Set up your router to forward a port of your choice [say 8822] to port 22 on the pi.jimjamz wrote: - What is the best way to use SSH on the Raspberry Pi?
Does your router support dynamic dns? Quite a few do. If so go to http://dyn.com/dns/ & set up an account. This will let you have a domain address which tracks the IP address assigned by your ISP.jimjamz wrote:- My ISP provides me with a dynamic IP so it will change every few days or so. I use a wireless router (but the Pi will be wired to it), I have the admin password and the router can do port forwarding.
The one bit I struggle to follow is using a port (e.g. 8822) to access another port (22). Again, my knowledge of port forwarding is not amazing.HiroProtagonist wrote:Set up your router to forward a port of your choice [say 8822] to port 22 on the pi.
If your router will allow it, you should coinfigure it to forward some other port to port 22. Leaving port 22 open will result in loads of 'bots trying to log in as 'root', which if nothing else will fill your logs with crap. Using a different port will reduce this noise dramatically.jimjamz wrote: The one bit I struggle to follow is using a port (e.g. 8822) to access another port (22). Again, my knowledge of port forwarding is not amazing.
My router (Netgear DG834G) is only capable of basic port forwarding, if any at all.
For example, I can enable a service (e.g. SSH) on the router to use port 22 (already defaulting to SSH according to the router).
Yes you could use port 22 directly [in which case you don't need to specify it], but avoid that if you can.jimjamz wrote: This service can then be allowed inbound through the router's firewall to ONLY one specific internal address on the router (e.g. the Raspberry Pi @ 192.168.0.3) so that when I remotely access the external IP (e.g. 126.96.36.199) with port 22, it redirects specifically to the specified router's internal address (e.g. 192.168.0.3) and not any other device on the router (e.g. my Windows Server @ 192.168.0.5).
Couldn't I just set up port forwarding to access port 22 directly, lIke this:
ssh -p 22 -L 8080:127.0.0.1:8080 firstname.lastname@example.org
However, does this also mean that I can't enable SSH and forwarding to port 22 for any other device on the router (e.g. my Windows Server @ 192.168.0.5) if I'm already using it to connect to Raspberry Pi @ 192.168.0.3? Because how will the Netgear router know which device to send the traffic to if I connect using the external IP and port 22?
What is the term for this "forwarding of ports to other ports"? "Super port forwarding"?HiroProtagonist wrote:If your router will allow it, you should coinfigure it to forward some other port to port 22. Leaving port 22 open will result in loads of 'bots trying to log in as 'root', which if nothing else will fill your logs with crap. Using a different port will reduce this noise dramatically.
I'm not aware of a term for this, but it should be quite easy to see if your router allows you to specify an external and internal port when configuring port forwarding. If you only get to specify a single port, then you don't have the option.jimjamz wrote:What is the term for this "forwarding of ports to other ports"? "Super port forwarding"?
If I know the term, maybe I can find out if my router is capable of it, although I doubt it will be able to as it's quite an old wireless router.
In those instructions you can see that the Linksys and DD-WRT support "from" and "to" port numbering, but the others don't.johndough wrote: http://www.howtogeek.com/66214/how-to-f ... ur-router/
setting up firefox on PC, this guy shows how to do it with nice picturesjimjamz wrote:Hello all,
I've set up my Pi by remote. I am successfully SSHing to it via puTTY.
Now I want to re-direct all my local web traffic through the remote Pi. I've just installed tinyproxy. What do I do next and how can I use tinyproxy through puTTy?
@john564,john564 wrote: setting up firefox on PC, this guy shows how to do it with nice pictures
using firefox on android phone,
http://www.devineloper.com/wp-content/u ... tions1.png
http://www.devineloper.com/wp-content/u ... tions2.png
Code: Select all
apt-get update apt-get install tinyproxy
Code: Select all
Port 8888 Listen 127.0.0.1
Code: Select all
@john564 - Thanks. I might give that a whirl if I have any problems with tinyproxy. I'll be sure to look into it to see if it's more efficient.john564 wrote:p.s. also worth a try, myentunnel, imho better for this job than putty,
# http://nemesis2.qx.net/rdownload.php?fi ... tunnel.exe
Great to hear that you got it working.jimjamz wrote: I got the proxy settings working just by loading my saved PuTTy session then going to Connection -> SSH -> Tunnels. In the Tunnels settings, I set my local outbound port (under Source Port) to 8888 and my remote Raspberry Pi's local loopback IP and incoming port (Destination) to 127.0.0.1:8888. The options below I left selected as Local and Auto.
I then opened the SSH connection (with certificate key) and logged onto the Pi. I tried Facebook and YouTube (from China) as a test and it works!
To keep things simple and straight-forward, I used the same port number (8888) as the local outgoing and remote incoming. Now, my next question is, is it in any way less safer to use the same local outgoing port number as the remote incoming? In the earlier examples, there were some suggestions to have a local outgoing port of 8080 such as this example:
ssh -p 8822 -L 8080:127.0.0.1:8080 -N email@example.com
If I used a different outgoing port to that of the remote incoming, for example:
ssh -p 8822 -L 8080:127.0.0.1:8888 -N firstname.lastname@example.org
Q: Would this have any impact on making the connection more secure to unauthorised users???
HiroProtagonist wrote:The only issue I can think of would be if you were forwarding a port on your PC that was open to outside users - e.g. if your PC was set up to allow users on your network to access port 8080, using that port to access your proxy might not be what you want. As long as you don't have anything like that set up, the choice of port
to forward is up to you [as long as you don't clash with anything else].
Not being a network guru myself either, I wouldn't know if the HTTP traffic being carried by the SSH connection AND tinyproxy is being encrypted or not. Admittedly, it's not my primary concern (which is to just make sure I can access the content I need to in the first place). However, it would be nice to know in case further steps are requested to ensure encryption.Steven Boelens wrote: The SSH link does encrypt the communication but the standard proxy doesn't. So the chinese can still observe your http traffic and block it if you visit "illegal" sites.
A VPN wrapped around an SSH connection? Not sure if it's possible, and secondly, why? If you can set up an SSTP VPN then you really don't need an SSH connection as it's purpose would be defeated.Shouldn't you also have a VPN tunnel for encryption?
Or do you not need encryption of the traffic between China and the UK?
results in:ssh -p 8822 -L 8888:127.0.0.1:8000 email@example.com
What's the easiest way to generate a key on MacOSX to add to the authorized_keys list on the Pi? Once I have it, how do I point MacOSX's terminal to my newly generated public/private keys?Permission denied (publickey).