Arch Linux

djre

Member

From: 3 Stars and a Sun

Registered: 2007-10-19

Posts: 36

is ssh possible through dhcp and nat?

Hi! I was thinking if I could connect to my pc at home from school so I could maximize what I pay for internet, that would be great. So I bumped into this SSH thing and now Im wondering if this could work since my box is behind DHCP and NAT. I just want to access my pc so i could manage its downloads while at school.

Is this feasible and do I have to install anything to my school pc (I don't have admin privilege)?

jrb

Member

Registered: 2007-11-14

Posts: 3

Re: is ssh possible through dhcp and nat?

It's very simple to do, as long as you have an ssh client on your school computer. Turn on the sshd service on your home machine and then forward port 22 on your router to your machine. (I'm assuming you're using a router since you said you were using NAT.)

Klepto

Member

From: Scotland

Registered: 2007-11-12

Posts: 41

Re: is ssh possible through dhcp and nat?

Firstly, you will need an ssh client, I assume your school computer is a Windows box. You may find that it already has something like PuTTY installed. Alternatively there are some Java web based clients you can use like this one, although I've never used any so I can't comment on their quality.

At the server end (your home) you will need to make sure that your PC has a static DHCP lease so it always has the same IP on your LAN, that your NAT is forwarding TCP port 22 to that IP, and your firewall is allowing incoming connections on that port. You will also need to know your public IP (the one that's visible on the internet). Most home broadband connections have a dynamic IP so you may want to investigate some kind of dynamic DNS service like No-IP or DynDNS. Routers often have support for these so they will automatically update if your IP changes, best to check your router first so you can choose one it supports.

Be aware that there are security considerations here, ssh is pretty secure but nothing can be guaranteed 100% bulletproof. Some kind of virtual private network (VPN) may be a better idea but you probably won't be able to get that set up at school, they can be a pain at the best of times.

Doesn't Windows allow people to install stuff in the Windows equivalent of /home? I know very little about Windows

---

I'm a moderate, it's the mainstream that's extremist.

ezzetabi

Member

Registered: 2006-08-27

Posts: 947

Re: is ssh possible through dhcp and nat?

Well, *Windows*does.
But the applications are often programmed by pigs that know nothing about Windows structure.
As effect the applications can't work if installed in /home and executed by users... :S

nogoma

Member

From: Cranston, RI

Registered: 2006-03-01

Posts: 217

Re: is ssh possible through dhcp and nat?

Be aware that there are security considerations here, ssh is pretty secure but nothing can be guaranteed 100% bulletproof. Some kind of virtual private network (VPN) may be a better idea but you probably won't be able to get that set up at school, they can be a pain at the best of times.

A couple of good ideas when setting up publicly available ssh daemons is to a) disable root login (bruteforce attackers often try to log into the root account), and b) run something like denyhosts (in one of the repos, I believe). This fantastic little script scans your access logs, and automatically blocks IPs if they've tried to connect too many times and failed. Of course, if you're really bad at typing in your password, you could potentially lock yourself out (you can set up denyhosts to unblock an address after a certain amount of time, so it's nothing permanent). Finally, c) learn about ssh-keys, and use them. It makes the whole I'm-bad-at-typing-in-my-password thing a non-issue.

---

-nogoma
---
Code Happy, Code Ruby!
http://www.last.fm/user/nogoma/

pauldonnelly

Member

Registered: 2006-06-19

Posts: 776

Re: is ssh possible through dhcp and nat?

Doesn't Windows allow people to install stuff in the Windows equivalent of /home? I know very little about Windows

That's not really an issue here. PuTTY, the Windows SSH client of choice, is just a single binary with no installer, so it can reside on a flash drive or wherever.

Klepto

Member

From: Scotland

Registered: 2007-11-12

Posts: 41

Re: is ssh possible through dhcp and nat?

Well, *Windows*does.
But the applications are often programmed by pigs that know nothing about Windows structure.
As effect the applications can't work if installed in /home and executed by users... :S

That's not really an issue here. PuTTY, the Windows SSH client of choice, is just a single binary with no installer, so it can reside on a flash drive or wherever.

Cool. In my brain under "Windows" there is a note saying "Here be dragons".

There's still the school's firewall to contend with, I guess an SSH server could be run on a port they allow outgoing packets on if they don't allow 22.

---

I'm a moderate, it's the mainstream that's extremist.

djre

Member

From: 3 Stars and a Sun

Registered: 2007-10-19

Posts: 36

Re: is ssh possible through dhcp and nat?

actually the pc at school doesn't allow administrator profiles so i'm stuck if i still have to install that client. but im excited with this putty, does it really not need installation? anyway, ill just try that. thanks.

retsaw

Member

From: London, UK

Registered: 2005-03-22

Posts: 132

Re: is ssh possible through dhcp and nat?

PuTTY doesn't need installation, but it does store its settings in the Windows registry, however there is a portable version that has been modified to use a configuration file instead.

johnvoisey

Member

Registered: 2006-11-04

Posts: 28

Re: is ssh possible through dhcp and nat?

I'd just like to add something to "klepto's" post.

SSH / SSHD normally works on port 22 which is why klepto mentions it. I'm running ssh here but you won't find it on port 22. Read the Arch wiki suggestions on setting up ssh and sshd and PICK A DIFFERENT PORT. You can configure this into the "PuTTY" client VERY easily. I have just such a system right here right now.

Why would you want to do this ? Well, there are a few thousand (million ?) hackers out there who will cheerfully 'scan' random ip addresses looking for responses from known ports and although nothing in cyberspace is ever safe and secure why make it easy for the hackers by leaving a server responding to the default port ?