Author Topic: Remotely ssh into a machine behind LMCE router  (Read 9028 times)

purps

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1402
  • If it ain't broke, tweak it
    • View Profile
Remotely ssh into a machine behind LMCE router
« on: June 13, 2012, 12:56:17 pm »
Have spent a lot of time researching this, and am struggling to sort fact from fiction, so thought I would ask my friends at LMCE.

I can ssh into my core using my no-ip IP address no problem, and I can ssh into my desktop from there (which sits on the internal LMCE network).

What I would like to do is remotely ssh into the desktop directly. I undertand this involves me forwarding ports on the router, but I am struggling to put the theory into context.

Could anybody tell me what I have to do to set this up in web admin, and the ssh command I would have to issue? I think I just need a real example to get my head round this.

Cheers,
Matt.
1004 RC :: looking good :: upgraded 01/04/2013
my setup :: http://wiki.linuxmce.org/index.php/User:Purps

purps

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1402
  • If it ain't broke, tweak it
    • View Profile
Re: Remotely ssh into a machine behind LMCE router
« Reply #1 on: June 13, 2012, 01:21:31 pm »
I should have said, the command I thought most likely to be appropriate was...

Code: [Select]
ssh -p1234 <MyExternalIP>
...but I wasn't sure where/what port 1234 was, or the correct way to set this/a port up in web admin. This port must relate to my desktop right?

Cheers,
Matt.

1004 RC :: looking good :: upgraded 01/04/2013
my setup :: http://wiki.linuxmce.org/index.php/User:Purps

gadget

  • Veteran
  • ***
  • Posts: 136
    • View Profile
Re: Remotely ssh into a machine behind LMCE router
« Reply #2 on: June 13, 2012, 02:06:30 pm »
I don't believe that the LMCE firewall is capable of doing port forwarding, but essentially you would port forward 1234 to port 22 on the internal machine.  I use shorewall but have not configured it to do port forwarding but think it is possible. The config files are pretty straight forward or you can use webmin to configure it.

DragonK

  • Guru
  • ****
  • Posts: 446
    • View Profile
Re: Remotely ssh into a machine behind LMCE router
« Reply #3 on: June 13, 2012, 03:17:36 pm »
In Theory this should work, but havent tested it yet..

ssh your no-ip on port 10015  then the core will forward port 10015 to port 22 on your desktops IP. In the example the Desktop Ip would be 10.0.0.15.

Webadmin -- Advanced -- Network -- Firewall Rules.

davegravy

  • Addicted
  • *
  • Posts: 551
    • View Profile
Re: Remotely ssh into a machine behind LMCE router
« Reply #4 on: June 13, 2012, 05:04:52 pm »
I don't believe that the LMCE firewall is capable of doing port forwarding, but essentially you would port forward 1234 to port 22 on the internal machine.

Why not? I use port forwarding for RDP to an internal machine all the time.

purps

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1402
  • If it ain't broke, tweak it
    • View Profile
Re: Remotely ssh into a machine behind LMCE router
« Reply #5 on: June 13, 2012, 06:44:03 pm »
In Theory this should work, but havent tested it yet..

ssh your no-ip on port 10015  then the core will forward port 10015 to port 22 on your desktops IP. In the example the Desktop Ip would be 10.0.0.15.

Webadmin -- Advanced -- Network -- Firewall Rules.

Thanks for this.

Unfortunately my remote machine says "Connection refused". I have ssh-ed into the core, and then ssh-ed into the desktop in question without any problems. Firewall is set up with a port forward as per your example. Have also tried a few different ports.

Any clues?

Cheers,
Matt.
1004 RC :: looking good :: upgraded 01/04/2013
my setup :: http://wiki.linuxmce.org/index.php/User:Purps

DragonK

  • Guru
  • ****
  • Posts: 446
    • View Profile
Re: Remotely ssh into a machine behind LMCE router
« Reply #6 on: June 14, 2012, 08:15:28 am »
How does your core access the internet? Via a router?

purps

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1402
  • If it ain't broke, tweak it
    • View Profile
Re: Remotely ssh into a machine behind LMCE router
« Reply #7 on: June 14, 2012, 10:03:35 am »
Nope, it's connected directly to the Internet.

But I can ssh into the core, and then ssh into the desktop, so surely the problem isn't there in any event?

Is there perhaps some sort of special ssh permissions on the desktop I need to set, for when it is being ssh-ed into directly?

No idea.

Cheers,
Matt.
1004 RC :: looking good :: upgraded 01/04/2013
my setup :: http://wiki.linuxmce.org/index.php/User:Purps

DragonK

  • Guru
  • ****
  • Posts: 446
    • View Profile
Re: Remotely ssh into a machine behind LMCE router
« Reply #8 on: June 14, 2012, 10:09:22 am »
Let me test the theory on my setup, and then I'll get back to you.

purps

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1402
  • If it ain't broke, tweak it
    • View Profile
Re: Remotely ssh into a machine behind LMCE router
« Reply #9 on: June 14, 2012, 11:35:01 am »
Thank you, most kind.

I should mention that I was trying to do this from the point of view of sharing a specific window with a friend, who is in a remote location. But I have no confidence that this is even possible (was hoping to do something clever with an X forward). So remote VNC it is.

One tutorial I've looked at mentions running "ssh -L 5900:localhost:5900 <hostname>" on the remote machine before running the VNC viewer - is that command necessary in addition to what we are trying to do, to create a tunnel? I think that port relates to VNC. Or does it relate to tightVNC specifically? Again, I dunno. I will try it out with this port though when I get home.

Cheers,
Matt.
1004 RC :: looking good :: upgraded 01/04/2013
my setup :: http://wiki.linuxmce.org/index.php/User:Purps

WhateverFits

  • Guru
  • ****
  • Posts: 230
    • View Profile
    • Sean Walker
Re: Remotely ssh into a machine behind LMCE router
« Reply #10 on: June 14, 2012, 07:52:24 pm »
OK, what your "ssh -L..." command does is log into your server using SSH and attempts to open a tunnel for VNC (port 5900) from your localhost to your server's VNC. If you want to forward that over to another system use something like:

ssh -L 5900:OtherSystemRunningVNC:5900 YourLinuxMCEServerHere

That should do it. I'm a little rusty on my ssh command line stuff so this is an educated guess.  ;D

Sigg3.net

  • Veteran
  • ***
  • Posts: 64
    • View Profile
Re: Remotely ssh into a machine behind LMCE router
« Reply #11 on: June 16, 2012, 12:51:23 pm »
Not sure what you mean by "sharing a specific window", but you can forward graphical programs using the -X flag.

Code: [Select]
# ssh -X user@192.168.80.1
# xeyes

or if it's a KDE-app:
Code: [Select]
# dbus-launch NAME_OF_APP
When you're in the comfy chair, you don't want to leave the comfy chair. So I can open firefox to configure stuff
Code: [Select]
# ssh -X user@192.168.80.1
# dbus-launch firefox URL_OF_WEBADMIN

aso..

purps

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1402
  • If it ain't broke, tweak it
    • View Profile
Re: Remotely ssh into a machine behind LMCE router
« Reply #12 on: June 21, 2012, 08:31:08 pm »
OK, the ssh -L thing did work, but it only logs into the LMCE server - I am looking for a way to remotely ssh directly into another machine on my network.

I also tried ssh -p5900 <LMCEserver> again, but to no avail - connection refused. Admin firewall setting is...

tcp   ipv4   5900 to 5900   22   192.168.80.XXX   port_forward

@Sigg3.net - thanks for the suggestion, but an X forward won't cut it unfortunately. I didn't explain myself very well. I want to be able to share a desktop with somebody remotely (hence I'm now frigging with port 5900, as I intend to use VNC).

Any other suggestions?

Cheers,
Matt.
1004 RC :: looking good :: upgraded 01/04/2013
my setup :: http://wiki.linuxmce.org/index.php/User:Purps

purps

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1402
  • If it ain't broke, tweak it
    • View Profile
Re: Remotely ssh into a machine behind LMCE router
« Reply #13 on: June 21, 2012, 08:45:13 pm »
I did it (we were nearly right).

Code: [Select]
ssh -L 5900:<LMCEserver>:5900 <user>@<othermachine>
Still not quite sure I have understood what I have done... could somebody please educate me? Why is 5900 in there twice? How does this relate to my firewall rule?

Cheers,
Matt.
1004 RC :: looking good :: upgraded 01/04/2013
my setup :: http://wiki.linuxmce.org/index.php/User:Purps

WhateverFits

  • Guru
  • ****
  • Posts: 230
    • View Profile
    • Sean Walker
Re: Remotely ssh into a machine behind LMCE router
« Reply #14 on: June 22, 2012, 05:43:24 am »
The first 5900 is for the source and the second is the destination port. Your ssh opens one here and attaches it there. You can map any port to any other port that way. The firewall has no bearing on it since ssh tunnels it over port 23.

I hope that helps.