Forwarding SSH to multiple PCs on a network

Write tutorials here
There are more tutorials here
Forum rules
Please don't add support questions to tutorials,start your own thread in the appropriate sub-forum instead. Before you post please read this
Level 1
Level 1
Posts: 6
Joined: Sat Aug 25, 2012 9:35 pm

Forwarding SSH to multiple PCs on a network

Postby marinu666 » Wed Aug 29, 2012 1:54 pm

First guide, so I will try to make it easy to follow, please feel free to ask me questions on anything that does not make sense.

The idea behind this guide is as follows:
You may have multiple computers on your network which you need access to from outside of your firewall/NAT (for example - through your router at home).

In my example I will use the subnet

Here is my setup:

Code: Select all

Server A:
Server B:

I need access to all of the machines above from outside of my network. The obvious way of doing this is to first login to port 22 to whichever machine is exposed, say the desktop, then ssh to from the desktop to the server.

The main problem with this is that you first have to go through the computer which is exposed to the outside. So for example: if you were living in a flat where your housemate was the forwarded computer on port 22 - then the problem you may face is that you may not have permissions to login to this machine, so therefore could not chain through ssh to your own machine.

So what we are going to do is setup SSH on all the machines on seperate ports - whilst still having the ssh server on port 22 active. This means when you are at home you can just ssh straight to them, and when you are outside you can use a different port.

For my example, I will set it up as follows - you can use any port that you like, just be wary the lower ports maybe used for other things (eg: 80 = httpd).
Desktop:, port 22 & 1000
Server A:, port 22 & 1020
Server B:, port 22 & 1030

Then i could use my external ip and a port to pick the machine i wanted to login to: eg: ssh -p 1020 for Server A or ssh -p 1030 for Server B.

To add a second port to the ssh to listen (or to change it FROM 22), execute the command sudo nano /etc/ssh/sshd_config or sudo gedit /etc/ssh/sshd_config for graphical editor.

A few lines down you should see:

Code: Select all

Port 22

Add a second line so it reads like this instead (where X = your desired second port)

Code: Select all

Port 22
Port 1020

You can then forward your second ports to the machines so that you can access them from the outside using the command

Example: ssh -p 1020, for port 1020 on the host

IMPORTANT: Remember when you expose a machine to the outside world that there are nasty people... everywhere (honest)
Make sure your machine is protected by running fail2ban
sudo apt-get install fail2ban

Any questions please feel free to reply and ask :P I will help if I can.

Return to “Tutorials”