Have spent a lot of time researching this, and am struggling to sort fact from fiction, so thought I would ask my friends at LMCE.
I can ssh into my core using my no-ip IP address no problem, and I can ssh into my desktop from there (which sits on the internal LMCE network).
What I would like to do is remotely ssh into the desktop directly. I undertand this involves me forwarding ports on the router, but I am struggling to put the theory into context.
Could anybody tell me what I have to do to set this up in web admin, and the ssh command I would have to issue? I think I just need a real example to get my head round this.
Cheers,
Matt.
I should have said, the command I thought most likely to be appropriate was...
ssh -p1234 <MyExternalIP>
...but I wasn't sure where/what port 1234 was, or the correct way to set this/a port up in web admin. This port must relate to my desktop right?
Cheers,
Matt.
I don't believe that the LMCE firewall is capable of doing port forwarding, but essentially you would port forward 1234 to port 22 on the internal machine. I use shorewall but have not configured it to do port forwarding but think it is possible. The config files are pretty straight forward or you can use webmin to configure it.
In Theory this should work, but havent tested it yet..
ssh your no-ip on port 10015 then the core will forward port 10015 to port 22 on your desktops IP. In the example the Desktop Ip would be 10.0.0.15.
Webadmin -- Advanced -- Network -- Firewall Rules.
Quote from: gadget on June 13, 2012, 02:06:30 PM
I don't believe that the LMCE firewall is capable of doing port forwarding, but essentially you would port forward 1234 to port 22 on the internal machine.
Why not? I use port forwarding for RDP to an internal machine all the time.
Quote from: DragonK on June 13, 2012, 03:17:36 PM
In Theory this should work, but havent tested it yet..
ssh your no-ip on port 10015 then the core will forward port 10015 to port 22 on your desktops IP. In the example the Desktop Ip would be 10.0.0.15.
Webadmin -- Advanced -- Network -- Firewall Rules.
Thanks for this.
Unfortunately my remote machine says "Connection refused". I have ssh-ed into the core, and then ssh-ed into the desktop in question without any problems. Firewall is set up with a port forward as per your example. Have also tried a few different ports.
Any clues?
Cheers,
Matt.
How does your core access the internet? Via a router?
Nope, it's connected directly to the Internet.
But I can ssh into the core, and then ssh into the desktop, so surely the problem isn't there in any event?
Is there perhaps some sort of special ssh permissions on the desktop I need to set, for when it is being ssh-ed into directly?
No idea.
Cheers,
Matt.
Let me test the theory on my setup, and then I'll get back to you.
Thank you, most kind.
I should mention that I was trying to do this from the point of view of sharing a specific window with a friend, who is in a remote location. But I have no confidence that this is even possible (was hoping to do something clever with an X forward). So remote VNC it is.
One tutorial I've looked at mentions running "ssh -L 5900:localhost:5900 <hostname>" on the remote machine before running the VNC viewer - is that command necessary in addition to what we are trying to do, to create a tunnel? I think that port relates to VNC. Or does it relate to tightVNC specifically? Again, I dunno. I will try it out with this port though when I get home.
Cheers,
Matt.
OK, what your "ssh -L..." command does is log into your server using SSH and attempts to open a tunnel for VNC (port 5900) from your localhost to your server's VNC. If you want to forward that over to another system use something like:
ssh -L 5900:OtherSystemRunningVNC:5900 YourLinuxMCEServerHere
That should do it. I'm a little rusty on my ssh command line stuff so this is an educated guess. ;D
Not sure what you mean by "sharing a specific window", but you can forward graphical programs using the -X flag.
# ssh -X user@192.168.80.1
# xeyes
or if it's a KDE-app:
# dbus-launch NAME_OF_APP
When you're in the comfy chair, you don't want to leave the comfy chair. So I can open firefox to configure stuff
# ssh -X user@192.168.80.1
# dbus-launch firefox URL_OF_WEBADMIN
aso..
OK, the ssh -L thing did work, but it only logs into the LMCE server - I am looking for a way to remotely ssh directly into another machine on my network.
I also tried ssh -p5900 <LMCEserver> again, but to no avail - connection refused. Admin firewall setting is...
tcp ipv4 5900 to 5900 22 192.168.80.XXX port_forward
@Sigg3.net - thanks for the suggestion, but an X forward won't cut it unfortunately. I didn't explain myself very well. I want to be able to share a desktop with somebody remotely (hence I'm now frigging with port 5900, as I intend to use VNC).
Any other suggestions?
Cheers,
Matt.
I did it (we were nearly right).
ssh -L 5900:<LMCEserver>:5900 <user>@<othermachine>
Still not quite sure I have understood what I have done... could somebody please educate me? Why is 5900 in there twice? How does this relate to my firewall rule?
Cheers,
Matt.
The first 5900 is for the source and the second is the destination port. Your ssh opens one here and attaches it there. You can map any port to any other port that way. The firewall has no bearing on it since ssh tunnels it over port 23.
I hope that helps.
(22, no?)
Thank you very much, that is very helpful indeed.
I successfully got VNC working over my internal network last night, just need to tie it all together now. Will report back with the exact steps.
Cheers,
Matt.
Great! Glad to hear that! Yeah, 22. 23 is telnet. ;D
Getting VNC to work internally is very different from getting it working remotely I've discovered. It tells me that my commands aren't utter bollocks at least, but of course it doesn't tell me if the approach is correct.
It is now working remotely after a lot of trial and error, but I am not satisfied this is the best way to do it. I do...
ssh -p 22 -L 5900:127.0.0.1:5900 <coreUser>@<externalIP>
ssh - p 22 -L 5900:127.0.0.1:5900 <desktopUser>@<internalIPofDesktop>
...and then I can do the VNC thing, which is great don't get me wrong, but....
How do I combine these two steps and ssh straight into my desktop, without having to type in the core password? If this is the best way of doing it, then fine, but how do people without a clever LMCE system do it i.e. with a normal router?
Cheers,
Matt.
EDIT: I didn't do anything to the firewall, which makes sense seeing as this is a tunnel.
You can forward a port (using the LMCE firefall config) to your desktop IP, which I wouldn't do.
Or, you could change your ssh tunnel to use the IP of the desktop machine, instead of the core loopback address
ssh -p 22 -L 5900:<internalIPofDesktop>:5900 <coreUser>@<externalIP>
This won't ssh straight to your desktop. It will still ssh to the core. But, the port forward will be to your desktop. If you really needed to ssh to the desktop to run some commands, you could just ssh from the core to the desktop (no port forwarding req'd).