Connecting To A Friend Via Ssh

Hello

I am very new to Linux and am using SUSE 10.3
I have used the SSH command to locally connect to a friends computer,
but i am wondering, is there anyway we can connect over the internet in the same way as we do locally?

Any help would be greatly appreciated.

Ryan

Sure, and to do so you'll just need to open port 22 (SSH) on the remote (server) machine's firewall for external zone, for majority of cases. And of course, you need to know the remote (server) machine IP address. If the remote machine is connected via DSL, you'll most likely need to forward port 22 on the DSL router/modem to the server's local IP address.

For security reasons, don't forget to close the port forwarding and firewall hole on the server, after you're done, unless you really want to leave it open.

Quote:

Sure, and to do so you'll just need to open port 22 (SSH) on the remote (server) machine's firewall for external zone, for majority of cases. And of course, you need to know the remote (server) machine IP address. If the remote machine is connected via DSL, you'll most likely need to forward port 22 on the DSL router/modem to the server's local IP address.

For security reasons, don't forget to close the port forwarding and firewall hole on the server, after you're done, unless you really want to leave it open.
[/b]

Thanks very much for the reply, but i 'm so new to this , would you mind explaining how i would do all of this , sorry about that

Ryan.

That depends. Which OS is running on the machines in question? How are the machines connected to the Net? Static IP, DSL, modem...

Quote:

Thanks very much for the reply, but i 'm so new to this , would you mind explaining how i would do all of this[/b]

Dependant on how detailed you want to implement this, you can stick with just "ssh" or you can include "vnc" or "nx". Take a look at this thread:
http://forums.suselinuxsupport.de/index.ph...3&hl=x11vnc
In particular, look at post #6, 10, 11, 12.

If you have any questions after reading those, please post here.

Quote:

That depends. Which OS is running on the machines in question? How are the machines connected to the Net? Static IP, DSL, modem...
[/b]

We both run the same version of SUSE (10.3) and were connected to the internet through wireless routers, dynamic i.p.'s i think.
I hope that helps.

Ryan.

Well, first check out oldcpu's link if you want more than just simple ssh connection to a remote computer.

For simple ssh, these three steps should be sufficient:

1. On the remote machine (to which you are connecting), go to YaST -> Security and Users -> Firewall -> Allowed Services, and add SSH to External Zone.
2. On the remote machine's router, find port forwarding options and add port 22 for the LOCAL IP of that machine.
3. Connect to remote, for example ssh username@123.456.789.123, supplying the remote IP instead of 123.456.789.123. You can find the remote IP either in the router's control panel, stats or something, or by going to http://checkip.dyndns.com (must be checked FROM that remote machine), so have your friend let you know the address before you connect.

Also, if the remote router allows dynamic DNS services (check manual or find Dynamic DNS options in router's control panel), explore the dyndns.com site and perhaps obtain a dynamic DNS address: http://www.dyndns.com/services/dns/dyndns/

Edit: naturally, you have to perform the same steps for your own computer, which then becomes remote for your friend.

Quote:

For simple ssh, these three steps should be sufficient:[/b]

ryaneowww, FuryWS's recommendation/explanation for ssh is good.

I recommend you get this functional based on his recommendation. Test it, and become comfortable with it.

However after you have this functioning, and are comfortable with the functionality, I then recommend you change your ports to add extra security. There are many 'bots that run on the web, trying to hack into computers via ssh on port 22, using brute force techniques. A good username/password should thwart those attempts, but it is still useful to add extra security (and there are many methods to increase the security).

For example, on our home PC LAN, we have mapped on our Router/Modem (that connects to our ISP) a different high port number for each PC in our LAN, pointing to Port#22 on each PC. ... ie ...

Code:

Router****** PC# and
Port******** Port mapping
=====********=====
22 closed****no mapping
42001********PC#1 port#22
42002********PC#2 port#22
42003********PC#3 port#22

ie router port#42001 is mapped to PC#1's port#22. router port#42002 is mapped to PC#2's port#22. ... etc .... And router's port#22 is closed.

Hence, from outside our LAN, to connect to
* PC#1, one would type: ssh -X homelan1234.homelinux.com -p 42001
* PC#2, one would type: ssh -X homelan1234.homelinux.com -p 42002
* PC#3, one would type: ssh -X homelan1234.homelinux.com -p 42003

Where homelan.homelinux.net, is the IP name assigned by dyndns per FuryWS's post.

Most bots do not scan ports, but simply try a hack at port#22. And those that do scan ports, have to scan from port#22 up to 42001 before they find an open port. That takes time, and after over 1 year of changing my port mapping, I have yet to have one bot try hacking in at a port number > 40000. Before I changed my port mapping, I would have well in excessive of 100 hack attempts per day on port#22. Given how many users don't bother to change their port#22, there is no point in the bot's scanning for higher port numbers, as there are too many other easy "fish" to catch (who did not remap their ports).

Also, you should disable direct root ssh access in the appropriate configuration file on each PC. About 1/3 of the brute force hack attempts on my LAN (before I remapped the ports) were trying to come in as user "root". The other 2/3 brute force hack attempts tried to guess a user name and guess a password with that user name.

Quote:

Well, first check out oldcpu's link if you want more than just simple ssh connection to a remote computer.

For simple ssh, these three steps should be sufficient:

1. On the remote machine (to which you are connecting), go to YaST -> Security and Users -> Firewall -> Allowed Services, and add SSH to External Zone.
2. On the remote machine's router, find port forwarding options and add port 22 for the LOCAL IP of that machine.
3. Connect to remote, for example ssh username@123.456.789.123, supplying the remote IP instead of 123.456.789.123. You can find the remote IP either in the router's control panel, stats or something, or by going to http://checkip.dyndns.com (must be checked FROM that remote machine), so have your friend let you know the address before you connect.

Also, if the remote router allows dynamic DNS services (check manual or find Dynamic DNS options in router's control panel), explore the dyndns.com site and perhaps obtain a dynamic DNS address: http://www.dyndns.com/services/dns/dyndns/

Edit: naturally, you have to perform the same steps for your own computer, which then becomes remote for your friend.
[/b]

Thanks so much , this really really helped , got it all working now!
Thanks for all of your help!

Ryan.