Hi my problem is i want to set up a ssh connection to my computer at home, but i am not able to do a dyn-dns routing because of my isp. I also got a vServer running.
My question now is: Is it possible to connect to the vServer from both my PC at home and my Laptop and somehow redirect the ssh, so i can ssh from my Laptop to my PC at home?
It is important, that they both first connect to the vServer as Clients.
Yes: use remote port forwarding.
From the home box, establish an SSH connection to server with something like:
ssh -R 2222:localhost:22 user#server
This means: "have server listen on port 2222, and forward connections thereon to "localhost:22" as viewed by the home box.
From your laptop, ssh to port 2222 on the vServer:
ssh -p 2222 server
This will be forwarded to port 22 on your home box.
This assumes that you can connect to 2222 from your laptop (and/or can't connect to anything other than 22 from home). There are ways around those assumptions.
Related
I am running a home network with a ddwrt installed router.
I can ssh into the router from homenetwork, i can ssh in the pc from inside the homenetwork, i can ssh into the router from outside the home network ( static public ip).
Now i want to ssh in my pc from outside the home network, as far as i have understood, to do that i need to create a ssh tunnel. I am using the following command :
ssh -L bbbb:hoomepcip:22 root:externalip
after doing this i open another terminal and i
ssh homepcusername#externalip -p bbbb
but it does not work, what am i doing wrong
Isn't the first command supposed to do a port forward in the router so everything i send to it's external ip on bbbb port goes to 22 of my home pc?
for now i have made a permanent port forward on the router gui, but i would like to not use that and open the port when i need to ssh.
both the router and the pc have SSH server installed, the router has dropbear the pc openssh
I found the solution for me.
So as i said i needed a way to ssh into my pc from outside my network through my router.
first open a terminal window and type
ssh -L bbbb:homepcIP:cc myrouterusername#mywanip -p aa
this will connect you to the router and forward port bbbb(chose a number from 1024-60000) to cc in your pc(usually 22)
type the password and leave it open
then open a new terminal window and type
ssh pcUSERNAME#localhost -p bbbb
bbbb in this case can be any port number you choose(best if above 1024, and max limit is 60000ish)
cc and bb are the port of the ssh servers (cc of my pc and bb of my router, they usually are 22 but it can change depending on conifguartion)
the key here is the "localhost" i always typed my pc ip in there but you have to type localhost and it connects to the pc correctly.
Also you have to have enabled SSH TCP Forwarding in the first server
Instead of SSH tunneling, you might consider tailscale.
See for instance "How to secure an Ubuntu server using Tailscale and UFW", which will restrict ssh access to be only over Tailscale, and use UFW (Uncomplicated Firewall) to restrict non-Tailscale traffic to your server.
That will give you a Tailscale IP address (starting with 100.x.y.z) which can be used to SSH, while your public internet IP would not allow SSH.
You can then add MFA (multi-factor auth) if you want.
Other example: "How to Setup SSH using Tailscale or Ngrok" from Ibrahim Jarif.
I set up a Proxy command to get to a test box I'm working on that is acting like a host and is not connected to the internet. The set up is accessible from my home from one of my new Raspberry Pi 3 with a built-in wifi that I dedicate to connecting to the test box and it's private network.
If I need to connect to that machine from another computer (other than the raspberry pi 3) I can do so using host hopping with a ProxyCommand in my ssh config on the given machine. e.g.:
host testbox
Hostname 10.10.1.1
Port 2222
User myuser
TCPKeepAlive yes
ForwardX11 yes
ForwardX11Trusted yes
ProxyCommand ssh rpithree nc %h %p
Here's the question. Since the testbox is not connected to the internet, I set up a squid server on the raspberry pi that I can use through a port tunnel when connecting directly from the Pi 3 to the testbox or vice versa. I know I can run ssh -N with the port forwarding and background it with nohup, but since I'm hopping through that pi 3 anyway, I was wondering if there was some way to modify the proxy command so that it picks up port 3128 on the way through and forwards it as needed?
I have remote host/server with ssh access.
I have my computer in my work network which can connect via ssh only
in within this network.
And i can not connect via ssh to other world because of port 22
blocked by firewall.
I am trying to create ssh tunnel to forward example localhost:80 to remote_server:22.(i suppose to connect via ssh to localhost and will be forwarded to my remote server)
I tried for example without proxy
sudo ssh -L localhost:443:remote_server_ip:22 root#remote_host_name
and with proxy
https://wiki.archlinux.org/index.php/Tunneling_SSH_through_HTTP_proxies_using_HTTP_Connect
I have read a lot and checked stackoverflow but it still is not clear for me how to resolve this issue.
I have a RaspberryPi in my private local network (example: 192.168.1.2) and I have a dedicated server (example: 99.99.99.99) from some provider.
From my RaspberryPi I can connect to the server via ssh without trouble, the opposite situation is not possible. The RaspberryPi is not reachable from the internet.
Now I want to reach the webserver on my RaspberryPi from the internet with some ssh brigde/tunnel.
So if I enter the IP 99.99.99.99 in my browser, I want to see the website from the RaspberryPi. How it is possible?
The -R option to ssh will permit a remote tunnel to be opened towards the ssh client. So, if from the pi you run
ssh -R0.0.0.0:8080:address_of_pi:80 99.99.99.99
Then you will open an ssh and while that ssh is active anyone can go to 99.99.99:8080 and get to your pi.
You need to use 8080 as the port on the webserver address because the ssh process cannot bind to port 80 without being root.
There is one computer (A) in one local network and the other (B) in the other one. None of them have public ip addresses. Both LAN gateways are out of my control. But I have a VPS server with public IP address and both A and B are able to connect to this VPS. How can I establish an ssh tunnel from A to B using intermediary VPS?
Connect from B to vps forwarding remote port to local side (seem -R ssh option):
B# ssh -R 2222:localhost:22 vpsuser#vpshost
this will connect you to VPS host making port 2222 on server connected to B host port 22 (ssh)
Only thing left to do is to connect from A to VPS server and from it to B via 2222:
A# ssh vpsuser#vpshost
VPS# ssh -p2222 buser#localhost
B#