[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] Remote SSH (dynamic IP) without third-party server

On Mon 03 Aug 2020 at 18:52:24 (-0500), Nate Bargmann wrote:
> * On 2020 03 Aug 14:16 -0500, David Wright wrote:
> > The home PC that I'd be trying to contact has a 192.168.n.n IP address
> > given to it by my primary router. But the router's external address is
> > obtained by its DHCP client talking to my ISP's DHCP server. It's not
> > obvious to me how to query the router's client except by logging in to
> > the router's web interface and reading the number from the screen.
> > (It's a $38 consumer grade.)
> 
> Is it possible for you to assign a specific IP address for a given
> machine's MAC address from the router?  That is what I do.  My machines
> request DHCP and the router serves each the same address that I have
> configured for them in the router.  Dynamically served static IP
> addresses, if you will.

Yes, except that I have the hosts listed in /etc/hosts on each machine
as well as reserved in the router (the latter does not serve DNS).

> Let's say machine 1 always gets 192.168.1.1 and machine 2 gets
> 192.168.1.2 from the router's DHCP server.  To SSH into each from the
> public Internet set up port forwarding on the router.  OpenWRT also
> allows port translation and some off the shelf routers do not.  As I use
> OpenWRT, all of the machines on my LAN listen on port 22 for SSH.  Then
> I set up the port forwarding table similar to:
> 
> Incoming port	Machine		Port
> 10022		192.168.1.1	22
> 20022		192.168.1.2	22
> 
> If your router does not do port translation then set up each machine SSH
> deamon to listen to the same port, 10022 and 20022 respectively.  I had
> an ISP in the past that blocked incoming ports below 1024 so I had to
> use higher ports any way as I could not reach my router on port 22 from
> the public Internet.
> 
> Another approach is to only have one machine handle incoming SSH
> requests, in other words, only forward one port number from the public
> Internet to that machine.  Then SSH from it to others on your LAN.
> 
> There are several approaches.  In each case use public key
> authentication and disable password authentication.

Yes, all those are simple to set up. But none of that helps determine
the IP address of *your router* at home in Old Podunk, USA when you're
sitting in a hotel in Cocks, England.

Cheers,
David.
Reply to: