You need to do 2 things:
configure nameservers (probably in some control panel of the registrar from which you bought the domain) to point the A record to the (static) IP address of your router (i.e. its external address) - I hope by "I changed my IP address to static" you mean that you contacted your ISP and requested a static IP address from them, not that you configured your machine's local IP to be static (though the latter is needed too)
Secondly, you go to your router's configuration page (see your router instructions, usually it's something like http://10.0.0.1:8080/) and configure Port Forwarding - i.e. you need to tell your router to take all requests which come to its external interface on port 80 and redirect them into internal network to the IP of your server, then take the response and send it back as if it was generated by the router. So for external world the responses will be coming from the external IP of the router. To which IP your DNS records point to. Easy-peasy.
Also, some ISPs, to protect users, block all incoming connections to the client's IPs or only to some common ports. So the access from outside may not work even if everything is configured correctly. You will need to check with your ISP to figure out how to remove port blocking.
There's no need to change anything in your Ubuntu settings, no need to change permissions on
/var/www or anything... as such, it may be beneficial for you if this question was migrated to serverdefault.
First of all, the correct command is:
And the router should be configured to forward the SSH port 22 to your server's local IP address.
For further debugging:
1) Check that port 22 (SSH) is open on your server and on the router (port forwarding).
2) Check that the SSH server is running on your server
ssh -v while connecting and look at
/var/log/auth.log to debug any further connection problems.
1) On your router: follow router specific instructions
On your server:
sudo ufw status (unless you use another firewall configuration utility) or
sudo iptables -L (general method, but complex output)
To open port 22:
sudo ufw allow 22
2) Check it is installed:
dpkg -l openssh-server
Check it is running:
service ssh status or
ps aux | grep sshd
3) On the connecting client:
ssh -v firstname.lastname@example.org
On the server:
sudo less /var/log/auth.log
You can check the router logs as well if necessary.
Here's an online port scanner: https://www.grc.com/x/ne.dll?bh0bkyd2
I think you can use tools like nmap or other as well, but I'm not that familiar with them yet.
Dealing with a changing external IP address:
1) Get a dynDNS or similar account: http://dyn.com/dns/
Lists of dynamic DNS providers:
2) Another solution, is to set up a crontab job, which regularly mails you your external IP address or puts in into an online storage service like dropbox.
Here's a script a friend of mine uses:
# Bash script to get the external IP address
MYWANIP=$(curl http://mire.ipadsl.net | sed -nr -e 's|^.*<span class="ip">([0-9.]+)</span>.*$|\1| p')
echo "My IP address is: $MYWANIP"
echo "Previous IP Address: $IPold"
if [[ $IPold != $MYWANIP ]] ;
echo "New IP"
echo $MYWANIP >> /home/USER/Dropbox/test.txt;
echo "Same IP";
# example crontab entry:
## m h dom mon dow command
## */10 * * * * /home/USER/Dropbox/test_ip.sh
Router port forwarding:
1) First, figure out your router's local IP address by running:
ip route | grep default
It is usually something like 192.168.x.x.
Alternative ways and other OS solutions:
2) Using any computer connected locally to the router, access the IP found previously, i.e. via http://192.168.1.1 for example. This should bring up the router configuration interface.
3) The next steps vary depending on your router. Here is how it is done on a router with OpenWRT for example:
When properly set-up OpenSSH is safe, even on the standard port. Moving it away from the standard port saves you from your log files being filled up by unauthorized login attempts. More details on the end.
It's very dangerous to access your server if you do not have control over the computer which should connect to your server (which I think that's the reason why you need to use a browser plugin)
OpenVPN can be set up to share TCP ports with a HTTP/HTTPS server, from its manual page:
It's not recommended to use OpenVPN with a TCP connection due to its overhead (TCP 3-way handshake). If you've no choice, you could give it a go.
Using OpenVPN, you can avoid any port restriction imposed on you and secure the connection. Please refer to How do I setup OpenVPN so I can securely use the internet from an unsecured hotspot? for a guide on setting up OpenVPN.
You cannot share ports unless an application supports it (like OpenVPN), so I must disappoint you on that.
Password-based authentication without limiting connection attempts is asking for trouble. Because of that, it's preferred to use key-based authentication and disable password-based authentication altogether.
Install openssh-server by running
sudo apt-get install openssh-server
Disable password-based authentication by editing the configuration file
/etc/ssh/sshd_config. To start editing, run
sudo nano /etc/ssh/sshd_config. Find the line
#PasswordAuthentication yesand change it to
PasswordAuthentication no. By default, SSH listens on port 22. If you want to change it, use a port below 1024 for security reasons. (change the line with
For extra security, you can configure a list of users who are allowed to login. Add a line with:
someuserby the username of the account that is allowed to log in. Multiple usernames should be separated by a space.
Generate a key on your computer using the command
ssh-keygen -t rsa. Enter whatever values you want and choose a secure passphrase.
Copy the contents of
/home/someuser/.ssh/authorized_keysfile on your server.
someuseris the user that should be allowed to login. (it's a single line that should be copied, never copy the contents of a file that starts with
-----BEGIN RSA PRIVATE KEY
Reload the configuration of your SSH server:
If you're remotely accessing your server over SSH, verify that you can make a new SSH connection to avoid locking yourself out.