[LINUX] [Ssh server] ubuntu ssh server construction-ssh connection from inside and outside the LAN

Introduction

I prepared an ubuntu environment for my own PC at home, so I tried ssh connection. Since we learned from preparing the ssh server to the host environment to accessing from inside and outside the LAN, we will organize the contents. If you find it helpful, please click LGTM m (__) m

flow

  1. Introducing ssh server on host side (ubuntu)
  2. Key generation on the client side
  3. Public key setting on the host side
  4. Ssh connection from within LAN
  5. Ssh connection from outside the LAN

1. Host (ubuntu) ssh server settings

Introduction of ssh-server

sudo apt install openssh-server

Change configuration in sshd_config file

sudo vim /etc/ssh/sshd_config

sshd_config = ssh daemon configuration file (setting when ssh is connected from the outside) ssh_config = ssh connection configuration file (settings for ssh connection to the outside)

Add the following contents to the sshd_config file

#Allow password authentication
PasswordAuthentication yes
#Temporarily grant permission for subsequent processes

Restart the server for the settings to take effect

service sshd restart

2. Key generation on the client side

Generate public and private keys (Renamed the key to ubuntu_home for clarity)

ssh-keygen -t rsa
#Enter file in which to save the key (/Users/xxxx/.ssh/id_rsa):/Users/xxxx/.ssh/ubuntu_home
#Subsequent questions are OK with Enter

Copy the public key to the host side (The public key is stored in the "~/.ssh" directory of the host by the following command)

scp ~/.ssh/ubuntu.pub  <user>@<Host IP address>:~/.ssh

3. Public key setting on the host side

#authorized_Writing public keys to keys
cd ~/.ssh
cat ubuntu.pub >> authorized_keys
rm ubuntu.pub

#Change permissions
cd ~
chmod 700 .ssh
chmod 600 .ssh/authorized_keys

Limited to private key access for added security

#Change ssh daemon settings
sudo vim /etc/ssh/sshd_config
#Prohibit password access
PasswordAuthentication no
#Restart the server for the settings to take effect
service sshd restart

4. Ssh connection from within LAN

Fixed local IP Manually set the IP address with the gear mark in the wifi setting Screenshot from 2020-12-16 02-43-42.png

The gateway is the IP address of the router and can be set by replacing the last number in the local IP address of the PC with 1.

Ssh connection is completed with the following command!

ssh -i ~/.ssh/home_ubuntu -l <username> <Local IP address>

5. Ssh connection from outside the LAN

① Open port

Log in to the router settings site

You can access the router by replacing the last number in the local IP address with 1 (example below) IP address of the PC = http://192.168.10.114 IP address of the router = http://192.168.10.1

For my router, the following setting screen is displayed. Screenshot from 2020-12-16 02-19-20.png

Click Port Mapping Settings Screenshot from 2020-12-16 02-36-16.png

Entry NAT Screenshot from 2020-12-16 02-56-19.png

② Acquisition of domain

Get a domain at a site called MyDNS. Register and log in from join us on the upper right https://www.mydns.jp/

Get domain from DOMAIN INFO image.png

For the acquired domain, enter the global IP address found earlier from IP ADDR DIRECT in IPv4, and link the domain with the global IP. Screenshot from 2020-12-16 04-03-23.png

How to check the global IP address

curl inet-ip.info

③ Automatic update of global IP

Since the global IP is automatically updated unless it is a fixed IP, it is necessary to re-associate it with the domain acquired by DDNS.

Do it automatically with cron this time

crontab -e
#Add the following line and save
#This will issue an HTTP request to MyDNS every 10 minutes
*/10 * * * * wget -q -O /dev/null http://(mydns.jp master ID):(mydns.jp password)@www.mydns.jp/login.html

④ Hairpin NAT avoidance

Attempts to access the global IP from within the same network will be rejected if the router does not support it If you set it below, it will not be rejected, so register

sudo vim /etc/hosts

/etc/hosts


#Add the following line and save
<Fixed server local IP> <Domain name obtained by MyDNS>

⑤ SSH to your home server

Complete by connecting to your home server below

ssh -p 5504 -i ~/.ssh/home_ubuntu domain name

Also, if you describe the conditions for ssh connection in the .ssh/config file, you can easily connect with ssh.

~/.ssh/config


Host home-ubuntu
  HostName home-ubuntu.mydns.jp
  IdentityFile ~/.ssh/home_ubuntu
  User shota
  Port 5504
  TCPKeepAlive yes
  IdentitiesOnly yes

You can connect with just the following command!

ssh home-ubuntu

If you find it helpful, please click LGTM m (__) m

reference

・ Access ubuntu home server from outside with ssh http://frute.hatenablog.com/entry/2018/11/19/003056 -How to set a fixed IP address on Ubuntu 18.04 LTS [Desktop Edition] https://linuxfan.info/ubuntu-1804-desktop-static-ip-address ・ SSH Tips https://qiita.com/syui/items/cb2bf66ceb94e92058ff

Recommended Posts

[Ssh server] ubuntu ssh server construction-ssh connection from inside and outside the LAN
Try switching from the RHEL environment to the Ubuntu environment Server installation
JSON in Java and Jackson Part 1 Return JSON from the server
Install Ubuntu Server 20.04 in VirtualBox on Mac and connect with SSH
I was a little addicted to ssh connection from mac to linux (ubuntu)
Settings for SSH connection from Windows to Ubuntu using public key authentication