I have recently installed Ubuntu Server 12.04 (Precise Pangolin) and intend to use it primarily as a file server. I am completely new to Linux, so this is a pretty big learning curve. Yesterday I was able to configure PuTTY on my Windows 7 machine using an SSH key pair so that I can administer Ubuntu Server from my desktop. This works fine provided that both machines are on the same network.
In the case of my laptop (MacBook Air) it might not always be on the same network. Is it possible to be able to connect to the Ubuntu server from my laptop via SSH when it is on a different network?
I have installed the avahi daemon so that the hostname for the server is broadcast on the LAN and configured the router so that it will always assign the same IP address to the server. Apart from that the only thing I have installed on the server is OpenSSH where I have disabled password authentication so that you can only connect using a key pair.
I thought I would be able to do something like this from the terminal on my laptop:
ssh my.external.ip.address user@hostname.local
When I try that command I get the error:
ssh: connect to host my.external.ip.address port 22: operation timed out
I have also tried
ssh my.external.ip.address user@servers.local.ip.address
and I get the same error message as before. So that should give you an idea of what I am trying to do, but is this possible, and if it is, how do I do it?
Assuming I can set up an external connection via ssh from my laptop, there is a possibility that my ISP will change my external IP address which would break the external connection. I would like to be able to connect robustly, that is, if my ISP changes the external IP address I would still be able to connect remotely to the server without having to know what the new external IP address is.
Best Answer
First of all, the correct command is:
ssh user@my.external.ip.addressAnd the router should be configured to forward the SSH port 22 to your server's local IP address.
For further debugging:
1) Check that port 22 (SSH) is open on your server and on the router (port forwarding).
2) Check that the SSH server is running on your server
3) Use
ping,ssh -vwhile connecting and look at/var/log/auth.logto debug any further connection problems.1) On your router: follow router specific instructions
On your server:
sudo ufw status(unless you use another firewall configuration utility) orsudo iptables -L(general method, but complex output)To open port 22:
sudo ufw allow 22cf https://help.ubuntu.com/12.04/serverguide/firewall.html
2) Check it is installed:
dpkg -l openssh-serverCheck it is running:
service ssh statusorps aux | grep sshd3) On the connecting client:
ping my.external.ip.addressssh -v user@my.external.ip.addressOn the server:
sudo less /var/log/auth.logYou can check the router logs as well if necessary.
Here's an online port scanner: https://www.grc.com/x/ne.dll?bh0bkyd2
I think you can use tools like nmap or other as well, but I'm not that familiar with them yet.
Dealing with a changing external IP address:
1) Get a dynDNS or similar account: http://dyn.com/dns/
Lists of dynamic DNS providers:
2) Another solution, is to set up a crontab job, which regularly mails you your external IP address or puts in into an online storage service like dropbox.
Here's a script a friend of mine uses:
Router port forwarding:
1) First, figure out your router's local IP address by running:
It is usually something like 192.168.x.x.
Alternative ways and other OS solutions:
2) Using any computer connected locally to the router, access the IP found previously, i.e. via http://192.168.1.1 for example. This should bring up the router configuration interface.
3) The next steps vary depending on your router. Here is how it is done on a router with OpenWRT for example:
https://newspaint.wordpress.com/2012/08/26/how-to-add-a-port-forward-using-the-web-interface-on-openwrt-10-03-1/