How to SSH to a Remote Server without Public IP (FREE)

Posted on November 15, 2018

When I arrived USC, I decided to spend my money on a desktop (for scientific computation) rather than a Mac. And it turns out to be very useful and I got 800$ reward from Deep Learning class because of the project done with this machine. When I am the library and want to deploy a notebook or run some DL stuff on my desktop, I have to SSH back to it via my laptop. Here are few methods I had tried:

1. NO-IP with Router Forwarding

So my laptop has to find the IP of my apartment before connecting to my desktop. Since my router stays connected 24/7 and the IP never change, I can remember that number and SSH to it. But remembering an IP is hard, we can write a configuration file in ~/.ssh/config or register the IP on NO-IP (free) to bind with a domain name.

After that, we have to configure the router so that certain ports of the router are mapped to some on my desktop. For example, I mapped:

  • 5022 (router) with 22 (desktop) for general SSH connection.
  • 5088 (router) with 8888 (desktop) for my Ipython Notebook.

This solution works perfectly if the router is configurable. 

2. Ngrok

Recently, we lost control of our router since we are forced to use the router provided by Spectrum. If the forwarding rule cannot be setup, then we have no way to access our remote server via a normal connection. So now we need a third-party to connect two machines for us. I recommend Ngrok since it's free and easy to setup.

On the remote server, we just have to download the ngrok and open a connection before leaving/exiting it. For instance, you can run `ngrok tcp 22` to register the SSH port to a public port maintained by ngrok. 

In this example, I linked my desktop’s SSH port (22) with 0.tcp.ngrok.io:12905. When I run ssh username@0.tcp.ngrok.io -p 12905 on my laptop, I am actually accessing 22 port on my desktop.

How about multiple port exposure? Here is my configuration for ngrok:

# ~/.ngrok2/ngrok.yml

authtoken: ------------------------------------
tunnels:
  notebook:
    proto: http 
    addr: 8888
  ssh:
    proto: tcp
    addr: 22

And when I run ngrok start ssh notebook on my desktop, it will register two ports simultaneously. Ngrok is a little bit slower than the first method, but is the simplest and free solution I can find.

 

Other Suggestions:

  1. Disable the PasswordAuthentication in OpenSSH configuration. Add the SHA key to the remote server manually to prevent brute force hacking.
  2. Change the port of SSH from 22 to another port might defend some malicious scanning.
None