[TriLUG] enabling SSH into private network
Dave Sorenson
dave at logicalgeek.com
Wed Jan 2 09:47:17 EST 2008
One more thing, you need to change from DHCP to a static internal IP
addresses. That way if you reboot you will not need to reset your router
forwards if the machines get a different IP assigned. Your laptop is
probably OK with DHCP, but the machines you want to SSH into really need
static addresses.
Dave
> Without a domain name you will not be able to do what you want. You could
> just use the external IP and access it that way IE ssh me at xxx.xxx.xxx.xxx
> -p 2222, 2223 etc..
>
> If you register a domain, set your A record to the external IP of your
> internet connection then your connect would be: ssh me at mydomain.com -p
> 2222, the second machine would be ssh me at mydomain.com -p 2223 lather rinse
> repeat.
>
> Dave
>
>
>>
>> Coupla questions about enabling SSH from the internet into a private
>> network:
>>
>> Thanks to donations, I have both my POS boxes (running feisty USE,
>> console only) behind a router/firewall. They, and my laptop, are
>> stably DHCPing, and can reply to pings from each other, inside that
>> network.
>>
>> Now I need to enable folks to SSH in from outside that network, in
>> order to
>>
>> * enable remote data entry: we've got a lotta DB setup todo
>>
>> * allow remote access to the POS developers
>>
>> I've frequently setup SSH on boxes on other networks (not my own) so
>> I'm familiar with creating/installing keys etc. My questions are about
>> what I need to do to enable the several boxes to accept SSH from
>> outside.
>>
>> I read that I hafta use separate ports in order for the several boxes
>> to each be able to accept SSH connections through the firewall.
>> Looking around for ports that look (relatively) unused and which are
>> mnemonic for the service and the hostnames, I'm thinking of using
>> port#s 222x: does that seem reasonable/feasible?
>>
>> In any case, whatever I use for the port#s, I'll need to open them on
>> the firewall: fortunately that seems straightforward.
>>
>> Then from outside the private network one will need to run
>>
>> ssh <id>@<FQ hostname> -p <port#>
>>
>> where <FQ hostname> belongs to one of the boxes on the private
>> network. I know how to setup IDs, and port# is discussed above. I'm
>> wondering, what do I need to do to publicize the hostnames from the
>> private network to the world? Or is there A Better Way to do this?
>>
>> TIA, Tom Roche <Tom_Roche at pobox.com>
>>
>> --
>> TriLUG mailing list :
>> http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
More information about the TriLUG
mailing list