2

Local machine has a public IP.

The remote machine is running at a clients site. I have full access to this machine, but it does not have a public IP. At the moment we're using TeamViewer to remotely access this machine, but we'd rather use an x11vnc based solution.

Is there some kind of daemon or software I can run on the remote machine, so that when it boots up, I can ssh into it (perhaps via a tunnel?).

(123.45.6.78)
  local             .-,(  ),-.    
   __  _         .-(          )-.                             Remote 
  [__]|=|  ---->(    internet    )-------> __________ ------> ____   __ 
  /::/|_|        '-(          ).-'        [_...__...°]       |    | |==|
                     '-.( ).-'                               |____| |  |
                                                             /::::/ |__|
nishantjr
  • 241

1 Answers1

4

The solution below will work as follows:

  Local             .-,(  ),-.    
   __  _         .-(          )-.           Gateway             RemoteX
  [__]|=|  ---->(    internet    )-------> __________ ------> ____   __ 
  /::/|_|        '-(          ).-'        [_...__...°]       |    | |==|
                     '-.( ).-'                               |____| |  |
                                                             /::::/ |__|

You can do this through ssh's ProxyCommand facility. Add the following to your $HOME/.ssh/config file. Create it if it doesn't exist with just this content:

Host RemoteX
    User userint
    ProxyCommand ssh userext@Gateway nc RemoteX %p
Host RemoteY
    User userint
    ProxyCommand ssh userext@Gateway nc RemoteY %p

You then connect to the different internal remote servers like this:

$ ssh RemoteX

-or-

$ ssh RemoteY

This is the tip of the iceberg as far as this feature goes. Check out this U&L Q&A titled: SSH tunnel through middleman server - how to connect in one step (using key pair)?, for more details.

NOTE: The above method is making use of a tool called nc (netcat) which should be in any major distros' repositories.

Complex example

  1. One Host stanza, many hosts.

    Host *.mydom.com *
    ProxyCommand ssh externalserver nc %h %p

  2. One `Hosts stanza, for many users.

    Add the Hosts stanza to the system's /etc/ssh/ssh_config file so that anyone logging into the box can make use of it.

What if Gateway's IP changes

If you have the situation where the systems at the "remote" end fluctuate you can use a dynamic DNS service (DDNS) such as noip. There are dozen of these services, some are free and some are paid.

The basic idea with these services is that they'll give you a static name such as me.noip.org and you run a small daemon tool on the "remote" client. In your case it could be the Gateway system or even one of the Remote systems. This daemon would get the IP of Gateway that it currently is assigned on the internet, and relays it to the DDNS service, which would then list it as the current IP for me.noip.org. As it changes it would get updated over time.

Community
  • 1
slm
  • 7,730
  • Sorry, I don't think I explained my self correctly. I want the remote machines to actively start a daemon that allows me to connect to them, despite them having an unknown address. – nishantjr Feb 17 '14 at 07:28
  • The remote server is not on the LAN – nishantjr Feb 17 '14 at 07:32
  • Nice ASCII art :) ... No, thats not my situation; I've updated the question – nishantjr Feb 17 '14 at 07:42
  • @nishantjr - the issue is that you do not know the IP address that the box connected to the internet that the remote server is connected to. Why not use something like dynamic DNS to get that host to associate its IP w/ a known name so that when it is connected you can find it through this static name? – slm Feb 17 '14 at 07:50
  • Yes! thats exactly what I want. Is there something I can host on my server to implement this? Or do I have to use a paid service? – nishantjr Feb 17 '14 at 07:57
  • Thanks... This looks perfect: https://wiki.debian.org/DDNS – nishantjr Feb 17 '14 at 08:03
  • @nishantjr - see updates – slm Feb 17 '14 at 12:25