Hi Folks,
I hope this isn't an annoying, repetitive question. I've searched a bit but can't find anything that gives a simple functional description of how-to:

I want to be able to ssh into my SuSe9.3 machine from a home network and/or from a mobile laptop. I connect to the world via a linksys router going to a cable modem. Something fairly typical I would imagine.

This can't be _too_ complicated a request, right?? Links to the procedure, or even jeers of my inferiority (as long as there is some useful content!) are welcome. I'm forced to use a linux/unix environment for work, but I'm in no way an "I compile from scratch every other day" user.

Cheers!
nick

Hi Folks,
I hope this isn't an annoying, repetitive question. I've searched a bit but can't find anything that gives a simple functional description of how-to:

I want to be able to ssh into my SuSe9.3 machine from a home network and/or from a mobile laptop. I connect to the world via a linksys router going to a cable modem. Something fairly typical I would imagine.

This can't be _too_ complicated a request, right?? Links to the procedure, or even jeers of my inferiority (as long as there is some useful content!) are welcome. I'm forced to use a linux/unix environment for work, but I'm in no way an "I compile from scratch every other day" user.

Cheers!
nick



The managment software on your linksys router (I don't have one and I've never used one), should have some sort of port forwarding capability. Basically, you'll want to forward port 22 on the public IP of the router to port 22 on your internal PC. Then you can ssh to port 22 on your public IP and have it forward to port 22 on your desktop. You'll have to consult your linksys documentation on how to set this up. If your public IP is dynamically assigned, it can be annoying when your provider switches your IP. I use homedns.org to track my public IP, so when Cox changes my IP a daemon on my firewall automatically updates it automatically on an external DNS. I don't know if a similar client/system is available for Linksys routers, but it's worth a look.

voidinit does a great job of explaining a way to get TO your machine from the outside. I was wondring if you even have sshd running ( the secure shell server) on your home computer? Please post back, as I am tired of guessing if anyone actually gets any solutions on this board.

For finding your IP when your ISP uses DHCP and does not give you a static IP, I've made a short little cron job that will check the public IP address and send an email if it has changed.
There's also a quick little howto to set this up at the bottom of this page (http://www.paradoxinc.net/linux.htm)
just be sure to edit the IP_DIR and FROM_MAIL and TO_MAIL values at the begining to match your environment.

There's also a couple other examples of simular scripts people have made on the forums here.

And for forwarding port 22, that works but I suggest changing the port off SSH to something non-standard and unique. Before I changed mine I was getting hundreds of hack/exploit/crack attempts a day. It can be changed in the sshd.conf file and whe connection use "-P 'port#'" and you'll never know the difference :)

Hi, thanks for the help everyone! I've come a long way and have things running fairly well. Here's a short run-down of what I needed to do to get things going:

To ssh into machines within my local network:
-Run /sbin/ifconfig -a on each machine to find the local IP address for each machine.

-From Yast2 > System > Runlevel/System Services, ensure that sshd is enabled at startup.

-yast > "security and users" > firewall > "allowed services". Add external ssh to the list. Suse9.3 runs its own firewall at startup as a default. I'm not sure if having it enabled is redundant, since I'm behind a router to begin with?

Now I can ssh into a local machine using: ssh me@machine's_ip_address

(a question here - is there a way to create an alias for the local ip address? For example, use ssh me@hostname instead of spelling out the ip address each time?)

To get in from outside the local network, I had to go into the linksys router's setup, using the router's ip in a web browser (which is in the router manual).

Under "applications and gaming" > "port range forward"
add ssh to port 22 and write in the internal ip for the machine to be logged
into.

Determine my external ip address (which is dynamic, I'm checking out Icarus' script to be able to track the changing external ip address).

Now I can ssh into my home machine from anywhere using: ssh me@external_ip_address

*one caveat, the sshd_config script defaults to allow root to login remotely.
Bad idea! Change the line: PermitRootLogin to "no".

I'm still amazed it works. Now, for some security tips...

I like the idea of changing the ssh port number. I'm trying to get this
working. So far I tried changing the forwarding port in the router and the
"port 22" line in the sshd_config file, but using ssh -P port# just hangs.
Any tips on how to get this going?

Also, any other general ways of making things more secure now that I have a port
hanging open for all to see?

Cheers!
nick

Ah, just answered one of my own questions -
To set up aliases for IP's use:
yast > network services > host names

Enter the ip's of hosts to ssh and associate them with an alias. Very easy! I'm sure this is trivial to most, but there must be a couple others who could benefit...

nick

I like the idea of changing the ssh port number. I'm trying to get this
working. So far I tried changing the forwarding port in the router and the
"port 22" line in the sshd_config file, but using ssh -P port# just hangs.
Any tips on how to get this going?
Just forward e.g. port 4422 on your router to port 22 on your linux box. Then connect to your router from external net by issuing e.g. 'ssh -P 4422 [your IP here]'.

and it's a lower case p, not upper as I put mistakenly :o