Page 1 of 1

RPi as SSH server

Posted: Sat Nov 28, 2015 10:07 am
by Stips
Hi guys i am trying to make my rpi ssh accessable from anywhere.
I did it over weaved https://www.raspberrypi.org/documentati ... taccess.md
but it doesnt always give me the same address, i need something static. Is it possible to make it fully static so that I set it on some address and thats it so that i dont have to update it when it changes, and is it posible to do it without third-party service like weaved

tnx guys

Re: RPi as SSH server

Posted: Sun Nov 29, 2015 1:22 pm
by fleebow8
You can portforward you router to have Port 22 open. Head over to http://portforward.com/ and find your router to get instructions for doing this. Than you can just ssh to your pi's new PUBLIC IP Address which you can find by googling on your pi what is my ip.

Re: RPi as SSH server

Posted: Sun Nov 29, 2015 1:26 pm
by kusti8
fleebow8 wrote:You can portforward you router to have Port 22 open. Head over to http://portforward.com/ and find your router to get instructions for doing this. Than you can just ssh to your pi's new PUBLIC IP Address which you can find by googling on your pi what is my ip.
And then to make it static use a DNS service.

Re: RPi as SSH server

Posted: Sun Nov 29, 2015 1:27 pm
by fleebow8
Yep exactly!

Re: RPi as SSH server

Posted: Mon Jan 04, 2016 1:55 pm
by Stips
kusti8 wrote:
fleebow8 wrote:You can portforward you router to have Port 22 open. Head over to http://portforward.com/ and find your router to get instructions for doing this. Than you can just ssh to your pi's new PUBLIC IP Address which you can find by googling on your pi what is my ip.
And then to make it static use a DNS service.
I port forwarded port 22 what now, what about DNS service, link for tutorial or something, so I supose that now i need external adress.

Re: RPi as SSH server

Posted: Wed Jan 06, 2016 12:06 am
by yoosi
Stips wrote:I supose that now i need external adress.
I use the following website to check my external IP address. https://ipv4.icanhazip.com/ It's even accessible from your terminal.

Code: Select all

curl https://ipv4.icanhazip.com/

Re: RPi as SSH server

Posted: Wed Jan 06, 2016 11:44 am
by drgeoff
Use a search engine to find dynamic DNS service providers. Some are free but others you need to pay for.

It does simplify things if you use one that your router has an inbuilt client for. If not, you need some code running on something on your LAN.

Re: RPi as SSH server

Posted: Wed Jan 06, 2016 12:00 pm
by topguy
More duscussions about dyndns services in this thread:
viewtopic.php?t=74385&p=533505

Re: RPi as SSH server

Posted: Fri Jan 08, 2016 3:33 am
by anita2r
Hi,

If you want to connect to your home system via ssh (I do that), then there are several situations that may apply:

1. Your ISP provides you access via a dynamic ip address. This means that your external ip address, that is the one that is accessible from the internet, may change. Often it remains the same for days, but your isp may renew it at intervals or it may be renewed when you disconnect your router/modem for some reason, such as the power going out. This leaves you with a new external ip address
In this situation, you can use a public (free or payable) dynamic DNS service, who keep a permanent external address for you by mapping your changing isp allocated address to a fixed one they provide - it is typically done with a 'www-type' name rather than a set of octets such as 111.222.333.456

2. You may be able to do something like this yourself by monitoring you external ip address at home and then emailing or texting yourself the new external ip address when it changes. You then connect to this new ip address, albeit with a a small delay.

3. You may be able to pay your isp to allocate you a fixed ip address - you get 111.222.333.456 and can always access your home using that ip address.

4. You have a dastardly isp who have decided to use double natting (sometimes known as carrier grade nat) where they allocate you an ip address that is NOT accessible from the internet. The ip address allocated is one of the private non-routable addresses, such as 192.168.123.456 They then aggregate users and only allocate external, internet-routable addresses at a concentration point on their system.

This situation means that you cannot use a 3rd party dynamic dns provider to give you an externally accessible ip address. Also the isp may not provide static ip addresses - even for a fee. And it doesn't work by texting or emailing yourself the allocated ip address because it's not directly accessible from the internet.

You guessed it - that's my isp.

In this case, as far as I can see, you have to use a third party VPN server service. Your home system contacts the third party, creating an outgoing route and your remote user also uses the same third party server again making an outgoing connection and the third party server makes a VPN connection between the two. Logmein Hamachi is just such a service.
Even if you don't need this service, Logmein Hamachi can be used instead of a dynamic dns service and makes your home server appear to be on a 'local' network with the remote machine.
LogMeIn's web page says 'LogMeIn Hamachi is a hosted VPN service that lets you securely extend LAN-like networks to distributed teams, mobile workers and your gamer friends alike. In minutes.' Go to http://www.LogMeIn.com Select - Products - LogMeIn Hamachi.
Logmein Hamachi currently offers a free service for I think up to 5 machines.

I am away from home, but I can browse my server's shares just as though I was at home (apart from being a lot slower).
I use ssh to connect over this arrangement so as to maintain privacy, and all connections to home use ssh tunnels.
I can connect to in-home ip cameras, various RPi's and a network storage device on my home network.

Regards

anita2R

Re: RPi as SSH server

Posted: Tue Jan 12, 2016 5:43 pm
by jmmec
anita2r wrote: 4. You have a dastardly isp who have decided to use double natting (sometimes known as carrier grade nat) where they allocate you an ip address that is NOT accessible from the internet. The ip address allocated is one of the private non-routable addresses, such as 192.168.123.456 They then aggregate users and only allocate external, internet-routable addresses at a concentration point on their system.

This situation means that you cannot use a 3rd party dynamic dns provider to give you an externally accessible ip address.

...snip...

anita2R
I'm in a similar boat: my Pi's are connected via a wireless internet provider that uses double nat. I'm located 150 miles away from the Pi's and need to access them remotely.

In my case, I already "lease" a web server with a static IPv4/IPv6 address for around $5/month since I have a few websites. My Pi's open reverse ssh tunnels to my web sever and keep them open; each uses a unique port# (e.g. 10001, 10002, ...). I use 'autossh' to make sure that the tunnels get re-established in case the ssh process dies; and also created a 'systemd' service to make sure the 'autossh' process gets restarted in case it dies.

When I need to connect to a remote Pi, I open a ssh tunnel from my local Linux machine to the web server, which essentially "connects" the two ssh tunnels together.

Here is a rough example for Pi #1 which uses port 10001:

A remote Pi opens a reverse ssh tunnel to my web server ([email protected]): this is established 24/7.

$ ssh -N -T -R 10001:localhost:22 -o ExitOnForwardFailure=yes -o ServerAliveInterval=300 -o ServerAliveCountMax=2 -o StrictHostKeyChecking=no -o BatchMode=yes -i /home/pi/.ssh/id_rsa [email protected]

Then from my local Linux box when I need to access the Pi above:

// Establish a tunnel to the web server with local port forwarding ([email protected]) for Pi #1:
$ ssh -f -N -T -L 10001:localhost:10001 -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -o "StrictHostKeyChecking=no" [email protected]

// Connect to the remote pi:
$ ssh -p 10001 [email protected]
$ sftp -P 10001 [email protected]

Regards

Re: RPi as SSH server

Posted: Sat Apr 16, 2016 5:49 pm
by Mivia
Stips wrote:Hi guys i am trying to make my rpi ssh accessable from anywhere.
I did it over weaved https://www.raspberrypi.org/documentati ... taccess.md
but it doesnt always give me the same address, i need something static. Is it possible to make it fully static so that I set it on some address and thats it so that i dont have to update it when it changes, and is it posible to do it without third-party service like weaved

tnx guys
I had the same goal with my Raspberry Pi, as I wanted to use it as a VoIP server and distribute the address of it for my friends to connect. It took some searching, but a i managed to find a free dynamic dns solution and set it up on the pi.
You can find the instructions on how to do it yourself here: http://blog.mivia.dk/free-dynamic-dns-for-raspberry-pi/