davidtuti
Posts: 85
Joined: Tue Oct 22, 2013 6:21 am

Re: Accessing SSH outside local network

Tue Oct 29, 2013 9:19 am

Hi,

I setup my ssh to connect outside of my LAN.
My problem is that putty (and other ssh clients) freezes sometimes. For instance, I logged in and then I do a "ls -ltr" and only show partial contents, then freezes and after some time return the connection.

Could you help me please?
Thanks and sorry for my english!

Senka7
Posts: 39
Joined: Sun Oct 27, 2013 4:32 pm

Re: Accessing SSH outside local network

Tue Oct 29, 2013 3:31 pm

Need help with router forwarding, virtual server.
I have some server running on my rasp.
I can get access to my rasp in local network via Putty, just entering rasp local aadress.

I dont have Port Forwarding, i have Virtual Server in my Router> Firewall options.
I conf. my raspberry and it have Static DHCP, always the same IP.

Those are Virtual Server settings 192.168.0.77 is static IP for Rasp.
Image

I think i missing something

dover247
Posts: 1
Joined: Tue Apr 28, 2015 3:42 am

Re: Accessing SSH outside local network

Tue Apr 28, 2015 3:50 am

I'm still having trouble ssh to my pi , lets say mcdonalds wifi to my home pi . whats the command to be sure? i have fowarded the port already . ssh is always running. can someone troubleshoot me

User avatar
alexandra
Posts: 12
Joined: Thu Apr 23, 2015 4:36 pm

Re: Accessing SSH outside local network

Tue Apr 28, 2015 7:57 am

Try to use "rasp4you". This is a simple software that, without router port forward config,
allows to connect with ssh using a your domain name.

Site is http://www.rasp4you.com

User avatar
DougieLawson
Posts: 36337
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Accessing SSH outside local network

Tue Apr 28, 2015 8:24 am

Search on here for Weaved IoT it allows you to expose port 22 to the public internet.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

User avatar
Nfarrow
Posts: 47
Joined: Sat Dec 20, 2014 1:24 am
Location: Oklahoma, USA
Contact: Website Facebook Twitter YouTube

Re: Accessing SSH outside local network

Mon Jul 13, 2015 9:44 am

I tried a few things and ended up just using weaved.com it's free and really easy to install.
https://www.youtube.com/watch?v=xVEo2sP ... e=youtu.be
Twitter: @farrownick
Instagram veggievampire
I own a lot of Pis....

bomby
Posts: 9
Joined: Sun Feb 07, 2016 7:34 pm

Re: Accessing SSH outside local network

Sat Feb 13, 2016 6:43 pm

Weaved limits your access to 30 minutes only

If you want try ngrok , it is free!
http://www.instructables.com/id/Raspber ... /?ALLSTEPS

Just ignore this last part in step 3 and jump straight to step 4:
[email protected]~$./ngrok 80
Hope this helps everyone who wants to access SSH to their raspberry pi from other places like work, office etc

User avatar
IgorGanapolsky
Posts: 33
Joined: Sun Apr 10, 2016 8:32 pm

Re: Accessing SSH outside local network

Sat Apr 16, 2016 2:07 pm

Boezelman wrote:You need to "open" the ports in your modem/router.

For example:
You your Raspberry Pi's IP to forward port 22.
That doesn't answer how to obtain a public IP address through DNS translation...

User avatar
IgorGanapolsky
Posts: 33
Joined: Sun Apr 10, 2016 8:32 pm

Re: Accessing SSH outside local network

Sat Apr 16, 2016 2:16 pm

k4gbb wrote:Port forwarding is a tricky subject.
Google How to set up port forwarding and see what I mean.

:idea: If you intend to do a lot of remote access from outside your Home network you might want to consider subscribing to a Dynamic DNS service like NOIP or DYNDNS.
These services allow you to choose a URL that always points to the correct public ip address.
If I subscribe to DynDNS, do I have to still change port forwarding on my router?

drgeoff
Posts: 9902
Joined: Wed Jan 25, 2012 6:39 pm

Re: Accessing SSH outside local network

Sat Apr 16, 2016 3:29 pm

Getting a URL that points to the router's WAN address and port forwarding through the router are two entirely different things.

fwroller
Posts: 11
Joined: Sun Mar 06, 2016 11:58 am

Re: Accessing SSH outside local network

Sun Apr 17, 2016 1:11 pm

IgorGanapolsky wrote:If I subscribe to DynDNS, do I have to still change port forwarding on my router?
Yes. Dyn (a.k.a. DynDNS) will help to direct traffic to your Public IP Address, which essentially means to your modem and directly connected router. Port forwarding on your router will direct traffic on a specific port to the Local IP Address on your local network that you specify.

Regarding your Public IP address and keeping track of it, consider using xProDDNS. It's a Dynamic DNS client for Dyn, No-IP, OpenDNS and DNS-O-Matic. It's easy to configure and monitor thanks to mobile and full web user interfaces. It also provides realtime email and text message alerts. Raspbian is supported on the Raspberry Pi 2 and 3.

I'm a Raspberry Pi fan and the developer of xProDDNS. If you have any questions or suggestions about Public IP monitoring or Dynamic DNS, especially as they relate to xProDDNS, please pass them along.

killuaDev
Posts: 1
Joined: Sun Sep 04, 2016 7:02 pm

Re: Accessing SSH outside local network

Mon Sep 05, 2016 5:34 am

What username do you use in the ssh command <username>@<hostname>:<port> ?

uk_martin
Posts: 1
Joined: Thu Nov 17, 2016 12:47 pm

Re: Accessing SSH outside local network

Thu Nov 17, 2016 12:51 pm

Hi

I've been able to connect to my R-Pi, through my router, from my Android Phone using Juice. Can I use the same port forwarding to connect using either VNC and/or Microsoft's Remote Desktop client too, or is Port 22 a Telnet port only?

Crumbs
Posts: 20
Joined: Thu Jan 05, 2017 9:40 am

Re: Accessing SSH outside local network

Wed Mar 15, 2017 1:50 pm

IgorGanapolsky wrote:
k4gbb wrote:Port forwarding is a tricky subject.
Google How to set up port forwarding and see what I mean.

:idea: If you intend to do a lot of remote access from outside your Home network you might want to consider subscribing to a Dynamic DNS service like NOIP or DYNDNS.
These services allow you to choose a URL that always points to the correct public ip address.
If I subscribe to DynDNS, do I have to still change port forwarding on my router?
Yes. This is because DynDNS just allows you to use a stable domain name for your changing external IP address. You still need to forward SSH packets to the Pi's IP address on your LAN (which is not visible to the outside world).

Crumbs
Posts: 20
Joined: Thu Jan 05, 2017 9:40 am

Re: Accessing SSH outside local network

Wed Mar 15, 2017 2:02 pm

:geek: Connection refused or timed out.

I enabled the SSH using Raspian Configuration.
I have set up port forwarding.
I can SSH tp the pi from devices connected to my LAN internally, so I know the SSH server is working.
I forwarded TCP Port 22 to the Pi's address (10.1.1.6) port 22 but no luck.

Is there anything else I might have missed?
Is there anyway to troubleshoot port forwarding?
Thanks :)

drgeoff
Posts: 9902
Joined: Wed Jan 25, 2012 6:39 pm

Re: Accessing SSH outside local network

Wed Mar 15, 2017 2:32 pm

From your LAN point a browser at canyouseeme.org.

Check:

1. That the public IP address it shows for you is the same as what your router says.

2. That port 22 is open.

And in case you are trying to ssh to the public address from a device on your LAN, many routers do not permit that. Do your test from another location or use eg a 3G connection.

Crumbs
Posts: 20
Joined: Thu Jan 05, 2017 9:40 am

Re: Accessing SSH outside local network

Thu Mar 16, 2017 4:51 am

Thanks, that's a great troubleshooting tool.
The port was open. My outside IP address was wrong. The dynamic DNS I set up is not getting updates from the pi or the router and even when I update the address manually on no-ip.com, the domain name does not work. Well 10min later it decided to work (i guess there is some delay for the change to propogate to all the DNS servers...)
Using the ip address instead of the no-ip domain name does work. So, my problem is with getting the updates to no-ip. The router has a built in dynamic dns update client, and i also installed one on the pi. But neither seem to be working right now.
Thanks again for suggesting canyouseeme.org - a great tool to remember in future.

User avatar
DougieLawson
Posts: 36337
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Accessing SSH outside local network

Thu Mar 16, 2017 7:25 am

Try using https://dnsomatic.com/ to update your No-IP settings.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

K-hill
Posts: 1
Joined: Thu Apr 06, 2017 8:34 am

Re: Accessing SSH outside local network

Thu Apr 06, 2017 10:07 am

b_welding wrote: In fact when my PI boot, it is in dhcp mode and I changed the ipv4 address using ifconfig eth0 192.xxx.xxx.xxx.
After that, there were no default gateway set in route settings and the pi was unable to communicate with the internet. So perhaps my incomming messages came to the sshd server but the responses were not sent over the internet and I was not able to connect from the outside.
can you explain this further please? the part about no default gateway set in route settings

rhysperry111
Posts: 1
Joined: Tue Jun 27, 2017 10:40 am

Re: Accessing SSH outside local network

Tue Jun 27, 2017 10:42 am

U don't have to set up port forwarding at all, U can configure your raspberry pi to listen for ssh on port 80

stefanopi
Posts: 3
Joined: Fri Nov 03, 2017 1:51 pm

Re: Accessing SSH outside local network

Thu Nov 23, 2017 1:08 pm

check out this link:

http://www.raspberryanywhere.com/

Perhaps it can be of some help. I'v been using the service from several weeks and it works great!

gvelrajan
Posts: 1
Joined: Thu Feb 21, 2019 1:29 pm

Re: Accessing SSH outside local network

Thu Feb 21, 2019 1:43 pm

There are simple and easy ways to SSH into RaspberryPi from outside network using secure online services like SocketXP.

All you need to do is download a simple SocketXP web client and run it either on your RaspberryPi or on a laptop/sever in your home wireless network. The SocketXP client will create a unique public IP (sub-domain name) and a unique public port for you.

You can then SSH into your RaspberryPi using this Public IP (Sub-Domain Name) and public port, from the internet.

Read this blog to know more on how to use SocketXP Cloud Service to connect to your Raspberry Pi from outside network.

davidjin124
Posts: 1
Joined: Thu Aug 22, 2019 7:00 am

Re: Accessing SSH outside local network

Thu Aug 22, 2019 7:11 am

You'd usually need to jump through a lot of hoops, get an IP address, and tweak a few settings on your home router. Remote IoT service provides one method that skips all of that.

https://remoteiot.com

You may use their cloud platform to connect to your devices from anywhere.

ChajaShame
Posts: 1
Joined: Wed Nov 06, 2019 9:23 pm

Re: Accessing SSH outside local network

Wed Nov 06, 2019 9:37 pm

In search of some help...


I think I have understood most of the steps in this forum but my setup is like this:

1 Modem/Router
3 RPIs.

I have been able to use SSH and VNC connected to the local network but not sure how to configure this from outside.

My RPIs are reporting their current IP and the Routers IP periodically, so I can know their addresses despite all of them are changing everyday.

So my questions are:

1- how to do the Port Forwarding configuration?
2- can I choose any port number?

As you can see from my questions, I am not an expert in networks, but I have found where to do the Port Forwarding in my router (is called Virtual Server). Can you be specific to the info I have to set in the fields:

[NAME] [WAN PORT] [LAN IP] [LAN PORT] [PROTOCOL] [STATUS]

Thank you very much for your time

bls
Posts: 275
Joined: Mon Oct 22, 2018 11:25 pm
Location: Seattle, WA

Re: Accessing SSH outside local network

Thu Nov 07, 2019 12:50 am

POSitality wrote:
Sun Oct 28, 2012 11:30 pm
If we're talking about uber security, I recently read an article about an old concept...

http://en.wikipedia.org/wiki/Port_knocking

Seems like a nice, lightweight way to secure personal servers like the RPi.

Regards,

Andy
Out of paranoia, I played with port knocking. There are apps for just about all clients, and it worked pretty nicely. BUT, I found it a bit of a hassle to have to juggle things to knock and then ssh in a timely manner.

I found Google Authenticator to be a much better and (hopefully!) more secure solution. Here's how I install it on my pi:

Code: Select all

#!/bin/bash

apt-get install libpam-google-authenticator

echo "Updating /etc/pam.d/sshd..."
sed -i 's/@include common-auth/@include common-auth\
auth [success=1 default=ignore] pam_access.so accessfile=\/etc\/security\/access-local.conf\
auth required pam_google_authenticator.so/' /etc/pam.d/sshd

echo "Updating /etc/ssh/sshd_config..."
sed -i 's/ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config

cat >> /etc/security/access-local.conf <<EOF
# only allow from local IP range                                                                                                                 
+ : ALL : 192.168.xx.0/24                      # Change the IP subnet as required for your LAN
+ : ALL : 127.0.0.1
+ : ALL : LOCAL
- : ALL : ALL
EOF
After you've finished the above, there are a few final steps:

1) Install the Google Authenticator on your phone (iOS or Android, not sure about others)
2) On your Pi, log into the account that you want to log into from outside the LAN and enter: google-authenticator
3) When the QR code shows up on your Pi, use the Google Authenticator app on your phone to scan the QR code and add the new entry.
3) You'll be prompted to answer a few questions. Answer Y to all the questions EXCEPT for skew time question, which is the 3rd question AFTER QR and secret codes

That's it! Then, from outside your LAN, ssh in. You'll be prompted for the authentication code, which you can get from Google Authenticator on your phone.

A few other comments on this thread. As a few others have mentioned, DON'T use port 22 on your firewall, since half of the internet scans default service ports looking for holes. Enable, for instance, port 34567 on your firewall and forward it to port 22 on your Pi. If your firewall doesn't let you do this, it's probably an old firewall, and you might think about getting a new one.

On the remote system (outside your LAN), if you're using the ssh command, you can add a bit to ~/.ssh/config:

Code: Select all

Host nickname
     Hostname myhost.mydomain.com    #or Hostname ip.ad.dr.es
     User pi
     Port 34567
And then use 'ssh nickname' and it will use the correct port and username.

HTH

Return to “Networking and servers”