18 de Maio de 2009 by amrlima
Remote access using openssh and DynDNS
I’m not a big fan of the “cloud” and having to rely on third party to store and sync my data. I prefer to have more control of my own things. Unfortunately static IP address are usually paid and not very cheap. I don’t want to pay for a static IP adress right now so U looked for other options. DynDNS seemed to be the best one. What does it do? Well, it takes your public dynamic IP adreess provided by your IPS and associates that with a domain name DynDNS provides. But if its a dynamic DNS won’t it change and break your connection anyway? That’s where ddclient come… but one thing at a time so I don’t get lost with the instruccions.
This assumes you already have ssh configured and a static IP adress assigned to your computer that will be the server your want to connect to. There are lots of guides online on how to do this.
1- Sign up to DynDNS dynaic DNS service. It’s free and reliable! The confirmation email can take some hours to arrive, mine took around 4 or 5 hours, so be patient.
2- Choose your domain name from the free ones DynDNS provides. There are a lot of options, some of them very cool such as homelinux.com :). Take note of your username and password and domain name. They will be needed again.
3- Configure your rooter to foward port 22 (for ssh) to your computer (the server one). If you dont know how to do this follow a guide to your router at: http://www.portforward.com/.
4- Install ddclient (it’s in Debian/Ubuntu Repositories) and debconf will popup aking you to configure the client. Select DynDNS as the service provider and enter your username and password. ddclient will update with DynDNS your public IP address so that the connection is not broken when the public IP address changes. It can be done trough the router but apparently doing this thought software is more reliable.
This is a sample /etc/ddclient.conf file to update Dyndns:
# Configuration file for ddclient generated by debconf
use=web, web=checkip.dyndns.com/, web-skip=’IP Address’
5 – See if it works! Example: ssh email@example.com. If it does not work when you have booth computers at your LAN, try a remote access, some routers don’t support loopback connections.
For security reasons make sure you have ssh configured to allow key acess only. Password autentication over the internet is not safe really. Follow these guides on how to setup openssh and openssh with key acess.