MuntyScruntfundle
Posts: 223
Joined: Fri Oct 27, 2017 11:14 pm

SSH through an external ip

Tue Sep 18, 2018 9:34 pm

Hi folks. I know this is a network question, but you guys are friendly and helpful.

I can see how I would SSH to a single pi server behind a router, but how would it be possible to SSH to multiple servers?

Am I stuck connecting to one pi then using that to connect to others? I don't really want the headache of setting up ssh with different ports on each pi, that would be a bit of a nightmare.

Thanks.

User avatar
topguy
Posts: 5901
Joined: Tue Oct 09, 2012 11:46 am
Location: Trondheim, Norway

Re: SSH through an external ip

Tue Sep 18, 2018 9:51 pm

I don't really want the headache of setting up ssh with different ports on each pi, that would be a bit of a nightmare.
No you are right, you do this in the portforward rules in your router instead.

example..
- external port 2222 forwarded to port 22 on Pi no.1
- external port 2223 forwarded to port 22 on Pi no.2
- external port 2224 forwarded to port 22 on Pi no.3

User avatar
lmarmisa
Posts: 1230
Joined: Thu Feb 14, 2013 2:22 am
Location: Jávea, Spain

Re: SSH through an external ip

Tue Sep 18, 2018 10:05 pm

I believe that you need a solution based on VPN:

https://www.smallbusinesscomputing.com/ ... h-vpn.html

User avatar
bertlea
Posts: 299
Joined: Wed Dec 07, 2016 6:33 am
Location: Hong Kong

Re: SSH through an external ip

Wed Sep 19, 2018 1:29 am

I think the external-to-internal port assignment described by topguy is the best solution. But if you really hate that, you can just ssh to one of your Pi first and then ssh to other Pi using their internal IP addresses. But the downside is obviously the Pi that act as a ssh gateway must be running fine when you need to access other Pi so there is a dependency there.

tpyo kingg
Posts: 627
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: SSH through an external ip

Wed Sep 19, 2018 6:15 am

The arrangment described by topguy can be made into shortcuts by setting the Port configuration directive in ~/.ssh/config So that you just type "ssh rpi01" or "ssh rpi02" or whatever and the port is taken care of automatically as well as the address. See "man ssh_config" for the full set of options.

The arrangment described by bertlea is usually referred to a "jump host" or "bastion". You can set up the router itself for that sometimes. If it is the kind of hardware that can run OpenWRT or DD-WRT then you can connect via SSH to the router and then to the internal machine(s) again via SSH. If you are loathe to mess with your only router but have a budget, many off the shelf routers found in the stores support OpenWRT and can be obtained inexpensively. Either way, once you know the path through the router to the internal machines, shortcuts for those can also be set in ~/.ssh/config

Return to “General discussion”