Forwarding SSH to multiple PCs on a network

Write tutorials here
There are more tutorials here http://community.linuxmint.com/tutorial/welcome
Forum rules
Do not start a support topic here please. Before you post please read this

Forwarding SSH to multiple PCs on a network

Postby marinu666 on Wed Aug 29, 2012 1:54 pm

First guide, so I will try to make it easy to follow, please feel free to ask me questions on anything that does not make sense.

The idea behind this guide is as follows:
You may have multiple computers on your network which you need access to from outside of your firewall/NAT (for example - through your router at home).

In my example I will use the subnet 10.168.0.1-254.

Here is my setup:
Code: Select all
Laptop: 10.168.0.3
Desktop: 10.168.0.8
Server A: 10.168.0.80
Server B: 10.168.0.90


I need access to all of the machines above from outside of my network. The obvious way of doing this is to first login to port 22 to whichever machine is exposed, say the desktop, then ssh to 10.168.0.80 from the desktop to the server.

The main problem with this is that you first have to go through the computer which is exposed to the outside. So for example: if you were living in a flat where your housemate was the forwarded computer on port 22 - then the problem you may face is that you may not have permissions to login to this machine, so therefore could not chain through ssh to your own machine.

So what we are going to do is setup SSH on all the machines on seperate ports - whilst still having the ssh server on port 22 active. This means when you are at home you can just ssh straight to them, and when you are outside you can use a different port.

For my example, I will set it up as follows - you can use any port that you like, just be wary the lower ports maybe used for other things (eg: 80 = httpd).
Desktop: 10.168.0.8, port 22 & 1000
Server A: 10.168.0.80, port 22 & 1020
Server B: 10.168.0.90, port 22 & 1030

Then i could use my external ip and a port to pick the machine i wanted to login to: eg: ssh xxx.xxx.xxx.xxx -p 1020 for Server A or ssh xxx.xxx.xxx.xxx -p 1030 for Server B.

To add a second port to the ssh to listen (or to change it FROM 22), execute the command sudo nano /etc/ssh/sshd_config or sudo gedit /etc/ssh/sshd_config for graphical editor.

A few lines down you should see:
Code: Select all
Port 22


Add a second line so it reads like this instead (where X = your desired second port)
Code: Select all
Port 22
Port 1020


You can then forward your second ports to the machines so that you can access them from the outside using the command
ssh [MACHINE] -p [PORTNUMBER]

Example: ssh http://www.linuxmint.com -p 1020, for port 1020 on the host http://www.linuxmint.com

IMPORTANT: Remember when you expose a machine to the outside world that there are nasty people... everywhere (honest)
Make sure your machine is protected by running fail2ban
sudo apt-get install fail2ban

Any questions please feel free to reply and ask :P I will help if I can.
~Tony
marinu666
Level 1
Level 1
 
Posts: 6
Joined: Sat Aug 25, 2012 9:35 pm

Linux Mint is funded by ads and donations.
 

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 6 guests