On 08/09/16 18:49, Anton Aylward wrote:
On 09/08/2016 11:55 AM, gumb wrote:
The receiver's router is some rather pathetic device provided free by their ISP. When I was there recently I logged in to its configuration settings, which aren't very extensive. There was a setting to allow specified services to pass through. I selected 'SSH' from the list, then selected their PC from the list of known/connected devices, and changed the port number to the one I'd previously configured (i.e. not the default 22).
So you're going IN to the receiver's router (?firewall?) on its port 22 facing the Big-I Internet, and that's redirecting to another port on a selected machine where you've set up a sshd listening on that other port.
As far as you addressing the remote *site* you address port 22 on the Big-I Internet facing side. The redirection is done by that router (?firewall?). You do NOT direct out from your machine to that other port, the remote router (?firewall?) takes care of that redirection for you.
But how, in that case, IF there were multiple machines at the remote end (which there aren't, but I might at some point want to SSH in reverse back home where I do have more than one device, which is why I want to be sure of the theory), would the router know which machine I'm trying to SSH into? If all I've set up on the client side is an ssh config file in ./.ssh/config with entries such as Host arbitrary-name Hostname 83.155.42.9 that reaches the IP address and gets me only so far as the router. If I'm supposed to address port 22 then where and how do I specify machine-a or machine-b? My config file also includes the port number for each entry, e.g. Port 1234 Are you saying that in principle the traffic is always entering via port 22 on the router regardless of what I specify in my config, but after that the port number is read in order to reach the correct device? Or are you saying my config file should specify Port 22 (which would be default so no need to specify explicitly). In which case, I don't understand the next step to get to the right machine.
OBTW do not fiddle with the hosts.allow. Leave it empty.
Too late. I edited that long ago on the server side. However, on my recent visit there, I was trying to SSH in from my laptop on the network and it failed. Since this router is a replacement for one that had burnt out, I'd forgotten that I'd updated the static IP of the machines to 192.168.1.x instead of 192.168.0.x, since the IP gateway is 192.168.1.254. When I modified the server's hosts.allow file accordingly all was well. So although it's apparently an antiquated concept, it's one that works. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org