How to establish ssh from remote firewalled PC to local machine, enabling local browsing on remote LAN
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to establish ssh from remote firewalled PC to local machine, enabling local browsing on remote LAN
Apologies if the terminology is incorrect, suggestions for better thread title welcome.
I administer (a grand word for my amateur efforts) a server (oakdrum) on a friend's (christine) LAN, which is used to backup her laptop (x1-laptop), and for syncthing, DLNA server, samba etc.
She lives 500 miles from me. After initial setup at her house with physical access, I setup port forwarding on her router so that I could ssh into (oakdrum), and (x1-laptop) for remote assistance via vnc. Having done so, I could also access the web GUI (no telnet or ssh available) of her router from my machine (lutyens) with:
Manual proxy configuration:
SOCKS Proxy 127.0.0.1 Port 24080
check the box for "SOCKS v5"
... then access her router GUI at 192.168.1.1 on my local machine (lutyens)
This week after a fault her ISP sent her a new router. She's tech-phobic, but swapped it out plug for plug with the broken one. She has WAN access with the default config of course, but (oakdrum) has a different IP so her backup doesn't work, and now I can't get to her LAN.
The limit of her capability is copy pasting a string in the terminal.
assume:
I will temporarily forward port 33022 on my firewall to port 22 on my machine, and enable password only ssh login.
My username on my machine (lutyens) is nedlud.
My dynamic dns is nedlud.dyndns.net
I'm after the cli string that she can use on her laptop (x1-laptop) to ssh to my machine (lutyens), and anything I need to run on (lutyens), such that I can browse to her router config page, and re-establish port forwarding.
Much of that can actually be put in her ~/.ssh/config file so that she only has to type a 'ssh lutyens' or some other shortcut, and that can in turn be put in a script for a .desktop file to click on. For example:
Yes, that'd be the way to go. Have her system connect to yours using -R option.
Thank you very much. Hoping it will go well and quickly when I do it for real, I have practised this from my laptop (on public wifi) to simulate, and a VM on my main machine, which I'll use for the real exercise, to avoid exposing my main machine, enabling password ssh, having to provide/change my password etc.
The only things I had to tweak were adding her username when setting up the tunnel for the browser, and specifying the port.
Substituting what worked in my practice run with the dummy hosts and users in the OP, this worked:
Manual proxy configuration:
SOCKS Proxy 127.0.0.1 Port 24080
check the box for "SOCKS v5"
...browse "from" (x1-laptop), proved by visiting whatismyip.com.
So I'm confident that when I do this for real, I'll be able to access her router admin page, which is what I need to achieve. Don't think I'm missing anything, and I'll mark as solved when it's done.
Just a FYI that you have posted your real username and URL which essentially points a neon target at your server. Changing ssh ports is not a real deterrent.
Just a FYI that you have posted your real username and URL which essentially points a neon target at your server. Changing ssh ports is not a real deterrent.
Thanks Michael, Good of you to take the trouble. However all host names, usernames and ports in my OP are dummies, though accurately describing the commands entered.
I hope to do this thing this evening, and assuming it's successful, I'll add a post describing everything, with "generic specifics", if that makes sense.
I've not a lot of direct experience with ssh tunneling myself... but would having something like tailscale installed on the respective machines help at all? That way they can all 'see' each other on a flat VPN network, with no port forwarding at the router level. Seems like it'd be near ideal for a use case like this...
I'd strongly recommend that the OP go back through his original post and redact the host names and other potentially exposing information. It seems to me that the OP would be best served by investing in some high-quality uninterruptible power supplies a couple of good brands are CYBERPower and APC the latter of which is a synder electric product line.
I've not a lot of direct experience with ssh tunneling myself... but would having something like tailscale installed on the respective machines help at all? That way they can all 'see' each other on a flat VPN network, with no port forwarding at the router level. Seems like it'd be near ideal for a use case like this...
Thanks for the suggestion, but I don't want to use anything needing third party server, or proprietary (especially with it's roots in Google) if I can help it. I usually use vnc over ssh to provide remote assistance to (christine) so she has to do literally nothing to set up the connection. I'm experimenting with self hosted RustDesk, but haven't figured out how the ssh keys work yet.
Quote:
Originally Posted by friendlysalmon8827
I'd strongly recommend that the OP go back through his original post and redact the host names and other potentially exposing information.
It seems to me that the OP would be best served by investing in some high-quality uninterruptible power supplies a couple of good brands are CYBERPower and APC the latter of which is a synder electric product line.
I'm not seeing how that's directly relevant?
Christine won't be ready to do this for a few days, and when it's done I'll post full details.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.