I'm not sure how one would acomplish this on your average
linksys/netgear home router, but yes this is an excelt thought. I use
ssh for very specifict tunled automated tasks, so I just port forward on
22 and tun the serice on and off in cron.
Is that resonable?
-----Original Message-----
From:
plug-discuss-bounces@lists.plug.phoenix.az.us
[
mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of
Joseph Sinclair
Sent: Saturday, March 17, 2007 2:12 PM
To: Main PLUG discussion list
Subject: Re: ssh problem
der.hans wrote:
> Am 17. Mar, 2007 schw tzte Joey Prestia so:
>
>> I have a linksys router a desktop computer connected that stays on at
>> all times and sometimes a laptop connected wireless to my home
>> network I have static IP set for my desktop which I can ssh into any
>> time but if I get of my network I cannot ssh into my desktop by using
>> the external IP I have my firewall settings off on my router and ssh
>> -v says :
>> [joey@localhost ~]$ ssh -v 68.3.73.132 OpenSSH_4.3p2, OpenSSL 0.9.8b
>> 04 May 2006
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: Applying options for *
>> debug1: Connecting to 68.3.73.132 [68.3.73.132] port 22.
>> debug1: connect to address 68.3.73.132 port 22: Connection timed out
>> ssh: connect to host 68.3.73.132 port 22: Connection timed out
>> [joey@localhost ~]$
>
> Presuming the Linksys is connected to your Internet pipe and the
> desktop is connected behind it...
>
> Log in to the Linksys config interface[0].
>
> Under "Applications & Gaming" add a port forward. You want to forward
> TCP port 22 to your internal IP.
>
> [0] If you don't know where that is, try the following. On your
> desktop in a terminal window type 'netstat -rn'. That'll list an IP
> address under Router. The destination for that router should be
> 0.0.0.0. That's your gateway, which is the internal interface for your
Linksys.
>
> Let's says the IP is 192.168.1.1[1].
>
> Point a browser a that IP, http://192.168.1.1/[2]. Linksys doesn't use
> the username. Enter whatever password you've set or the default if you
> haven't set one[3].
>
> [1] I'd suggest changing the internal network to something other than
> the default. For instance, 192.168.204 would be better than 192.168.1.
> That'll require changing the static IP of your desktop to also be on
> the new network.
>
> [2] Linksys allows being only available via an SSL connection. Under
> Administration enable HTTPS under Web Access -> Access Server. Make
> sure you can connect via https, then disable the http connection. I
> think the Wireless Access Web there is to allow connecting to the
> admin interface via a wireless client, so suggest making sure that's
off.
>
> [3] If you haven't changed the password please do :).
>
> ciao,
>
> der.hans
>
>
---
To Hans excellent instructions I would add that it's generally a good
idea to run SSH on a non-standard external port (say 43722). Port 22 is
a well-known port, so it's often the target of port scanning attacks,
while high-range ports (above 33000) are expensive enough to randomly
scan that they're rarely examined by attackers.
To Whit:
The port forward would look something like forward port (48522) on WAN
to port (22) host (192.168.204.149) on LAN If your particular Linksys
won't allow the port translation, just run the SSH daemon on port 48522
on the LAN box, either way it takes your external connection off of port
22 and into a slightly safer region.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)