Preface
Recently, I'm working on a project related to self-driving system. I was assigned to a PC in the lab, however, I wish to remotely access to it at home. Thus I need to make the PC able to be SSHed from my own computer at home.
This article will briefly introduce you to the work flow of SSH and show an example of how to make SSH work on your computer so that you can remotely work at home.
What you need?
- A Unix-based computer that will host the SSH server.
- A different computer to test the remote connection to the server.
- Access to a different network than the one to which your host machine is connected. (Optional but recommended: this is exactly what you want, right?)
Initial Setup
SSH stands for "secure socket shell", which will allow us to establish a secure connection between two computers, one serves as the server and the other is the client. The term "server" is often used a bit loosely, here we mean by the term is a process running on a computer that is tasked with managing access to a computer's resources over a network.
We will be installing the openssh-server application which will allow us to run an SSH server on our machine that will handle requests for access to the host computer from other devices.
Steps
Upgrade system packages and install openssh;
sudo apt-get upgrade
sudo apt-get install openssh-client
sudo apt-get install openssh-server
After installing those, check whether sshd is running on your machine:
ps -A | grep sshd
You should see something like:
16102 ? 00:00:00 sshd
You can also check whether you can login to the host machine from itself.
ssh localhost
If that succeeds, you can type exit to end the session.
Use ngrok to forward the port to a open server
- Download
ngrokfrom https://ngrok.com/download; - Connect your account after signing up:
./ngrok authtoken BUQXa2rWdvTmFJQDFRnm_7C9JRySLjr8eg7qgqKr9E - Start your tunnel:
./ngrok tcp 22; - You will see a window telling you which domain name and which port you should connect to;
Why Port Forwarding?
By doing all the steps above, you should be able to connect to your remote server successfully. But here comes the question: why do we need to use ngrok to access our remote server?
Network Address Translation (NAT) was created to allow a set of devices on a private network to share a single IP address. On the private network, each device receives its own private IP address. For example, the IP address you found above with ifconfig is the private IP address of your computer on your local network. Any time you access a webpage from one of the devices on your home network, the request is routed through an NAT device, which translates the private IP address into a request using the public IP address assigned to the router by your ISP. This is the address you will ultimately need to use when connecting from outside your local network.
Although NAT solves the device-limit problem, it adds a layer of complexity to setting up a home computer to accept SSH connections. When a client machine sends a request to connect to the public IP address, your router does not know which of the devices on your private network the request is sent to. There are two main solutions:
- set up at the router to forward the port number 22 from the remote server to some port number in the router;
- use
ngrokto handle the request and sent back to the port 22 of the remote server;
Port forwarding means telling your router to forward requests made using a specific port to a particular device on your private network. It is then the responsibility of that device to handle the request. You may be wondering: why don't just send the request directly to the computer via the private IP address and avoid all of this port forwarding nonsense? Like the name implies, these IP addresses are private, so once you are on a different network, the internet-at-large has no knowledge of this private IP address and therefore the request to connect will fail.
