Ssh – Use two different ip addresses per host in SSH

opensshssh

I have a server, named gamma, constantly up and running at work. Sometimes I connect to it from at home, in which case I use the public IP address 55.22.33.99. Sometimes, I connect to it when I'm at work, and rather than bounce my packets around unnecessarily, I connect via the local IP address, 192.168.1.100.

At the moment, I have them split up into two different entries in ~/.ssh/conf

Host gamma-local
        HostName 192.168.1.100
        Port 22
        User andreas

Host gamma-remote
        HostName 55.22.33.99
        Port 12345
        User andreas

So, if I'm at work, all I have to type is ssh gamma-local and I'm in; if I'm at home (or anywhere else in the world), I run ssh gamma-remote.

When connecting to the server, I would rather not have to type in a different name depending on where I am, I would rather that part be done automatically; for instance, in some cases I have automated scripts that connect who don't know where I am.

There is a question that solves this problem by using a Bash script to "try" to connect to the local one first, and if it doesn't connect, try to connect to the remote IP address. This is nice, but (1) seems inefficient (especially since sometimes you have to "wait" for connections to time out as they don't always send an error back immediately) and (2) requires Bash and lugging around the script.

Is there an alternate way of achieving this that doesn't rely on the use of Bash scripts, nor "testing" to see if the connection works first?

Best Answer

If you have a way to recognize which network are you on then you can use the Match keyword in ~/.ssh/config to do what you want. This requires OpenSSH ≥6.5.

I use something similar to

Match originalhost gamma exec "[ x$(/sbin/iwgetid --scheme) != xMyHomeESSID ]"
  HostName 192.168.1.100
  Port 22

Host gamma
  User andreas
  Port 12345
  HostName 55.22.33.99

So I'm using the identifier of the used wifi network to decide whether I'm at home for the purposes of the SSH connection, but checking the IP address assigned to you computer or anything else that differentiates the two networks can be used as well.

Related Solutions

SSH to Two Addresses and Use the One That Connects First

What about trying a simple OR from your shell?

ssh username@franklin.local || ssh -p 22 remote.address.of.franklin

I am not really familiar with ZSH, but I guess the evaluation logic would still be lazy, meaning that the second part is only evaluated if the first part fails. Of course the first command may stall for some time trying to figure out if franklin.local is available.

You could assign that command to an alias to shorten it up (like you did with the function).

SSH Server Not Answering Connection Requests – Troubleshooting

A Very Disappointing Self-Answer

Having set this problem aside for a day and come back to it, I was both relieved and perturbed (more perturbed than relieved) to find that everything was, mysteriously, working properly.

So, What Was the Issue?

No settings were changed or adjusted -- not on the router, not on the SSH server, and not on the SSH client's machine. It's fairly safe to say it was the router not handling the incoming traffic properly, in spite of proper settings. Given that dinky home router software isn't really designed to deal with port forwarding, it took the poor guy a while to implement the necessary changes.

But It's Been Like 6 Hours!!

Yeah dude, I know. I spent all day trying to figure out what was wrong -- and didn't ever find it because there wasn't anything wrong. Evidently, it can take 6 hours -- possibly more -- for the router settings to take effect.

So How Do I Know If This Is My Issue?

A nifty tool I came across during this escapade is tcpdump. This lean little guy sniffs traffic for you, offering valuable insight into what's actually going on. Plus, he's got some super filtering features that allow you to narrow down exactly what you want to look at/for. For example, the command:

tcpdump -i wlan1 port 22 -n -Q inout

Tells tcpdump to look for traffic via the wlan1 interface (-i = 'interface'), only through port 22, ignore DNS name resolution (-n = 'no name resolution'), and we want to see both incoming and outgoing traffic (-Q accepts in, out, or inout; inout is the default).

By running this command on your SSH server while attempting to connect via a remote machine, it quickly becomes clear where precisely the problem lies. There are, essentially, 3 possibilities:

If you're seeing incoming traffic from the remote machine, but no outgoing traffic from your local server, the problem lies with the server: there's probably a firewall rule that needs to be changed, etc.
If you're seeing both incoming and outgoing, but your remote machine isn't receiving the response, it's most likely the router: it's allowing the incoming traffic, but dropping your outgoing packets.
If there's no traffic at all, that's probably a router issue as well: the remote machine's SYN packets are being ignored and dropped by the router before they even reach your server.

And once you've discovered where the problem lies, a fix is (usually) trivial.

Best Answer

Related Solutions

SSH to Two Addresses and Use the One That Connects First

SSH Server Not Answering Connection Requests – Troubleshooting

Related Question