0

I want to ssh across the internet, one network to another. Specifically, from my LAN using a run-of-the-mill router and cable modem to a neighbor's LAN using a different run-of-the-mill router. The solution I've found looks awkward:

You can specify port forwarding for incoming ports to forward to port 22 on each of the computers.

Say you have 4 computers on this network. We will call them A, B, C, and D. You have a laptop on a different network and you want to connect to computer A, B, C, or D.

Set incoming port forward on port 55555, for example, to forward to computer A on port 22.

To connect to computer A on port 22, you would connect to the external IP on port 55555 which will forward to computer A on port 22. The command to connect would read like so:

ssh username@externalIP:55555

example:

ssh holymoses@123.456.78:55555

Surely there's a more dynamic way to establish the connection. Can I specify MAC address or hostname, perhaps? Because it's residential, I can't really do too much with a FQDN.

Would it help to register a FQDN with no-ip? Certainly, the FQDN can be registered to the external IP for the router, but I'm not sure that gets me anywhere with actually establishing the connection, however.

I've only ever done ssh across my home LAN or to digital ocean. While I don't have my neighbor's router model at hand, I'm sure that using static IP addresses and port forwarding would work -- but I'd rather use DHCP.

How do I specify which computer: A, B, C or D with DHCP?

Community
  • 1
Thufir
  • 1,490
  • 7
  • 36
  • 57

1 Answers1

1

Unfortunately, you are suggesting options which won't solve your fundamental problem. You need a solution to be able to reach a host inside a remote NATed (and presumably Firewalled) network. In your case, you have a remote network "R", (I infer) a combined firewall/router/NAT/modem box "Fr" and a remote host inside that subnet "Hr". In that configuration, "Hr" is likely getting it's (NATed) IP address from "Fr" and the only way to reach "Hr" is through the router. The router has the only exterally reachable address (likely), and therefore the easiest solution is to setup port forwarding on "Fr" like you've already described.

Using a (externally resolveable) hostname or FQDN to reference "Hr" won't help, because it will still need to resolve to the sole IP address of "Fr". "Fr" still has to know to forward any packets to "Hr" and the only way to do that is by setting up port forwarding.

A "FQDN with no-IP" won't help - DNS names are only for human use. Your computers don't really care about names, they care about IP addresses. Analagously, if you don't specify an address, it would be like addressing an envelope to "John Smith, New York, NY" and hope that it gets to the right person.

As you noted you could register the FQDN (or use a Dynamic DNS provider) for the external IP of the router, but you still need to tell the router to forward packets to "Hr". You can of course have the router forward packets recieved by "Fr" on port 22 on it's external interface to "Hr" on the same port. Or you could ask for (and pay for) more external IP addresses from your ISP, but that gets more complicated.

A completely different option would be to use a (mediated) VPN solution, (like Hamachi or many others) where you both connect to a third party to setup a private subnet between your computers.

In the end, I'd suggest just biting the bullet and setting up a port forwarded solution for your needs.

crimson-egret
  • 3,276
  • 17
  • 20