Ubuntu – Step by Step enable remote login to home ubuntu machine


To clarify, this is ask:

I have a home computer running ubuntu. I want to be able to ssh into it from a remote location such as a cafe where I will bring a laptop.

My attempts thus far have been unsuccessful: I set up my router to forward port 22 to port 22 on my home computer's ip address. When I ssh@, I get connection refused.

I can't find an online comprehensive guide on how to do this. I know it involves setting a few things such as static IP address on the home machine, as well as router port forwarding. Past this, there are many questions such as how specifically to set the static IP (there seem to be several ways), what IP address to use, what port to forward on the router, what port to choose to forward to on the home ubuntu machine, ssh details when logging in via that particular port, etc.

Best Answer

Now that you have verified the service works from the local network, you're ready to forward the ports from the router to go to the desired computer.

You can get (verify your computer's IP) the local IP address of your computer by running the following command. The output will be similar to this example, of which I'll use for the example in these steps.

$ hostname -I

You want to forward the ssh port (port 22) in the router's configuration to the IP address of your server.

The Steps:

  • Ensure ssh is working by testing it from the local network.
  • Verify the Local IP address of your computer. This will be the IP of the
  • Verify the Public IP address of your router (how it's seen from the outside).
  • Forward the ssh port 22 (the tcp protocol) to the local IP address of your computer.

With those steps, you can now log into your computer using the public IP of the router from outside your network.

Some details for conveniences

You can setup a DNS to point to your router's public IP address so that you can conveniently use the name for logging in rather than having to remember the IP address.

Static IP Versus Dynamic IP

Most home internet service providers charge a fee for Static IP addresses. So it's likely that you may have a dynamic IP, which is subject to change from time to time. If you have a dynamic IP and can't connect from remote, you have to check to ensure that you are trying to connect to the correct IP address of your router.

A static IP will not change without some type of conscience configuration and intentions.

If you have a dynamic IP it's possible to use a ddns service (Dynamic Domain Name System) to assign a name that will automatically change the name to point to the new dynamic IP when it changes. There is a feature of most routers to configure it to use your DDNS service.

Trouble Shooting Alternatives

Internet Service Providers often blocks many common ports. It's often to protect the user from hackers and exploits. Sometimes it's to prevent the user from running certain services and to minimize bandwidth.

Whatever the purpose, you'll have to use an alternate port for your ssh server. This can be done by adding or changing the port the ssh server will listen to. You can do this by editing your /etc/ssh/sshd_config file.

Ubuntu uses port 1022 as an alternative when performing version upgrades from remote. This provides for a means to login into a recovery session if you loose connection. I used this same port in my example below. You can set it for any port that isn't currently being used for something different.

After changing the listening port on the server, be sure to change the port forwarding configuration in your router to the port the ssh server is listening to. Also be sure to test the new port configuration locally.

Change from:

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to

Change to:

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
Port 1022
# Use these options to restrict which interfaces/protocols sshd will bind to

After making sshd service configuration changes restart the sshd service with:

$ sudo systemctl restart sshd

The command to ssh into an alternate port:
(This command can be executed from any computer including the server itself for testing and logging into the port.)

$ ssh -p 1022 username@server.com

A website to test the way the ports are viewed from outside

You can verify your settings by connecting to this site:

Related Question