VM.
Login to the VM and run below command to check the IP allocated to eth1:
ifconfig
Use this IP to open putty session for the VM.
A good explanation about how to configure port forwarding with NAT is found in the VirtualBox documents:
http://www.virtualbox.org/manual/ch06.html#natforward
Ubuntu 18.04 LTS
Configuration with bridged to see the server ip, and connect without "port forwarding"
VirtualBox > right click in server > settings > Network > enable adapter 2 > select "bridged" > Promiscuous mode: allow all > Check the cable connected > start server
On ubuntu server, edit sudo nano /etc/netplan/*init.yaml file,
My sample file:
network:
ethernets:
enp0s3:
addresses: []
dhcp4: true
enp0s8:
addresses: [192.168.0.200/24]
dhcp4: no
dhcp6: no
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
version: 2
Commands that will help you
nano /etc/netplan/file.yaml # file to specify the rules of network
reboot now # restart ubuntu server right now
netplan apply # do after edited *.yaml, to apply changes
ifconfig -a # show interfaces with ip, netmask, broadcast, etc...
ping google.com # to see if there is internet
Configure Static IP Addresses On Ubuntu 18.04 LTS Server - with NetPlan
Simply setting the Network Setting to bridged did the trick for me.
Your IP will change when you do this. However, in my case it didn't change immediately. ifconfig returned the same ip. I rebooted the vm and boom, the ip set itself to one start with 192.* and I was immediately allowed ssh access.
On secure networks setting your network to bridge might not work. Administrators could only allow one mac address per port or even worse block the port should the switches detect multiple macs on one port.
The best solution in my opinion is to set up additional network interfaces to handle additional services you would like to run on your machines. So I have a bridge interface to allow for bridging when I take my laptop home and can SSH into it from other devices on my network as well as a host only adapter when I would like to SSH into my VM from my laptop when I am connected to the eduroam wifi network on campus.
Use NAT network adapter and Add port forward. Mention actual host ip.Do not use 127.0.0.1 or localhost.
Recently I buyed a Foscam wireless IP camera:
http://www.foscam.com/Products_List.asp?id=173
In my home, my laptop and my IP camera are behind a cable modem (my ISP gives me a dynamic IP) using a linksys router (I dont have a public IP).
Actually I use SSH in a basic way to learn / manage some basic things in my VPS server.
My question is (the right ssh flags and commands to achieve this):
I think that I need to create:
A tunnel from my local router to a remote VPS server where I have root access.
A portforward in the router.
Thanks in advance.
You need to add a port forward in your router from port X to port 22 on your home computer.
You can then ssh -p X username#your-home-ip.
Include the -L Y:foscamip:80 command line switch when you run ssh, assuming focscam runs a web server on port 80 (standard). Use something over 1024 for Y, like 8080.
Open up a web browser, and go to http://localhost:Y.
You have access! When you're done, simply log out of your ssh session.
Old question, but I will answer in the hope it helps someone like me. Given:
you have a VPS with root access at root#example.com
you have an RTSP-compatible IP camera in your LAN at address 192.168.1.100
you have a PC/router/Raspberry Pi able to create the tunnel
what I did was
ssh -N -f -R 10554:192.168.1.100:554 root#example.com
Exaplanation:
-N: don't execute any command via SSH
-f: put SSH in the background
-R: remote port forwarding
10554: a port to open on the VPS to access the IP camera (better if > 1024)
192.168.1.100:554: IP address and port you want to access remotely
root#example.com: user and address of your VPS
To access the RTSP stream of the camera, open rtsp://<username>:<password>#example.com:10554/<path-to-stream>.
Of course it works fine also for other kind of streams (e.g. HTTP).
Better yet, use autossh.
/usr/bin/autossh -N -f -M 0 -i /home/pi/.ssh/id_rsa -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -R 10554:192.168.1.100:554 root#example.com.
I ended up with this command reading a lot of articles on the web. I even created an autossh user on the VPS without a shell, so it can do nothing apart from port forwarding.