[Techtalk] {SPAM 05.1} Re: Problem with tunneling SSH
James Sutherland
j at sutherland.pw
Thu Jul 12 09:18:28 UTC 2018
On 12/07/2018 10:02, David Sumbler wrote:
> Sorry it has taken me a while to respond to your messages; I was away
> cycling in Scotland until yesterday.
You timed that well - it's pouring with rain here now, after a long
heatwave!
The problem here is she's behind 'NAT', sharing a single IP address with
everyone on that network - outgoing connections will work fine, but
nothing can come back in, since her computer isn't set up as a server on
their router. When you try connecting to the public IP address, the
router doesn't know which machine to forward the request to: like trying
to return a call to a company switchboard, instead of a direct dial number.
TeamViewer sets up a tunnel of its own behind the scenes, connecting to
their own servers to get around this.
If you have a server of your own, you can set up the same sort of thing
with ssh - run this command on *her* machine, to connect to yours
(138.47.99.99 in this example):
ssh -R 19999:localhost:22 sourceuser at 138.47.99.99
That sets up port 19999 on your machine, tunnelled back to SSH on hers,
so you can then SSH to her from that machine any time with:
ssh her at localhost -p 19999
Initially it will ask for your password on her machine; to fix that, on
that machine (presumably via TeamViewer):
ssh-keygen
ssh-copy-id david at 138.47.99.99
(This creates an encryption key on her machine, then copies that to the
account david at 138.47.99.99 to be used for logging in instead of a
password in future: once that's done, the 'ssh -R' command above should
run without any password needed.)
James.
More information about the Techtalk
mailing list