We can easily connect via ssh to the remote machine that has public IP.
But now I have a remote machine without public IP, and I need to connect to it from my machine that does have public IP. So that, remote machine should initiate this connection (add a client).
I need it because there is my grandfather on computer without public IP, and he needs help with his system sometimes.
In similar situation on Windows I’ve used VNC connection (by TightVNC), TightVNC server has an option “Add a client”: user just entered client’s IP (i.e. my public IP), my client is already in “listening mode”, and when “server” adds a client, connection is initialized.
So, is it possible to perform the same trick with SSH connection?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
By definition, the client is the one that initiates the connection.
For your problem, I think a simple solution would be building a reverse tunnel.
On the computer without public IP:
ssh -R 2222:localhost:22 <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ff9390989691b099ac9a8d899a8da8968b97af8a9d93969cb6afbf8f8a9d93969cb6af">[email protected]</a>
This connects to the server by SSH and builds a tunnel from the server with public IP on port 2222 to the computer without public IP on port 22 (SSH).
And then on the server:
ssh -p 2222 <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b7dbd8d0ded9f8d1f4d8dac7c2c3d2c5e0dec3dfd8c2c3e7c2d5dbded4fee7f7dbd8d4d6dfd8c4c3">[email protected]</a>
The connection is redirected from the port 2222 of the server to the port 22 of the computer by the first tunnel. You may want to use tool like autossh to make the tunnel more resilient (i.e. restart it automatically when it shuts down).
Method 2
To remove ambiguities of names such as remote, client, host, server, I created a diagram where Local PC (LPC-1) needs to SSH to Remote PC (RPC-2), both Local and Remote PCs are in their respective networks behind their routers with their public IP addresses. A user cannot modify the port forwarding settings of the remote Router, however, the user has access to the local router to modify the port forwarding setting.
[![How to SSH between two machines within their networks][1]][1]
- Local user account: userLPC1
- Remote user account: userRPC2
The above two commands translate to:
RPC2> ssh -f -N -T -R2222:localhost:22 42.48.128.49 LCP1> ssh -p 2222 <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ea9f998f98b8baa9d8aa8685898b868285999e">[email protected]</a>
However, the LPC1 is also behind a firewall i.e. Local Router (LR). Local Router (LR) can be confirmed to port forward 2222 to LPC1.
I doubt running ssh -p 2222 [email protected] on LPC1 will reach RPC2, since LPC1 is not on public network.
I am hoping somebody will use these diagrams to provide clearer steps to create an SSH session between LPC1 and RPC2.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0