Step by Step enable remote login to home ubuntu machine?

networking ssh iptables

16,352

Now that you have verified the service works from the local network, you're ready to forward the ports from the router to go to the desired computer.

You can get (verify your computer's IP) the local IP address of your computer by running the following command. The output will be similar to this example, of which I'll use for the example in these steps.

$ hostname -I
192.168.1.5

You want to forward the ssh port (port 22) in the router's configuration to the IP address of your server.

The Steps:

Ensure ssh is working by testing it from the local network.
Verify the Local IP address of your computer. This will be the IP of the
Verify the Public IP address of your router (how it's seen from the outside).
Forward the ssh port 22 (the tcp protocol) to the local IP address of your computer.

With those steps, you can now log into your computer using the public IP of the router from outside your network.

Some details for conveniences

You can setup a DNS to point to your router's public IP address so that you can conveniently use the name for logging in rather than having to remember the IP address.

Static IP Versus Dynamic IP

Most home internet service providers charge a fee for Static IP addresses. So it's likely that you may have a dynamic IP, which is subject to change from time to time. If you have a dynamic IP and can't connect from remote, you have to check to ensure that you are trying to connect to the correct IP address of your router.

A static IP will not change without some type of conscience configuration and intentions.

If you have a dynamic IP it's possible to use a ddns service (Dynamic Domain Name System) to assign a name that will automatically change the name to point to the new dynamic IP when it changes. There is a feature of most routers to configure it to use your DDNS service.

Trouble Shooting Alternatives

Internet Service Providers often blocks many common ports. It's often to protect the user from hackers and exploits. Sometimes it's to prevent the user from running certain services and to minimize bandwidth.

Whatever the purpose, you'll have to use an alternate port for your ssh server. This can be done by adding or changing the port the ssh server will listen to. You can do this by editing your /etc/ssh/sshd_config file.

Ubuntu uses port 1022 as an alternative when performing version upgrades from remote. This provides for a means to login into a recovery session if you loose connection. I used this same port in my example below. You can set it for any port that isn't currently being used for something different.

After changing the listening port on the server, be sure to change the port forwarding configuration in your router to the port the ssh server is listening to. Also be sure to test the new port configuration locally.

Change from:

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to

Change to:

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
Port 1022
# Use these options to restrict which interfaces/protocols sshd will bind to

After making sshd service configuration changes restart the sshd service with:

$ sudo systemctl restart sshd

The command to ssh into an alternate port:
(This command can be executed from any computer including the server itself for testing and logging into the port.)

$ ssh -p 1022 [email protected]

A website to test the way the ports are viewed from outside

You can verify your settings by connecting to this site:
http://www.canyouseeme.org.

16,352

BigBoy1337

I am trying to learn ruby on rails

Updated on September 18, 2022

Comments

BigBoy1337 almost 2 years

To clarify, this is ask:

I have a home computer running ubuntu. I want to be able to ssh into it from a remote location such as a cafe where I will bring a laptop.

My attempts thus far have been unsuccessful: I set up my router to forward port 22 to port 22 on my home computer's ip address. When I ssh@, I get connection refused.

I can't find an online comprehensive guide on how to do this. I know it involves setting a few things such as static IP address on the home machine, as well as router port forwarding. Past this, there are many questions such as how specifically to set the static IP (there seem to be several ways), what IP address to use, what port to forward on the router, what port to choose to forward to on the home ubuntu machine, ssh details when logging in via that particular port, etc.
- Apologician about 7 years
  
  I understand you are trying to ssh into your computer from a remote location. Before trying to connect from remote, are you able to connect, ssh, to your computer from home? A verification of this is the first step.
- BigBoy1337 about 7 years
  
  @L.D.James yes i can do that with ssh <user>@192.168.1.102 - the computer's internal ip address, not the router's external facing ip
- Simon Sudler about 7 years
  
  Try the following steps and post the output: ssh localhost (on your machine), ssh yourmachine (from your home network), ssh yourrouter (from external network). With the port forwarding from your router it should work...
- jmary about 7 years
  
  Install nmap, and look at the result of nmap -p 22 <your_router_external_ip>, it's likely your ISP who is blocking ports. If so, you may try to redirect external 1022 to internal 22 and connect with ssh -p 1022, no need to touch the ssh config, on the home computer.
BigBoy1337 about 7 years

with these steps, I try ssh@<my router ip found with whatismyip.com>, I get error: connection refused. 1 thing i didn't see in your steps - what is the port that I am using on my local computer? Is that also 22? In other words, I forward ssh requests on port 22 on the router ip to the interal computer ip on port 22?
jones0610 about 7 years

ssh will default to port 22 unless you expressly tell it to use a different port. Could be your modem/router (or your ISP) has a firewall blocking port 22. You can do a tail -f /var/log/syslog and watch it while you are trying to ssh in. This will give you more clues as to why the connection is being refused, assuming the request is actually getting to your ssh server,
Apologician about 7 years

@jones0610 I suspect the same thing. I was in the process of configuring this as a troubleshooting alternative step to add to the answer. It should be posted momentarily.
Apologician about 7 years

@BigBoy1337 From your comment it appears you have configured things correctly and are having problems that are from the port 22 being blocked by your ISP. I added steps in the answer to compensate for this.
A.J. Ruckman about 7 years

Some ISPs (like mine, Comcast) don't allow you to access your external IP from your LAN. Are you trying to SSH to your external IP from your home, or from another network? canyouseeme.org is a great way to check if your port is open to the outside world.
Apologician about 7 years

@BigBoy1337 My answer contains just about any problem that you could encounter with the steps for enabling and troubleshooting problems with ssh. Please check and specify any discrepancies you experience. I would like to add a resolution to whatever problem you find to the answer. Your test and verification will be an appreciated contribution back to the community. Thanks in advance for a comment. I have thoroughly explored and tested all possibilities that I think could go wrong. If I have missed something I would like to know.
Apologician about 7 years

@A.J.Ruckman I added your tested canyouseeme.org to the comprehensive troubleshooting and text included in the answer.
BigBoy1337 about 7 years

Awesome. Adding port 1022 was indeed necessary and now it works! It might be useful to add that sudo apt-get install openssh-server is necessary (especially to those who can't find their ssh config file). However, the premise of the question was that local login was already working which would require that step anyways
Apologician about 7 years

@BigBoy1337 Thanks for the testing and feedback. The sudo apt install openssh-server command wasn't included because the question was regarding enabling remote login. The name and location of the configuration file are included in the steps.
BigBoy1337 about 7 years

Unfortunately, now I am getting a request timeout when I try and ssh in from outside the network: ssh: connect to host 184.189.227.148 port 22: Operation timed out
Apologician about 7 years

This would have to be addressed from the server itself. What do you get when you run canyouseeme.org from the server (or from a computer within your local network), then specify the port that you are forwarding?
BigBoy1337 about 7 years

@L.D.James Thanks for the response. ill try that in a bit when I can get back onto my home network
BigBoy1337 over 6 years

@L.D.James I get Error. Error: I could not see your service on <home network IP address> on port (22). Same thing for port 1022. Still seems to be timing out. Sorry I'm just coming back to this now
Apologician over 6 years

Did you run canyouseme.org? It should be run from your local network. Type the two ports in the Port to Check box. Then click Check Port. Verify that you can get a Success response (in green) on the page. If there is a problem the response will be in Red. The next step for fixing the problem will be dependent on what you see after running the test. You'll have to fix it from the local machine first, then start working on the remote.