Bitcoin Forum
December 07, 2016, 10:24:12 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: SSH to Computer Behind Home Router  (Read 23113 times)
||bit
Hero Member
*****
Offline Offline

Activity: 644


View Profile
June 27, 2011, 07:15:02 AM
 #1


I have a computer (miner) behind a home router. I can SSH to the miner from another computer in the same house - connected to the same router - it's simple using default local network IP addressing. However, those localized IP addresses are not directly accessible from the internet side of the router (in a remote location away from the house not behind the router). What detailed steps must be done to use an SSH client to get past the router from an outside computer to the miner that's behind the router?

Also, I'm using Putty.exe as the SSH client for now. Perhaps, there is something better...any helpful feedback would be appreciated.
1481149452
Hero Member
*
Offline Offline

Posts: 1481149452

View Profile Personal Message (Offline)

Ignore
1481149452
Reply with quote  #2

1481149452
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481149452
Hero Member
*
Offline Offline

Posts: 1481149452

View Profile Personal Message (Offline)

Ignore
1481149452
Reply with quote  #2

1481149452
Report to moderator
bcpokey
Sr. Member
****
Offline Offline

Activity: 462


View Profile
June 27, 2011, 07:19:12 AM
 #2

Open up whatever port your SSH is bound to from the router (usually port forward to 23) to external traffic. Depending on the SSH server you may need to set it to allow remote access as well.
grndzero
Sr. Member
****
Offline Offline

Activity: 392


View Profile
June 27, 2011, 07:30:14 AM
 #3

Open up whatever port your SSH is bound to from the router (usually port forward to 23) to external traffic. Depending on the SSH server you may need to set it to allow remote access as well.

ssh is port 22

Ubuntu Desktop x64 -  HD5850 Reference - 400Mh/s w/ cgminer  @ 975C/325M/1.175V - 11.6/2.1 SDK
Donate if you find this helpful: 1NimouHg2acbXNfMt5waJ7ohKs2TtYHePy
stellan0r
Hero Member
*****
Offline Offline

Activity: 490


Medical Translations for Bitcoins


View Profile
June 27, 2011, 11:03:30 AM
 #4

and you need dyndns or a similar service in case your ip is not static (it will be dynamic in most cases)

dyndns.org

Allgemeine Gesundheitsberatung gegen Bitcoin-Zahlung. Bei Fragen einfach eine PM schicken!
If you want to send a thank you: BTC "1PZJvKvarRviQRQWejpvXW2j4e1xbT8MZb" / Doge "DHtN2YEFg1obv2VFps8RwQSL6xL1RRYyXN"
drgr33n
Sr. Member
****
Offline Offline

Activity: 266



View Profile
June 27, 2011, 11:06:20 AM
 #5

Or just use

http://www.teamviewer.com/en/index.aspx
||bit
Hero Member
*****
Offline Offline

Activity: 644


View Profile
June 27, 2011, 01:25:02 PM
 #6


Thanks for the different angle. Smiley

However, that's pretty pricey for what I need it... which is just to monitor activity and maybe launch miners or adjust fan speeds.
||bit
Hero Member
*****
Offline Offline

Activity: 644


View Profile
June 27, 2011, 01:33:17 PM
 #7

Open up whatever port your SSH is bound to from the router (usually port forward to 23) to external traffic. Depending on the SSH server you may need to set it to allow remote access as well.

Thanks. I am not sure how to modify the SSH server on the machine  I intend to access, but I think it is probably setup correctly. However, I've used the first bit of instructions from this thread to install SSH on the machine I want to access:

http://forum.bitcoin.org/index.php?topic=7514.0

Inaba, that thread author, wrote instructions as follows:

Code:
Optional First Step (Skip this if you don't care about SSH):
Optional 1: Press the upper left 'start' button on the desktop and in the search field enter 'terminal'.  Click it and open a terminal window.

In the terminal window, type:

sudo apt-get install openssh-server

This will install the SSH server.  Once the server is installed, you can connect to your machine via SSH and perform the rest of the steps listed below.

END Optional First Step

Also, I found this online, but I wasn't siure it was exactly what I need to do. It sounds like what you said.

http://www.wikihow.com/Set-up-Port-Forwarding-on-a-Router

Thanks again.
||bit
Hero Member
*****
Offline Offline

Activity: 644


View Profile
June 27, 2011, 01:34:58 PM
 #8

and you need dyndns or a similar service in case your ip is not static (it will be dynamic in most cases)

dyndns.org

Good point. I'll look into resolving that if the IP is dynamic.

Thanks. Smiley
||bit
Hero Member
*****
Offline Offline

Activity: 644


View Profile
June 27, 2011, 01:36:23 PM
 #9

Open up whatever port your SSH is bound to from the router (usually port forward to 23) to external traffic. Depending on the SSH server you may need to set it to allow remote access as well.

ssh is port 22

Sounds right. That's what putty.exe defaults to...i.e. port 22.
dunand
Hero Member
*****
Offline Offline

Activity: 625



View Profile
June 27, 2011, 01:37:34 PM
 #10

With dyndns, you will be able to access only one of your computer. If you want to access the others you can do this :

Let's say you have 2 computers behind your router. Computer A and B.
You forward port 22 to computer A and you can SSH to computer A from outside.
When you are on computer A, you can access any computer on your LAN with another SSH.
dukejer
Jr. Member
*
Offline Offline

Activity: 42


View Profile
June 27, 2011, 01:54:45 PM
 #11

I would disable passwords in ssh and generate a private/public key pair to login from the outside world.  I run 2 copies of sshd on my box.  One on port 22 that uses passwords but is only available on the internal LAN and 1 that is mapped to a different port that I only know that only allows access through keys.  My router disables port forwarding until I run knockd to enable port forwarding to my hidden sshd port.  Knockd is a program that listens on the Internet interface on your router and will allow you to enable port forwarding on demand when a combination of certain tcp/udp ports are accessed in the correct order that only you will know.  Basically a secret knock that will then allow you to ssh into your systems behind your router.  Also for this level of security you would have to load different firmware onto your router.  Something like DD-WRT, Tomato or OpenWRT.  This is not for the novice but secures your system much tighter.

-Dukejer
||bit
Hero Member
*****
Offline Offline

Activity: 644


View Profile
June 27, 2011, 01:55:55 PM
 #12

It's simple

Let's say you have 2 computers behind your router. Computer A and B.
You forward port 22 to computer A and you can SSH to computer A from outside.
When you are on computer A, you can access any computer on your LAN with another SSH.

I will not ask donation for this one, too simple Smiley

LOL. Thanks for not pressuring me. Though, I have donated before a little already (I'm a kinda newbie with mining). The donation was because the person helped me in depth in troubleshooting my new linux system.
The person didn't ask, but it took his/her time and expertise. Otherwise, I kinda feel we would all help each other up as a community with simple things anyway. What are forums for? Cheesy

That said. It's been actually pretty enjoyable learning about linux, mining and this little bit of networking this past couple weeks.

Thanks for your feedback! It's helpful. Smiley
||bit
Hero Member
*****
Offline Offline

Activity: 644


View Profile
June 27, 2011, 02:01:18 PM
 #13

I would disable passwords in ssh and generate a private/public key pair to login from the outside world.  I run 2 copies of sshd on my box.  One on port 22 that uses passwords but is only available on the internal LAN and 1 that is mapped to a different port that I only know that only allows access through keys.  My router disables port forwarding until I run knockd to enable port forwarding to my hidden sshd port.  Knockd is a program that listens on the Internet interface on your router and will allow you to enable port forwarding on demand when a combination of certain tcp/udp ports are accessed in the correct order that only you will know.  Basically a secret knock that will then allow you to ssh into your systems behind your router.  Also for this level of security you would have to load different firmware onto your router.  Something like DD-WRT, Tomato or OpenWRT.  This is not for the novice but secures your system much tighter.

-Dukejer

Thanks for the great info. Smiley It does seem involvled, but worthwhile to consider. So, the advantage with the option you are suggesting is security? Is that to say the barebones SSH makes things more or particularily unsecure? e.g. Opens up the network to behind the router?

Yanz
Full Member
***
Offline Offline

Activity: 133


View Profile
June 27, 2011, 02:15:28 PM
 #14

Teamview is free for home "personal" use.

With great video cards comes great power consumption.
dukejer
Jr. Member
*
Offline Offline

Activity: 42


View Profile
June 27, 2011, 02:18:17 PM
 #15

Thanks for the great info. Smiley It does seem involvled, but worthwhile to consider. So, the advantage with the option you are suggesting is security? Is that to say the barebones SSH makes things more or particularily unsecure? e.g. Opens up the network to behind the router?

Openssh by itself is fairly secure even with passwords.  I was hacked a little over a decade ago under Openssh with using passwords only but I have not see any easy exploits of Openssh in sometime.  Passwords can be brute forced though and this makes them a security breach unless you have a long random password with a mix of uppercase, lowercase, numbers and symbols.  I like the certificate keys because if you do not have the key you can not login to the box from the outside world.  I run connectbot with a generated certificate key on my android phone to log into my systems.   Locking down port forwarding with Knockd adds another level of security because if a port is open it gives a hacker a reason to try to break into your system.  If they do not know the port is open in the first place they have no reason to try.   Also they will not have an easy way of knowing which type of system is behind the port forward.  Even with a port forwarding a hacker maybe able to fingerprint your Operating System by the way the port and application on the port like sshd responds.  From their they can look for known exploits in the Operating System and try to break in.  It is better if they do not know what OS or how many computer systems are behind the router.

-Dukejer
Xer0
Hero Member
*****
Offline Offline

Activity: 826


°^°


View Profile
June 27, 2011, 03:07:01 PM
 #16

Arent there any bots yet, that connect to an IRC channel, and wait for shell commands?
evlew
Sr. Member
****
Offline Offline

Activity: 404



View Profile
June 27, 2011, 04:18:26 PM
 #17

FYI: port forwarding 22 from the internet to port 22 on your machine directly exposes that port.  This is not a very safe way to do it as some people will continually try to get in once they find that port is open.  (and it's very easy to find if you stick to the default port) try port forwarding a different port number that they are not likely to guess ssh'ing to.

ie:  port forward 4022 to 22.

then when you are outside your network use port 4022 when using putty or whatever ssh program.  (your router will translate it to 22 so your computer knows to receive it)

another way is to use a VPN.  that is what I use.  in which case you can act as if your are locally connected to your network from anywhere with internet access.  It has it's own security flaws, but whatever, the worst a hacker can to do my miner network is reconfigure them to mine for them, in which case I just reinstall the os and more security.  No coins on my network.

if your router is flashable with DD-WRT you can essentially turn it into a way more functional device.  Mind you the navigation and settings are a little more advanced, but nothing a miner can't figure out! (lots of documentation on their website)

in which case you can setup open-vpn on your router. 
stellan0r
Hero Member
*****
Offline Offline

Activity: 490


Medical Translations for Bitcoins


View Profile
June 27, 2011, 09:37:28 PM
 #18

and you need dyndns or a similar service in case your ip is not static (it will be dynamic in most cases)

dyndns.org

Good point. I'll look into resolving that if the IP is dynamic.

Thanks. Smiley


no problem.

I'm now actually using my iphone/ipad to SSH into my miner from everywhere where I have 3G or WiFi Wink

Allgemeine Gesundheitsberatung gegen Bitcoin-Zahlung. Bei Fragen einfach eine PM schicken!
If you want to send a thank you: BTC "1PZJvKvarRviQRQWejpvXW2j4e1xbT8MZb" / Doge "DHtN2YEFg1obv2VFps8RwQSL6xL1RRYyXN"
Grinder
Legendary
*
Offline Offline

Activity: 1269


View Profile
June 28, 2011, 08:26:27 AM
 #19

The best thing you can do to secure your SSH server is probably to not run it on port 22. If there is a security hole or somebody wants to try to guess your password there's more than 99.9% chance they're only going to check port 22.
Capitan
Member
**
Offline Offline

Activity: 112


View Profile
June 28, 2011, 08:40:07 AM
 #20

With dyndns, you will be able to access only one of your computer. If you want to access the others you can do this :

Let's say you have 2 computers behind your router. Computer A and B.
You forward port 22 to computer A and you can SSH to computer A from outside.
When you are on computer A, you can access any computer on your LAN with another SSH.

Couldn't you also put SSH onto a different port on Computer B, and forward that port as well in the router? Then you could access both directly from outside?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!