[TriLUG] enabling SSH into private network

Tom Roche Tom_Roche at pobox.com
Wed Jan 2 09:26:22 EST 2008


Coupla questions about enabling SSH from the internet into a private
network:

Thanks to donations, I have both my POS boxes (running feisty USE,
console only) behind a router/firewall. They, and my laptop, are
stably DHCPing, and can reply to pings from each other, inside that
network.

Now I need to enable folks to SSH in from outside that network, in
order to

* enable remote data entry: we've got a lotta DB setup todo

* allow remote access to the POS developers

I've frequently setup SSH on boxes on other networks (not my own) so
I'm familiar with creating/installing keys etc. My questions are about
what I need to do to enable the several boxes to accept SSH from
outside.

I read that I hafta use separate ports in order for the several boxes
to each be able to accept SSH connections through the firewall.
Looking around for ports that look (relatively) unused and which are
mnemonic for the service and the hostnames, I'm thinking of using
port#s 222x: does that seem reasonable/feasible?

In any case, whatever I use for the port#s, I'll need to open them on
the firewall: fortunately that seems straightforward.

Then from outside the private network one will need to run

ssh <id>@<FQ hostname> -p <port#>

where <FQ hostname> belongs to one of the boxes on the private
network. I know how to setup IDs, and port# is discussed above. I'm
wondering, what do I need to do to publicize the hostnames from the
private network to the world? Or is there A Better Way to do this?

TIA, Tom Roche <Tom_Roche at pobox.com>




More information about the TriLUG mailing list