Stips
Posts: 6
Joined: Mon Jul 20, 2015 4:03 pm

RPi as SSH server

Sat Nov 28, 2015 10:07 am

Hi guys i am trying to make my rpi ssh accessable from anywhere.
I did it over weaved https://www.raspberrypi.org/documentati ... taccess.md
but it doesnt always give me the same address, i need something static. Is it possible to make it fully static so that I set it on some address and thats it so that i dont have to update it when it changes, and is it posible to do it without third-party service like weaved

tnx guys

fleebow8
Posts: 81
Joined: Sun Nov 09, 2014 4:07 pm

Re: RPi as SSH server

Sun Nov 29, 2015 1:22 pm

You can portforward you router to have Port 22 open. Head over to http://portforward.com/ and find your router to get instructions for doing this. Than you can just ssh to your pi's new PUBLIC IP Address which you can find by googling on your pi what is my ip.

User avatar
kusti8
Posts: 3439
Joined: Sat Dec 21, 2013 5:29 pm
Location: USA

Re: RPi as SSH server

Sun Nov 29, 2015 1:26 pm

fleebow8 wrote:You can portforward you router to have Port 22 open. Head over to http://portforward.com/ and find your router to get instructions for doing this. Than you can just ssh to your pi's new PUBLIC IP Address which you can find by googling on your pi what is my ip.
And then to make it static use a DNS service.
There are 10 types of people: those who understand binary and those who don't.

fleebow8
Posts: 81
Joined: Sun Nov 09, 2014 4:07 pm

Re: RPi as SSH server

Sun Nov 29, 2015 1:27 pm

Yep exactly!

Stips
Posts: 6
Joined: Mon Jul 20, 2015 4:03 pm

Re: RPi as SSH server

Mon Jan 04, 2016 1:55 pm

kusti8 wrote:
fleebow8 wrote:You can portforward you router to have Port 22 open. Head over to http://portforward.com/ and find your router to get instructions for doing this. Than you can just ssh to your pi's new PUBLIC IP Address which you can find by googling on your pi what is my ip.
And then to make it static use a DNS service.
I port forwarded port 22 what now, what about DNS service, link for tutorial or something, so I supose that now i need external adress.

yoosi
Posts: 9
Joined: Tue Jan 05, 2016 9:44 pm

Re: RPi as SSH server

Wed Jan 06, 2016 12:06 am

Stips wrote:I supose that now i need external adress.
I use the following website to check my external IP address. https://ipv4.icanhazip.com/ It's even accessible from your terminal.

Code: Select all

curl https://ipv4.icanhazip.com/

drgeoff
Posts: 9803
Joined: Wed Jan 25, 2012 6:39 pm

Re: RPi as SSH server

Wed Jan 06, 2016 11:44 am

Use a search engine to find dynamic DNS service providers. Some are free but others you need to pay for.

It does simplify things if you use one that your router has an inbuilt client for. If not, you need some code running on something on your LAN.

User avatar
topguy
Posts: 5756
Joined: Tue Oct 09, 2012 11:46 am
Location: Trondheim, Norway

Re: RPi as SSH server

Wed Jan 06, 2016 12:00 pm

More duscussions about dyndns services in this thread:
viewtopic.php?t=74385&p=533505

anita2r
Posts: 226
Joined: Sun Dec 23, 2012 6:55 pm
Location: Ottawa, Canada

Re: RPi as SSH server

Fri Jan 08, 2016 3:33 am

Hi,

If you want to connect to your home system via ssh (I do that), then there are several situations that may apply:

1. Your ISP provides you access via a dynamic ip address. This means that your external ip address, that is the one that is accessible from the internet, may change. Often it remains the same for days, but your isp may renew it at intervals or it may be renewed when you disconnect your router/modem for some reason, such as the power going out. This leaves you with a new external ip address
In this situation, you can use a public (free or payable) dynamic DNS service, who keep a permanent external address for you by mapping your changing isp allocated address to a fixed one they provide - it is typically done with a 'www-type' name rather than a set of octets such as 111.222.333.456

2. You may be able to do something like this yourself by monitoring you external ip address at home and then emailing or texting yourself the new external ip address when it changes. You then connect to this new ip address, albeit with a a small delay.

3. You may be able to pay your isp to allocate you a fixed ip address - you get 111.222.333.456 and can always access your home using that ip address.

4. You have a dastardly isp who have decided to use double natting (sometimes known as carrier grade nat) where they allocate you an ip address that is NOT accessible from the internet. The ip address allocated is one of the private non-routable addresses, such as 192.168.123.456 They then aggregate users and only allocate external, internet-routable addresses at a concentration point on their system.

This situation means that you cannot use a 3rd party dynamic dns provider to give you an externally accessible ip address. Also the isp may not provide static ip addresses - even for a fee. And it doesn't work by texting or emailing yourself the allocated ip address because it's not directly accessible from the internet.

You guessed it - that's my isp.

In this case, as far as I can see, you have to use a third party VPN server service. Your home system contacts the third party, creating an outgoing route and your remote user also uses the same third party server again making an outgoing connection and the third party server makes a VPN connection between the two. Logmein Hamachi is just such a service.
Even if you don't need this service, Logmein Hamachi can be used instead of a dynamic dns service and makes your home server appear to be on a 'local' network with the remote machine.
LogMeIn's web page says 'LogMeIn Hamachi is a hosted VPN service that lets you securely extend LAN-like networks to distributed teams, mobile workers and your gamer friends alike. In minutes.' Go to http://www.LogMeIn.com Select - Products - LogMeIn Hamachi.
Logmein Hamachi currently offers a free service for I think up to 5 machines.

I am away from home, but I can browse my server's shares just as though I was at home (apart from being a lot slower).
I use ssh to connect over this arrangement so as to maintain privacy, and all connections to home use ssh tunnels.
I can connect to in-home ip cameras, various RPi's and a network storage device on my home network.

Regards

anita2R

jmmec
Posts: 26
Joined: Thu Dec 31, 2015 11:13 pm

Re: RPi as SSH server

Tue Jan 12, 2016 5:43 pm

anita2r wrote: 4. You have a dastardly isp who have decided to use double natting (sometimes known as carrier grade nat) where they allocate you an ip address that is NOT accessible from the internet. The ip address allocated is one of the private non-routable addresses, such as 192.168.123.456 They then aggregate users and only allocate external, internet-routable addresses at a concentration point on their system.

This situation means that you cannot use a 3rd party dynamic dns provider to give you an externally accessible ip address.

...snip...

anita2R
I'm in a similar boat: my Pi's are connected via a wireless internet provider that uses double nat. I'm located 150 miles away from the Pi's and need to access them remotely.

In my case, I already "lease" a web server with a static IPv4/IPv6 address for around $5/month since I have a few websites. My Pi's open reverse ssh tunnels to my web sever and keep them open; each uses a unique port# (e.g. 10001, 10002, ...). I use 'autossh' to make sure that the tunnels get re-established in case the ssh process dies; and also created a 'systemd' service to make sure the 'autossh' process gets restarted in case it dies.

When I need to connect to a remote Pi, I open a ssh tunnel from my local Linux machine to the web server, which essentially "connects" the two ssh tunnels together.

Here is a rough example for Pi #1 which uses port 10001:

A remote Pi opens a reverse ssh tunnel to my web server ([email protected]): this is established 24/7.

$ ssh -N -T -R 10001:localhost:22 -o ExitOnForwardFailure=yes -o ServerAliveInterval=300 -o ServerAliveCountMax=2 -o StrictHostKeyChecking=no -o BatchMode=yes -i /home/pi/.ssh/id_rsa [email protected]

Then from my local Linux box when I need to access the Pi above:

// Establish a tunnel to the web server with local port forwarding ([email protected]) for Pi #1:
$ ssh -f -N -T -L 10001:localhost:10001 -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -o "StrictHostKeyChecking=no" [email protected]

// Connect to the remote pi:
$ ssh -p 10001 [email protected]
$ sftp -P 10001 [email protected]

Regards

Mivia
Posts: 3
Joined: Sat Apr 16, 2016 5:41 pm

Re: RPi as SSH server

Sat Apr 16, 2016 5:49 pm

Stips wrote:Hi guys i am trying to make my rpi ssh accessable from anywhere.
I did it over weaved https://www.raspberrypi.org/documentati ... taccess.md
but it doesnt always give me the same address, i need something static. Is it possible to make it fully static so that I set it on some address and thats it so that i dont have to update it when it changes, and is it posible to do it without third-party service like weaved

tnx guys
I had the same goal with my Raspberry Pi, as I wanted to use it as a VoIP server and distribute the address of it for my friends to connect. It took some searching, but a i managed to find a free dynamic dns solution and set it up on the pi.
You can find the instructions on how to do it yourself here: http://blog.mivia.dk/free-dynamic-dns-for-raspberry-pi/

Return to “Networking and servers”