Home  ›  If I Move My Router Do I Have to Set It Up Again Reddit

If I Move My Router Do I Have to Set It Up Again Reddit

Written By segunda-feira, 21 de março de 2022 Add Comment Edit

Zach Duey

How to Ready an SSH Server on a Dwelling Computer

Effectually 18 months ago, I built a desktop computer and so I would have a fiddling more firepower at my fingertips when I needed information technology. My hope was to avoid having to pay for cloud computing services during Kaggle competitions and other side projects. Early on, I realized that information technology would be nice to be able to use this auto remotely, so I found a few resource for setting up your home PC as an SSH server. Notwithstanding, I was not able to notice a single resource that provided enough groundwork data that I was not simply copy/pasting the commands.

Although no advanced noesis of any detail topic is required to set up your own SSH server, there are many concepts to get your head around. I will explain more than detail below, but the short version is that an SSH server is a procedure running on your estimator that waits for exterior computers to request admission via a specific port, authenticates that user, and and so allows access to the figurer. If half of those terms do not make sense, do not worry. I was in the same position when I start tried getting fix upwardly. Here is a quick list of the concepts/terms that we will cover:

  1. Server
  2. SSH
  3. Network Address Translation
  4. Public/Private IP Addresses
  5. Ports
  6. Port Forwarding
  7. Public/Private Primal Authentication

I use Ubuntu fourteen.04 LTS as my operating system, however, the steps will be similar on any unix-similar platform. To follow along, be sure to have access to the following:

  1. The unix-based reckoner that will host the SSH server
  2. A unlike computer to test the remote connectedness to the server
  3. Access to a different network than the one to which your host machine is connected (optional, but recommended)

For the purposes of this guide, 'host' will indicate the reckoner running the SSH server, while 'customer' volition refer to any computer requesting access to the host. At i point in this guide, your host figurer volition besides exist a client.

Initial Setup

SSH stands for "secure socket shell" and is what volition allow the states to establish a secure connectedness between two computers. Our stop goal is to be able to issue commands from a client motorcar that are executed past the host motorcar. For a more thorough coverage of SSH, take a look at this neat guide by Digital Ocean.

The term "server" is frequently used a scrap loosely. Here, we mean past the term is a process running on a calculator that is tasked with managing access to a computer's resources over a network. We will be installing the openssh-server application, which volition allow united states of america to run an SSH server on our machine that will handle requests for access to the host reckoner from other devices.

Start by updating your system packages:

Install the openssh-server application and customer. You should also install the openssh-client on machines that will be used every bit clients.

            sudo apt-get install openssh-client sudo apt-become install openssh-server

You lot should now take an SSH server process running on your motorcar. Bank check with the post-obit:

Yous should see something like:

For those of you who re-create/pasted the above command (something I take certainly been guilty of), y'all will acquire a lot more by taking the time to expect up any commands you lot practice non recognize. If you are new (or just desire a refresher on) to crush commands, check out the Learn the Command Line course from Code Academy.

Cheque that yous can 'login' to the host motorcar from the host machine, i.e. your host motorcar is as well the client in this case.

Move effectually a little in the shell (cd, pwd, etc.) to make sure that everything works and and so type "get out" to end the session.

Adjacent, we will connect using a true 'client' machine. For this to work, brand certain that your client machine is on the aforementioned network every bit the server. If you are following forth from your domicile or work wifi network, you lot should be all set.

Get-go past determining the IP address of your host machine by listing information about the network interfaces on your automobile.

Yous should run into entries for 'eth0' and 'lo', besides as some other entries if y'all take installed a wireless menu on your desktop. If your host machine is connected to the network via an ethernet cablevision, utilize the address associated with the "eth[number]" entry. If you are connected via wifi, employ the "wlan[number]" entry. If y'all want to see just the listing of IP addresses for the devices, you can use:

            ifconfig | grep "inet addr"

Next, try logging in from the customer car using that IP accost:

Y'all should be prompted for the password of the account you used in your ssh command. For security reasons, the characters will not exist displayed in the vanquish. If successful, you should meet a "Welcome to Ubuntu 10.Ten.X" bulletin or something similar depending on your OS.

This is a bit more useful than our previous examination, but it still does not solve our initial problem of being able to access the automobile from outside the aforementioned network. Go ahead and try information technology out if you have the power to connect your client machine to a dissimilar network than your host machine.

A quick option if you accept a trivial data to spare on your cellular plan is to plough on tethering and connect your client machine to that network, while your host auto remains on the other network. Once you are on this split network, attempt that ssh control over again:

Most likely, y'all will notice that the control hangs so eventually times out. Become ahead and disconnect from this other network and we will finish with the last step of the setup. Just get-go, we volition take a second to cover a few more groundwork concepts that will make this next stride clearer.

NAT and Public/Private IP Addresses

It may be surprising, but the internet is only able to handle a finite number of users being on line at a single fourth dimension. In a world where nearly every electronic device has access to the net, it is possible to get close to the theoretical maximum. In order to circumvent this problem, Network Address Translation (NAT) was created to allow a ready of devices on a private network to share a single IP accost. On the private network, each device receives its own private IP accost. For example, the IP address you establish above with "ifconfig" is the private IP address of your computer on your local network.

Whatsoever time you acess a web page from one of the devices on your home network, the asking is routed (hence the term router) through an NAT device, which translates the private IP accost into a asking using the public IP address assigned to the router by your Isp. This is the IP address yous will ultimately need to employ when connecting from outside your local network. Go ahead and determine your public IP address by going to www.whatsmyip.org. You should see something in the form of XX.XX.Thirty.XXX. You may be tempted to endeavor that ssh command once more with this accost, but in all likelihood it even so will non piece of work.

Although NAT solves the device-limit problem, it adds a layer of complication to setting upwardly a home computer to accept SSH connections. When a client auto sends a request to connect to the public IP address, your router does not know which of the devices on your private network the request is meant for. Luckily, the solution is usually straightforward and involves setting up 'port fowarding' on your router. Bear with me every bit we continue downwards the terminology rabbit hole and go over ports. Feel costless to skip ahead if y'all are already familiar with the concept.

Ports and Port Fowarding

Although computers accept a diversity of physical ports that most people are familiar with (USB, HDMI, VGA, etc.), the ports I am referring to here are networking ports and are logical, not physical. When you showtime a server (i.east. the SSH server you lot just set up in the previous steps), you bind information technology to i of these logical ports. The procedure and so 'listens' for messages sent to this port by other programs (either internal or external). Each port has a number and some of these numbers are reserved for use by specific types of services. Every bit an example, servers handling HTTP request use port 80 as the default. When you lot access a web page via a URL, you are really sending a message to an HTTP server at port lxxx for a specific resources (web page or other content) that is managed past that service. In general, port 22 is used for the SSH service.

In this context, port forwarding means telling your router to forward requests fabricated using a specific port to a item device on your private network. It is so the responsibleness of that device to handle the request. You lot may be wondering: why don't only send the request straight to the computer via the private IP address and avoid all of this port forwarding nonsense? Like the proper noun implies, these IP addresses are private, so once you are on a different network, the internet-at-big has no knowledge of this private IP address and therefore the request to connect will fail.
Every router is a little chip dissimilar when it comes to setting up port forwarding. This may sound like a cop out, only honestly, your all-time bet is to look up directions for your specific router. For instance, hither are instructions for an AT&T router and Comcast XFINITY. In full general, yous will demand to accept the following actions:

  1. Log in to your router's admin folio
  2. Navgiate to the page for adding a service (SSH is normally one of the default options)
  3. Select or enter the port number where requests volition be made (22 by default for SSH)
  4. Select or input the private IP address you found earlier of your host machine
  5. Salve the updated settings

Now, we can echo our ssh command using the public IP address and that request should be redirected by our router to our host machine. Connect back to that outside network and try:

            ssh username@[public IP address]

You should again be prompted for your host machine countersign and then admitted access.

More Secure SSH Server Configuration

For this final department, nosotros will be making some changes to the configuration settings for our SSH server. On Ubuntu, these settings are located in the /etc/ssh/sshd_config file. A couple of quick notes:

  • To edit this file, you volition need to open it as a super user
  • Any time y'all update the config settings, you need to restart the SSH server to have them take effect

When a running SSH server receives a request over port 22 (or whatever port it is leap to), it must check that the requesting user has permission to access the computer. This can exist done with a countersign, however, it is considered much more secure to use public key authentication. Public fundamental cryptography works past having a user generate a public fundamental that can be given to anyone, while keeping the individual cardinal hidden. Authentication works past using the public key (made bachelor past the user to the process doing the hallmark) to verify that the requesting user (whose request to access the service is encrypted using their private key) matches a user who is allowed access. In one case this connectedness is established, more efficient methods of information encryption/decryption are used to transfer the keystrokes and other information using this secure connection.

If y'all have not already done and so, y'all will demand to generate a public/private primal pair to apply when logging in to your machine. Notation that yous volition need to do this on whatsoever device you wish to be allowed access to your SSH server. There are a number of good guides out at that place for doing this, so to avoid re-inventing the wheel, I advise following the Ubuntu Instructions

Now that you have those keys ready, we volition enable public key hallmark on the SSH server. Open the sshd_config file as a super user for the adjacent set up of steps and start past changing:

            PasswordAuthentication yes

to

            PasswordAuthentication no

This will prevent users from beingness able to admission the server with a password, which will assistance against a brute force set on that attempts to guess the password. Another recommendation is to change the port that the SSH service uses. Within your config file, comment out the existing port specification and choose a new port.

            # Port 22 Port [new port number]

Recollect, based on an before step, your router will still attempt to send SSH requests to port 22, then you will need to get back into your router's config settings and update the port number for the SSH service. If you are on a auto with multiple user accounts, y'all can also limit which users are allowed to log in through SSH. At the bottom of the config file add together:

            AllowUsers [user1] [user ii] ...

Y'all can besides deny specific users and add together/deny groups, however, information technology is unlikely that y'all volition demand to exercise this for a home estimator.

Adjacent, disable root login via SSH past changing:

            PermitRootLogin without-password

to

Across disabling password logins, you can likewise prevent animate being forcefulness attacks past limiting the number of concurrent connections to the SSH server. For a home estimator, go on this number low past changing:

to

With an SSH connection, you lot tin can tunnel graphical windows. If you do non plan to use this ability,then get ahead and shut information technology off past irresolute

to

In addition to forwarding windows, you can as well forward ports via SSH. For example, if you had a spider web server running on port lxxx on your host machine, you could forward that port to a port on your client machine. This can be handy, merely if you do non plan on using this ability, so disable it until you lot have a need for it since it can be used maliciously.

In that location are a bunch of other settings in the ssh_config file, but I do not recommend irresolute the defaults unless y'all have a good reason to practice then. While the suggested changes will add some security to your server, there are many additional ways to add security. In fact, they probably deserve a post of their own, but I will salve that for another time.

Thanks for taking the fourth dimension to read through this and please feel gratis to let me know if anything is unclear. This post originally appeared on my personal weblog.

External Resources

  • Digital Body of water SSH Essentials
  • Ubuntu SSH Configuration Guide
  • Ubuntu Public/Private Keys Guide
  • Secure SSH Configuration

franksbegist.blogspot.com

Source: https://dev.to/zduey/how-to-set-up-an-ssh-server-on-a-home-computer

0 Response to "If I Move My Router Do I Have to Set It Up Again Reddit"

Postar um comentário

Assinar: Postar comentários (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel