[Techtalk] {SPAM 05.1} Re: Problem with tunneling SSH

James Sutherland j at sutherland.pw
Thu Jul 12 09:18:28 UTC 2018


On 12/07/2018 10:02, David Sumbler wrote:
> Sorry it has taken me a while to respond to your messages; I was away
> cycling in Scotland until yesterday.

You timed that well - it's pouring with rain here now, after a long
heatwave!

The problem here is she's behind 'NAT', sharing a single IP address with
everyone on that network - outgoing connections will work fine, but
nothing can come back in, since her computer isn't set up as a server on
their router. When you try connecting to the public IP address, the
router doesn't know which machine to forward the request to: like trying
to return a call to a company switchboard, instead of a direct dial number.

TeamViewer sets up a tunnel of its own behind the scenes, connecting to
their own servers to get around this.

If you have a server of your own, you can set up the same sort of thing
with ssh - run this command on *her* machine, to connect to yours
(138.47.99.99 in this example):

ssh -R 19999:localhost:22 sourceuser at 138.47.99.99

That sets up port 19999 on your machine, tunnelled back to SSH on hers,
so you can then SSH to her from that machine any time with:

ssh her at localhost -p 19999


Initially it will ask for your password on her machine; to fix that, on
that machine (presumably via TeamViewer):
ssh-keygen
ssh-copy-id david at 138.47.99.99

(This creates an encryption key on her machine, then copies that to the
account david at 138.47.99.99 to be used for logging in instead of a
password in future: once that's done, the 'ssh -R' command above should
run without any password needed.)


James.



More information about the Techtalk mailing list