Configuration to allow remote SSH access

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
7 posts Page 1 of 1
by paulandmildred » Thu Jul 08, 2021 3:12 pm
I'm a Fusion IP Broadband customer and would like to access my home workstation via SSH while traveling. As I do not have a static IP, I'm unclear how to connect via SSH while remote. My workstation is configured to allow incoming SSH (port 22) and I know the IP address (even if not static), but cannot connect when not on the network.

How might I go about setting this up?
Thanks.
by belmontave » Fri Jul 16, 2021 10:10 pm
There are a number of "Dynamic DNS" services out there, which will host an DNS entry for you. You would then run a script regularly on a PC or RPI or even your router to update the DNS entry to match your current IP. You would then SSH to that DNS entry. For example, Google Domains supports it
by igorru » Sat Jul 17, 2021 3:30 pm
It also sounds like you need to set up port forwarding on your router to allow incoming connections from the internet on port 22 to route to your workstation's port 22 on your LAN address.
by hbbrenum » Mon Jul 19, 2021 7:52 am
Yeah, you'll need to enable port-forwarding on your router, and it probably wouldn't hurt to give your workstation a static IP address while you're at it.

Also, from a security standpoint, I'd recommend a) not leaving an open 22/tcp exposed to the internet, and b) not allowing password authentication for ssh to your workstation. For the first one, in the past, I've used a memorable-to-me non-registered port number to expose to the internet and put the custom port number in my

Code: Select all

~/.ssh/config
with an alias for my remote workstation. For the second, I only allow public-key authentication for machines that could in any way be exposed to the general public.
by nhbriggs » Thu Jul 22, 2021 11:15 am
Consider Wireguard, with port forwarding on your router to a port on your home workstation. Then you can bring up a Wireguard VPN from your remote machine to your home workstation and ssh in over that VPN. It's an additional layer of security over having sshd on the workstation exposed to the Internet. Wireguard is available for most systems these days. It's fast, efficient, uses UDP rather than TCP for the underlying transport, and can support mobility of both ends of the VPN.
by ds_sonic_asif » Fri Jul 23, 2021 1:58 pm
In regards to the dynamic IP address aspect of your problem, you don't necessarily need a dynamic DNS service.
Here is an alternative.
by klui » Thu Aug 19, 2021 3:04 pm
While Sonic's mini hosting service is free, getting a domain is not. Services like freedns.afraid.org are free. They even provide the necessary scripts, in multiple varieties, to update. The only downside is the name is a subdomain.
7 posts Page 1 of 1

Who is online

In total there are 9 users online :: 0 registered, 0 hidden and 9 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 9 guests