Step by Step enable remote login to home ubuntu machine?
Now that you have verified the service works from the local network, you're ready to forward the ports from the router to go to the desired computer.
You can get (verify your computer's IP) the local IP address of your computer by running the following command. The output will be similar to this example, of which I'll use for the example in these steps.
$ hostname -I
192.168.1.5
You want to forward the ssh
port (port 22) in the router's configuration to the IP address of your server.
The Steps:
- Ensure ssh is working by testing it from the local network.
- Verify the Local IP address of your computer. This will be the IP of the
- Verify the Public IP address of your router (how it's seen from the outside).
- Forward the
ssh
port 22 (the tcp protocol) to the local IP address of your computer.
With those steps, you can now log into your computer using the public IP of the router from outside your network.
Some details for conveniences
You can setup a DNS to point to your router's public IP address so that you can conveniently use the name for logging in rather than having to remember the IP address.
Static IP Versus Dynamic IP
Most home internet service providers charge a fee for Static IP addresses. So it's likely that you may have a dynamic IP, which is subject to change from time to time. If you have a dynamic IP and can't connect from remote, you have to check to ensure that you are trying to connect to the correct IP address of your router.
A static IP will not change without some type of conscience configuration and intentions.
If you have a dynamic IP it's possible to use a ddns service (Dynamic Domain Name System) to assign a name that will automatically change the name to point to the new dynamic IP when it changes. There is a feature of most routers to configure it to use your DDNS service.
Trouble Shooting Alternatives
Internet Service Providers often blocks many common ports. It's often to protect the user from hackers and exploits. Sometimes it's to prevent the user from running certain services and to minimize bandwidth.
Whatever the purpose, you'll have to use an alternate port for your ssh server. This can be done by adding or changing the port the ssh server will listen to. You can do this by editing your /etc/ssh/sshd_config
file.
Ubuntu uses port 1022 as an alternative when performing version upgrades from remote. This provides for a means to login into a recovery session if you loose connection. I used this same port in my example below. You can set it for any port that isn't currently being used for something different.
After changing the listening port on the server, be sure to change the port forwarding configuration in your router to the port the ssh server is listening to. Also be sure to test the new port configuration locally.
Change from:
# Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to
Change to:
# Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 Port 1022 # Use these options to restrict which interfaces/protocols sshd will bind to
After making sshd service configuration changes restart the sshd service with:
$ sudo systemctl restart sshd
The command to ssh into an alternate port:
(This command can be executed from any computer including the server itself for testing and logging into the port.)
$ ssh -p 1022 [email protected]
A website to test the way the ports are viewed from outside
You can verify your settings by connecting to this site:
http://www.canyouseeme.org.
Related videos on Youtube
Comments
-
BigBoy1337 almost 2 years
To clarify, this is ask:
I have a home computer running ubuntu. I want to be able to ssh into it from a remote location such as a cafe where I will bring a laptop.
My attempts thus far have been unsuccessful: I set up my router to forward port 22 to port 22 on my home computer's ip address. When I ssh@, I get connection refused.
I can't find an online comprehensive guide on how to do this. I know it involves setting a few things such as static IP address on the home machine, as well as router port forwarding. Past this, there are many questions such as how specifically to set the static IP (there seem to be several ways), what IP address to use, what port to forward on the router, what port to choose to forward to on the home ubuntu machine, ssh details when logging in via that particular port, etc.
-
Apologician about 7 yearsI understand you are trying to ssh into your computer from a remote location. Before trying to connect from remote, are you able to connect, ssh, to your computer from home? A verification of this is the first step.
-
BigBoy1337 about 7 years@L.D.James yes i can do that with ssh <user>@192.168.1.102 - the computer's internal ip address, not the router's external facing ip
-
Simon Sudler about 7 yearsTry the following steps and post the output: ssh localhost (on your machine), ssh yourmachine (from your home network), ssh yourrouter (from external network). With the port forwarding from your router it should work...
-
jmary about 7 yearsInstall nmap, and look at the result of nmap -p 22 <your_router_external_ip>, it's likely your ISP who is blocking ports. If so, you may try to redirect external 1022 to internal 22 and connect with ssh -p 1022, no need to touch the ssh config, on the home computer.
-
-
BigBoy1337 about 7 yearswith these steps, I try ssh@<my router ip found with whatismyip.com>, I get error: connection refused. 1 thing i didn't see in your steps - what is the port that I am using on my local computer? Is that also 22? In other words, I forward ssh requests on port 22 on the router ip to the interal computer ip on port 22?
-
jones0610 about 7 yearsssh will default to port 22 unless you expressly tell it to use a different port. Could be your modem/router (or your ISP) has a firewall blocking port 22. You can do a tail -f /var/log/syslog and watch it while you are trying to ssh in. This will give you more clues as to why the connection is being refused, assuming the request is actually getting to your ssh server,
-
Apologician about 7 years@jones0610 I suspect the same thing. I was in the process of configuring this as a troubleshooting alternative step to add to the answer. It should be posted momentarily.
-
Apologician about 7 years@BigBoy1337 From your comment it appears you have configured things correctly and are having problems that are from the port 22 being blocked by your ISP. I added steps in the answer to compensate for this.
-
A.J. Ruckman about 7 yearsSome ISPs (like mine, Comcast) don't allow you to access your external IP from your LAN. Are you trying to SSH to your external IP from your home, or from another network? canyouseeme.org is a great way to check if your port is open to the outside world.
-
Apologician about 7 years@BigBoy1337 My answer contains just about any problem that you could encounter with the steps for enabling and troubleshooting problems with ssh. Please check and specify any discrepancies you experience. I would like to add a resolution to whatever problem you find to the answer. Your test and verification will be an appreciated contribution back to the community. Thanks in advance for a comment. I have thoroughly explored and tested all possibilities that I think could go wrong. If I have missed something I would like to know.
-
Apologician about 7 years@A.J.Ruckman I added your tested canyouseeme.org to the comprehensive troubleshooting and text included in the answer.
-
BigBoy1337 about 7 yearsAwesome. Adding port 1022 was indeed necessary and now it works! It might be useful to add that sudo apt-get install openssh-server is necessary (especially to those who can't find their ssh config file). However, the premise of the question was that local login was already working which would require that step anyways
-
Apologician about 7 years@BigBoy1337 Thanks for the testing and feedback. The
sudo apt install openssh-server
command wasn't included because the question was regarding enabling remote login. The name and location of the configuration file are included in the steps. -
BigBoy1337 about 7 yearsUnfortunately, now I am getting a request timeout when I try and ssh in from outside the network: ssh: connect to host 184.189.227.148 port 22: Operation timed out
-
Apologician about 7 yearsThis would have to be addressed from the server itself. What do you get when you run canyouseeme.org from the server (or from a computer within your local network), then specify the port that you are forwarding?
-
BigBoy1337 about 7 years@L.D.James Thanks for the response. ill try that in a bit when I can get back onto my home network
-
BigBoy1337 over 6 years@L.D.James I get Error. Error: I could not see your service on <home network IP address> on port (22). Same thing for port 1022. Still seems to be timing out. Sorry I'm just coming back to this now
-
Apologician over 6 yearsDid you run canyouseme.org? It should be run from your local network. Type the two ports in the
Port to Check
box. Then clickCheck Port
. Verify that you can get aSuccess
response (in green) on the page. If there is a problem the response will be in Red. The next step for fixing the problem will be dependent on what you see after running the test. You'll have to fix it from the local machine first, then start working on the remote.