SSH Configuration Question

[gdgrana]

Alright, this is going out to all the computer people in the audience. A two-pronged question, if you will:

1. I want to configure SSH to use port X instead of 22 like normal. I know how to do it on the machines themselves, but what do I need to do with my router? I've read around that there's a way to have the router take everything coming into it from port 22 and pass it to port X on my computers, but the instructions on how to do that are somewhat vague. I've got Ubuntu running on the laptop and Cygwin acting as a *nix emulator on the PC for now.

2. How do I talk to the machines from outside the LAN using SSH? Again, I've seen some vague references to talking to the router itself, but beyond that, how do I get to the individual machines? I've also attempted to ssh into the router's IP but have gotten the "connection refused" warning whenever I do.

Thanks everyone.

Comments

[cutriss.livejournal.com]

This is actually all more tied to your router and its configuration pages. Since they differ from router to router, it's hard to say what exactly you need to do, but what you're going to be doing is called port redirection. In some cases it's called port forwarding, but that's usually just for passing through to the same port number.

And in that vein, what port you use on your internal machines is not really as relevant as what port you use on the router. When people try to chat up your computer, they'll only see the router, so it doesn't matter if sshd is listening on 22 or 22222 on your computer - what matters is where your router is listening, and then after that, just make sure it's sending the connection onto the same port on the PC.

Most home consumer routers require static IPs to be used for port forwarding/redirection, so keep this in mind.

Assuming your Gutsy Gibbon install is on 192.168.1.232 and you have sshd set to listen on 22 (this makes it a lot easier internally to communicate - like I said, externally is where it matters), you'd basically need to set up a rule that says "All TCP/UDP traffic on port 22 goes to 192.168.1.232". Most routers have a graphical tool that lets you do this so it shouldn't be hard to figure out. Now, if you're using port redirection instead, then the rule would say "All TCP/UDP traffic on port X goes to 192.168.1.232 on port 22". It's not that hard once you wrap your mind around how it works.

From outside the LAN, you don't necessarily address individual machines. Port forwarding takes care of that for you, by virtue of assigning each port/portrange to a specific machine. What you'll be doing is getting your public IP address, and then using SSH to connect to *that*. So, even if your network runs on 192.168.1.*, your ISP has assigned you an address in the public space. Could be 56.29.91.220 or anything like it (just made that one up). You would use ssh to connect to *that*, and then your router proxies (general term) the connection to your internal box for you.

If you don't have port forwarding/redirection set up, then connecting to your router via SSH won't do anything. Your router is probably set up to ignore all outside connections unless explicitly defined in the port forwarding rules.

That help?

[cutriss.livejournal.com]

A couple of links of interest:

http://portforward.com/routers.htm - Mostly intended for helping people set up port forwarding for BitTorrent, but it's great since it has details pertaining to a wide variety of home routers.

http://ipinfo.info/ - Get your public IP easily, if you don't know where to find it in your router. As a note, obviously, you have to view that page from home for it to be useful. :P