Ubuntu – Connect via ssh to one of the multiple clients on same network

networkingssh

let's imagine i am at school with an android phone. I have a computer at home and that computer has a virtual machine working on it. here is the scenario, client and virtual client has ssh-client and ssh-server both and they can communicate each other in the local network.
when i want to connect to my virtual client from school by android phone through internet there must be an ip address.
the problem is virtual machine and client has the same public ip. so how do i connect one of the two machines?

Best Answer

You need to create port forwarding rules in your router's settings, for each device in the local network.

For example you can crate:

rule, where router's port 1110 is redirected to port 22 (this is the standard SSH port) of the device in the local network, which has local IP 192.168.1.110, and
rule, where router's port 1115 is redirected to port 22 of the device with local IP 192.168.1.115.

Let's assume, your router has public IP address 77.60.52.10, so you will be able to connect to the device with local IP address 192.168.1.110 via this command:

ssh username@77.60.52.10 -p 1110

Also, you will be able to connect to the device with local IP address 192.168.1.115 via:

ssh username@77.60.52.10 -p 1115

Here you are, an example for port forwarding on TP-LINK home router:

EDIT: Home routers usually have UPnP configuration interface. In Ubuntu, you can create port forwarding (mapping) through this interface with some tool like UPnP PortMapper.

It is a good idea to set up static IP addresses for the devices in your local network. One of the ways to do that is through address reservation page in the router's setting:

EDIT: Assignment of static IP could be done also through the configuration of the OS. Here's an example of how to do this in:

Using `ProxyCommand` in your SSH config.

Create an SSH configuration file in your home directory (unless you want to make this system-wide), ~/.ssh/config:

Host unibroker          # Machine B definition (the broker)
Hostname 12.34.45.56    # Change this IP address to the address of the broker
User myusername         # Change this default user accordingly 
                        # (`user@unibroker` can overwrite it)

Host internalmachine    # Machine A definition (the target host)
ProxyCommand ssh -q unibroker nc hostname.or.IP.address.internal.machine 22

Now you can reach Machine A directly using

ssh user@internalmachine

Also note that now you have a single SSH host target name for it, you can use this in other applications as well. E.g.:

SCP to copy files.
```
scp somefile user@internalmachine:~/
```
In your GUI applications:

use sftp://user@internalmachine/ as the location to browse on the machine.

KDE-based (Dolphin): use fish://user@internalmachine/

Notes

Change hostname.or.IP.address.internal.machine and the port (22) to the machine you like to reach as if you would from the unibroker machine.

Depending on netcat versions on the unibroker host, the -q0 option must be omitted. Regarding authentication; you're basically setting up two SSH connections from your workstation. This means both the unibroker host and the internalmachine host are verified/authenticated against one after another (for both keypair/password and host key verification).

Explanation

This approach of the use of ProxyCommand and 'netcat' is just one way to do it. I like this, because my SSH client talks directly to the target machine so that I can verify the host key from my client and I can use my public key authentication without using another key on the broker.

Each Host defines the start of a new host section. Hostname is the target hostname or IP address of that host. User is what you would provide as the user part in ssh user@hostname.

ProxyCommand will be used as the pipe to the target machine. By using SSH to the first machine and directly setting up a simple 'netcat' (nc) to the target from there, this is basically just a plaintext forward to the internal machine from the broker between those. The -q options are to silence any output (just a personal preference).

Make sure you have netcat installed on the broker (usually available by default on Ubuntu) - either netcat-openbsd Install netcat-openbsd or netcat-traditional Install netcat-traditional .

Note that you're still using SSH with encryption twice here. While the netcat channel is plaintext, your SSH client on your PC will set up another encrypted channel with the final target machine.

Ubuntu – SSH to local ip in external network

You can specify port forwarding for incoming ports to forward to port 22 on each of the computers.

Say you have 4 computers on this network. We will call them A, B, C, and D. You have a laptop on a different network and you want to connect to computer A, B, C, or D.

Set incoming port forward on port 55555, for example, to forward to computer A on port 22.

To connect to computer A on port 22, you would connect to the external IP on port 55555 which will forward to computer A on port 22. The command to connect would read like so:

ssh username@externalIP:55555

example:

ssh holymoses@123.456.78:55555

Set up to forward all incoming connections on port 55556 to computer B, port 22 and so on and so forth.

Best Answer

Related Solutions

Ubuntu – How to SSH to machine A via B in one command

Using ProxyCommand in your SSH config.

Notes

Explanation

Ubuntu – SSH to local ip in external network

Related Question

Using `ProxyCommand` in your SSH config.